| Deletions are marked like this. | Additions are marked like this. |
| Line 19: | Line 19: |
|
=== Reporting intrusions === * http://www.cybercrime.gov/reporting.htm * http://www.fbi.gov/page2/jan06/computer_crime_survey011806.htm * http://www.fbi.gov/page2/dec04/infragard121404.htm |
I may be an excellent software developer, but I'm a mediocre system administrator. Some of the stuff here may be obvious to the experienced, but I need the reminders and cheat sheets. Also, I want to record some of the lessons I've learned along the way.
General Security Links
Apache Proxy used as an Open Mail Relay by spammers
I've completely disabled the proxy capabilities in Apache until I can figure out how to properly close this vulnerability. As I research this, here are some links I've found interesting:
[http://iheavy.com/node/14 Tracking the Wily Proxy Hackers] describes the exact situation in which I found myself. The solution mentioned there, totally disabling the proxy capability, is what I've done for a temporary solution. Long term, I really want to figure out how to control the proxy capability, rather than nuke it altogether.
[http://spamlinks.net/prevent-secure-proxy-fix.htm Securing open proxies]
[http://www.apacheweek.com/issues/03-07-25#security Apache 1.3.28 release notes] describe the problem with respect to the Apache 1 releases, but I'm running Apache 2.
Other security links
[http://www.emailbattles.com/archive/battles/vuln_aachdjbifd_ff/ Top 5 Open Proxy Ports & How To Fix Them]
http://ist.uwaterloo.ca/security/howto/ Mostly applicable to University of Waterloo environment, but plenty of generic information, too.
http://www.linux-sec.net/Harden/server.gwif.html Looks like a great collection of information.