Friday, September 29, 2006

I love hackers... NOT!

One of the things I run on my Linux box is a FTP server so that friends and family can drop off and pick up photos or movies. This relieves the mail servers of the multi-meg file downloads as part of my family still has only dial up, but, they have large digital photos and movies that they want to share.

The only problem is that there were a number of hackers who probed my system and found that my system was available. Not a problem in that I don't have default IDs or passwords, but, I did leave an anonymous account available to make it easier for family to get on. The hackers did use that to try to put up warez, but, didn't have the access authority to do much else . It was a real pain as I needed to clear out the upload area every several days from their 1 meg test files and clear out my security log for the password attempts. A few sites did respond back to me when I sent a copy of my log and hopefully they will cancel their accounts, the rest didn't send me a reply.

I did make a few changes on the FTP server.
  1. FXP is now off (default is on). FXP stands for File eXchange Protocol and it lets you copy files from one FTP-server to another using a FXP-client. Normally you transfer files using the FTP protocol between your machine and a FTP-server, and the maximum transfer speed depends on the speed of your Internet connection (e.g. 56k, cable or T1). When transferring files between two remote hosts using a FXP client, the maximum transfer speed does not depend on your connection but only on the connection between the two host, which is usually much faster than your own connection. Because it is a direct connection you will not be able to see the progress or the transfer speed of the files. I guess the hackers took advantage of this.
  2. There is a prompt for userid and password now.
  3. I deleted the ability to download from the upload area. They can put files up, but, no one can download from that area until I vet the files and move them to the download area.
  4. I updated the router firewall to block out the offending sites that didn't reply back on the hack attempts.
I will be watching the security and file transfer logs for the next week on a daily basis to see if that works. My lesson is that I should have checked all of the default settings and read up on what they were before letting the FTP server loose.

Update 2006/10/06: Another site has replied back that they are looking at the problem. I believe them as I have not had a hack attack for almost a week from their IP ranges. It helped that I wrote a short, but, nice note and then attached the log showing the full attack for them. Their reply was just as polite and very professional. The change I made to turn off FXP seemed to have stopped the hackers from dropping files on my server as I have not seen any activity there for the last week.

Back to PCLinux OS 0.92

I had to go back a couple of weeks ago to version 0.92 as I couldn't get the DVD burner to work properly. There was also a problem with XSANE wanting permission to run as root. Uninstalling and reinstalling the packages didn't work and I needed to scan and burn and it was a real pain. Fortunately going back only took about 2 hours which includes the time for reinstalling all of the patches and restoring my settings from backup that I had made earlier.

The machine is running smoothly and when 0.94 comes out (or a major patch to 0.93) I will be doing another upgrade (after backups of course).

Monday, September 04, 2006

Upgrade to PCLinuxOS 0.93

Yesterday I upgraded my main machine from PCLinuxOS V0.92 to V0.93. As I thought I knew it all and quickly read the instructions I tried to follow the steps from memory and missed one of the steps. There is a step where you need to create a partition and mount it as /mnt/pclinuxos and I missed that. Everytime I finished the custom partition and it started to install it crashed. I finally read the docs and realized that I missed a step and it installed without a hitch.

Once I got the install going it took only about 10 minutes for the software to install and the machine was back up and running. It took longer for me to restore my backups for my profile, the FTP profile and my daughter's profile on this machine than to install the software.

I modified a few things from the default install:
  • Changed the sound from the Intel option (ALSA) to the OSS version. It seems to skip a bit less.
  • GPROFTPD installed so I can run the ftp server.
  • GAIM. I prefer this IM client.
  • SCRIBUS. We are playing with this as a replacement for MS Publisher which is running on a partition on the wife's machine.
  • JPilot. I prefer this over the KDE, personal preference and it is a simple clean interface for me.
  • Games. Installed a large chunk of the games as I will be sharing my machine with my daughter. She has her own machine, but, it is in her room and we will not allow her unsupervised net access so she has an id set up in the office and we can watch her while working.
I like the new transparent options on the desktop and I am using them right now. The task bar at the bottom is not as 'intrusive' visually. There are a lot more games that you can install and the wife is now seriously looking at this distribution over the Mandriva that she is running.