June 18th, 2002, 06:59 PM
DON'T RUN SERVICES! Lots of people want to run their own site, and have an ftp and do all kinds of other stuff, but that is how you present yourself as a target to be hacked. Most of my expertise lies with ftp so forgive if I focus on that a little too much. Now, people want their own site, but you don't have to run it on your own computer, it may cost less, but all the more harmful if you are attacked, maybe DoS'd. At least if you get someone to host your site for you, then you can stay online if somebody decides to attack your site. Try to keep away from them. One of the most dangerous is running an ftp server, I know many many exploits for for ftp servers, things like making folders that can't be deleted, and making the server crash by sending special invalid commands. So if you run this on your computer, you could have some serious problems. Some services, like servers, come with exploits built in, just waiting to be used. The only way to be completely protected is not to run these services. It is ok to use them, because many of them are helpful, but running means you leave yourself open to any of the many possible problems somebody may have discovered with them. Take G6 ftp server, people like it, and call it stable, but there are 2 big exploits that will either take the server offline, or crash the computer running it.
June 18th, 2002, 07:02 PM
Plz don't flame or gimme neg points, I'll write more indepth stuff once I am done with the more newbie-oriented stuff.
June 18th, 2002, 07:05 PM
I understand your concern, but it all depends on the what the service you are running is, why you are running it and what your needs are. I understand that there are multiple exploits for many services, but there are also many patches and fixes available to fix many of those known exploits. I personally run Van Dyke Software's VShell for Secure Shell access to one of my servers and have run into very few problems. Occassionally something comes up, but if Van Dyke doesn't offer a fix for it, I'll manually create a temporary patch until they release a new, fixed version.
June 18th, 2002, 09:05 PM
Most of my posts are oriented towards newbies. And I don't think most newbies have a lot of experience with things like programming. So if you are experienced enough to create a patch, well then you are way beyond what I am posting.