Loading ...
Sorry, an error occurred while loading the content.

Re: "Hardened" NSLU2

Expand Messages
  • braydw
    ... I have two unslung NSLU2s to do home web pages and a weatherstation. They both have appWeb with PHP, and openSSH. I had none of the ssh, telnet, etc ports
    Message 1 of 8 , Jun 4, 2008
    • 0 Attachment
      --- In nslu2-linux@yahoogroups.com, "dystopianrebel"
      <dystopianrebel@...> wrote:
      >
      > --- In nslu2-linux@yahoogroups.com, "c_rasmus" <chuck@> wrote:
      > >
      > > Using No-IP I have used my NSLU2 to do a home web page and
      > weatherstation..... Every time
      > > It's "On Line", I get "Hacked" (Not in the good sense). I know as a
      > rookie, that there are ways
      > > to prevent this... Any Suggestions from those who know more about
      > this than I do?
      > >
      >
      > I've been running an NSLU2 with SLUGOS/BE as a Web server for about
      > one year.
      >
      > - lighttpd
      > - mysql
      > - php
      >
      > I use a non-standard SSH port and the ~system~ has never been hacked.
      > However, the PHP-based software that I run is constantly being beaten
      > up by spammers. I think installing PHP is the worst risk you can take
      > with a Web server.
      >
      > As for where this PHP spamming is coming from, I find it's mostly from
      > the southern USA and Europe. There is some from Asia as well.
      >
      > Maintaining a firewall can become a fulltime job. It's in your best
      > interest to do research and install well-designed software.
      >

      I have two unslung NSLU2s to do home web pages and a weatherstation.
      They both have appWeb with PHP, and openSSH. I had none of the ssh,
      telnet, etc ports open, only a non-standard web server port open. I
      wanted to be able to get in via ssh over the internet without getting
      hacked. Another Linux computer I had with open port 22 was getting
      attempted logins every few days with many attempted login messages.
      (Never a login completed, however). Since my NSLU2s are running with
      USB Flash Drives I didn't want to log any attempted breakins.

      About 6 months ago, I bought a U.S. Robotics Wireless MAXg Router
      (USR5461). It has a stateful packet inspection (SPI) firewall which
      hides open ports from port scanning, and port forwarding. I forwarded
      port 22 to a non-standard port.

      I have had NO attemped logins logged. I also did a port scan from a
      frends computer. No ports were reported as being open, yet I could
      login into my NLSU2s via SSH on the forwarded ports.

      I would recommend using a router with a SPI firewall. It appears to be
      an easy soulution to preventing hacking.

      --David
    Your message has been successfully submitted and would be delivered to recipients shortly.