Saturday, August 26, 2006

New PCLinuxOS Version

Texstar at PCLinuxOS has released V0.93 of the distribution that I run here at home for my machine/server. I have downloaded the ISO image of this and I will be burning the CD in the next few days.

I will be playing with the live CD before installing to see how it works on the system. I have no doubts that it is as solid as V0.92, but, I think it would be prudent to test first as this is my main machine.

There are other versions available if you don't want to download and check out the complete version. You can go to PCLinuxOS to get more information on this excellent distribution.


In a related topic Mandriva has released a beta version of Mandriva Linux 2007. My wife and daughter are using that distribution on their machines as they like the selection of games. You can go to Mandriva for the news release.

Tuesday, August 15, 2006

Linux, FTP & hackers

I normally have a FTP server running on my Linux box so that family members can upload or download files instead of clogging our email. It has a very basic setup, an anonymous ID that will allow basic upload or download and that is all that ID can do. I have a 'power' ID that can move files, delete files, create or delete directories. The first thing I did was make sure that there was no default IDs or passwords for the server. The server is PROFTPD and I use GPROFTPD as the front end.

Now and then I get a person who thinks they can crack the system and they fail, every time. Last night was different in that I had two separate simultaneous attacks. The short attack lasted for almost 290 password combinations over two different IDs. The main one was much more determined in that he/she used over 1,100 passwords over two different IDs. The beauty of it was that every attack was logged and earlier this evening two emails went out the attackers ISPs. The ISP of the main attack politely asked me for a copy of the log and I was more than happy to send them a copy of the security log.

I am very certain that the hackers didn't get anything as I don't have any default IDs on this system. I also enforce password changes every 90 days and yes that is overkill for a personal system, but, it is a good habit to get into. The last thing is that ROOT never accesses the FTP server and the 'power' ID does not have root priviliges, just enough to maintain the FTP directories.

If you do decide to run a FTP server (Windows or Linux) here are a few things to keep in mind:
  1. Have and use a firewall.
  2. Have and use a virus scanner (Windows only, not really necessary for Linux).
  3. Kill all default IDs and passwords.
  4. Enforce regular password changes. Minimum for me is 6 characters with 1 character that is not A-Z.
  5. Turn on the FTP security and log everything.
  6. The ID that services the FTP area does not have root capabilities.
  7. Grant only the bare minimum of authority to any ID.
  8. Backup your data on a regular basis.
  9. Apply all patches ASAP.
  10. Review your FTP and firewall logs regularly.
  11. Log and trace all intrusion attempts. You can trace back the attacker to their ISP by using WHOIS and then send a short note to the admin or abuse email ID.

Monday, August 07, 2006

12 months of spam

It has been a few postings since I complained about spam. For over the last year I have been tracking the messages I receive in my Yahoo account. During that time my GMail and personal accounts have started to receive spam, but, Yahoo endures an ongoing flood. Here is a summary (June 2005 to May 2006):

Legit = 1,716 messages
Spam = 3,365 messages

Of the spam 223 were obvious scams and another 118 were phishing attemps. The worst month was May when I endured a flood of 1,767 spam messages while receiving only 141 legit emails.

For those who get spam:
  1. Don't 'unsubscribe'. When you reply with the 'unsubscribe' spammers know that they got a live account and your inbasket will probably be flooded.
  2. If your ISP provides spam filtering use it!
  3. For phishing attempts forward them to the financial institution for them to handle. Don't ignore them as this gives the spammer time to hurt some one else.
  4. Create a 'throw-away' account in Yahoo, Hotmail or GMail. When you fill in those registration cards use that account and not your personal.
  5. If it is an obvious spam don't read the message. Discard it. There are ways for the spammer to know the message was read. The easiest is to embed a graphic link so that when you open the mail it send a request to send the picture and the spammer knows it is a live account.

Here is a quick list of a number of email addresses to forward those phishing attempts to:
  • Bank of America - abuse@bankofamerica.com
  • Barklays - internetsecurity@barclays.co.uk
  • Chase - abuse@chase.com
  • EBay - spoof@ebay.com
  • MSN - abuse@msn.com
  • PayPal - spoof@paypal.com
  • VISA - askvisacorporate@visa.com

A few more things you should be doing:
  • Keep your anti-virus up-to-date.
  • Keep your firewall up-to-date.
  • Keep your system patched. If you are using Windows use 'Windows Update'.
  • Backup all of your critical data to CDs (or DVD) on a regular basis.