Being root'ed?

[Gowator]

Steve,

I think your safe but I also think most security is based on ignorance. (Ill get to that)

 

There are various reasons hackers might want access to a PC like hijacking it to send SPAM.

Now if you are a php developer you probably know a few weaknesses in php. Same for mysql etc.

Now the ignorance part....

If a certain person knows you are usijng a certain version of php or mysql (or just about any service) they know you might be vulnerable to known exploits.

 

So being up to date like Steve is a good start...but equally important is not to advertise. OK the whole idea of 'advertising' is half the point in having a public websire. If nonone knows its there then its a bit pointless.

 

However at the same time why report which versions of servers you are runnin g ? They might be secure now but make a note of you and return in the interim between an exploit being found and you implementing it.

 

Another advert for being hacked is the default apache page! It advertises you installed it but didnt bother doing anythig therefore your unlikely to be monitoring it!

 

just some ideas ................;

[linux_learner]

steve, in the area of security, it is reall hard to be "paranoid". paranoia, makes good security, at least in some ways.

 

understanding that no program, no OS is secure or 100% safe helps. there are things that can be done to make it more secure. my security overview gave some good principles. http://www.mandrakeusers.org/index.php?showtopic=13265

 

to rely on a software firewall, is not wise. security is a complete set of implimentations, not any one tool.

 

if i were you, i would disable all unnessisary services, and comment out /etc/securetty and tell X to "tpc-nolisten".

 

there are many many more things that can be done, but much more than that gets really deep and for the average user/server may be unnessisary. if you'd like to know, just ask.