Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'One more note:' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
One more note:
Authored by: daveschroeder on Feb 11, '05 04:36:49PM

If we want to be paranoid about things, why not also go through your apache logs? I guarantee you will see dozens, if not hundreds, of attempts to "exploit" various vulnerabilities (usually in IIS). Should we go out of our way to "block" those hosts? If you have that kind of time on your hands, knock yourself out. But if you're running a secure configuration - as a fully patched Mac OS X installation in its default configuration is - and have strong passwords (and, for home users, operate behind a hardware NAT/firewall appliance such as a Linksys router or AirPort Base Station), there is no need to jump through all sorts hoops to "protect" yourself from these myriad scripts.

Note: if someone WANTS to go through the motions of allowing only themselves, firewalling everyone except hosts they themselves connect from, etc., that's perfectly fine. But there is no need to panic about this, or think this is something new when it's extremely old (in internet terms, at least), and is, as I said, nothing to worry about if you have strong passwords. These scripts are doing nothing more than trying common username/password pairs, like mary/mary, test/test, admin/admin, tom/tom, etc., and whatever else people have programmed them to do. They're nothing special.



[ Reply to This | # ]