I may be an excellent software developer, but I'm a mediocre system administrator. Some of the stuff here may be obvious to the experienced, but I need the reminders and cheat sheets. Also, I want to record some of the lessons I've learned along the way. <> ---- === General Security Links === * http://www.linuxsecure.de/ === Apache Proxy used as an Open Mail Relay by spammers === I've completely disabled the proxy capabilities in Apache until I can figure out how to properly close this vulnerability. As I research this, here are some links I've found interesting: * [[http://iheavy.com/node/14|Tracking the Wily Proxy Hackers]] describes the exact situation in which I found myself. The solution mentioned there, totally disabling the proxy capability, is what I've done for a temporary solution. Long term, I really want to figure out how to control the proxy capability, rather than nuke it altogether. * [[http://spamlinks.net/prevent-secure-proxy-fix.htm|Securing open proxies]] * [[http://www.apacheweek.com/issues/03-07-25#security|Apache 1.3.28 release notes]] describe the problem with respect to the Apache 1 releases, but I'm running Apache 2. === Email DNS Blacklists === * [[http://www.cmsconnect.com/blm/blmonitor.htm|BL-Monitor]] is a free visual tool to analyze DNSBL response times and effectiveness for the DNSBL servers you use. * [[http://www.trustedsource.org/|TrustedSource]] checks the reputation of an email sender. === Other security links === * [[http://www.emailbattles.com/archive/battles/vuln_aachdjbifd_ff/|Top 5 Open Proxy Ports & How To Fix Them]] * http://ist.uwaterloo.ca/security/howto/ Mostly applicable to University of Waterloo environment, but plenty of generic information, too. * http://www.linux-sec.net/Harden/server.gwif.html Looks like a great collection of information. === Reporting intrusions === * http://www.cybercrime.gov/reporting.htm * http://www.fbi.gov/page2/jan06/computer_crime_survey011806.htm * http://www.fbi.gov/page2/dec04/infragard121404.htm