[Dxspider-support] spybots

Mike McCarthy, W1NR lists at w1nr.net
Tue Oct 28 21:44:20 GMT 2008

If you don't have a firewall/router then get one!  I use the one built
in to Linux.  When I first set up a node back in 2001, I got infected
with an HTTPS worm within hours of installing the OS.  It hit me before
I had a chance to download the patches and this was with Red Hat Linux
7.2.  Back then, a firewall didn't get installed by default.

My logs are full of hack attempts.  There are scripting packages
floating around the hackers circles that search the net for vulnerable
systems and there are hundreds if not thousands of hackers out there
using them.  The scripted ssh attacks were getting so frequent I put ssh
on a high port number.

Here are some suggestions:

If you can afford a decent firewall/router with a hardware DMZ then
don't run your system on your LAN.  It should be on a hardware defined
DMZ.  A cheap older PC running Linux and 3 LAN cards can do this too.

If all you run is Spider then have telnet port 23 redirected to 7300 and
run spider as user sysop listening on 7300.

If you use ssh for remote access then only allow public/private key
logins.  Turn off password logins.

Shut down ALL other services that you don't plan to offer AT THE FIREWALL.

This is probably a good topic for a Wiki page.

Mike, W1NR

Ed wrote:
> Ian Maude wrote:
>> Ed wrote:
>>> I see what I presume to be spybots trying or connecting to the node.
>>> Is this a problem ?
>> Are you seeing http requests?  This could be our old friend MixW.
>> 73 Ian
> Could be, the last one I see is GET http://pv.wantsfly.com
> I just don't want to pass a spybot or whatever on to anyone that may
> connect to my node.
> Or to corrupt my network.
> Thanks
> Ed W3NR

More information about the Dxspider-support mailing list