NetTalk Central

Author Topic: Security question  (Read 2746 times)

Rene Simons

  • Hero Member
  • *****
  • Posts: 650
    • View Profile
Security question
« on: July 23, 2012, 02:32:28 PM »
Hi Bruce,

I was in my customer's office and I noticed in the log that 39 sessions hat ended at the same time with the web server still active.
Session time-out is set to be the standard 15 mins so I dit a quick rewind and noticed that someone or something had tried to gain access to pages like http://myUrl/php/myPhpAdmin.php and the likes which obviously aren't there. The fact that all sessions came to an end in the same second indicates that some automated mechanism was used

On one side it was the first time for me to witness a "brutal" attack on a site I have created. On the other side I was a bit proud because whomever the purp was, he had not succeeded in his dark task.

The question raised to my mind however: What is the chance that people who try to gain access to my site will succeed in finding something like TPS files, which I keep in my web folder (Is this the right place?).

Do you use guide lines for where to keep your  tps-files and other important stuff like ini and xml-files?

In the future I think I will save the ip-address of every session that starts. ;)


Kind regards,
Rene Simons
Rene Simons
NT14.14

bshields

  • Sr. Member
  • ****
  • Posts: 392
    • View Profile
    • Inhabit
    • Email
Re: Security question
« Reply #1 on: July 23, 2012, 04:25:45 PM »
Hi Rene,

Just thought i'd share my experiences.

We see hack attempts like this all the time. They are all going after people who install things like PHP/Apache, Wordpress, Asterix, etc with default passwords.

NetTalk is great because none of this stuff works.

The biggest vulnerability I can see with NT is a monkey could find a webpage on your NT site that allows uploading of files, and then they post and post and post until they fill up the machines drive space. If they can then locate the same files via a URL, you have just become part of a distribution chain for warez, moviez, etc.

Keep all your vitals out of web folder (as Bruce does by default) and its all good. Try and keep file uploading to logged in users and you have little to worry about.

Also, don't worry about the IPs used. Those people who don't hide their IPs come from Korea, Russia, China, Nigeria, etc etc. Others use hijacked computers from mums and dads who don't know any better, so the IP will be some dynamic IP within a large ISP. 

Regards
Bill

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11244
    • View Profile
Re: Security question
« Reply #2 on: July 23, 2012, 09:40:51 PM »
Hi Rene,

yes, I remember seeing this sort of thing way back about 10 years ago when we wrote a small web server by hand (long before the nettalk templates). As Bill says these all are based on "common known issues" in servers, and because (obviously) we don't have those specific problems they're all pretty much destined to fail.

>> The question raised to my mind however: What is the chance that people who try to gain access to my site will succeed in finding something like TPS files, which I keep in my web folder (Is this the right place?).

you should consider everything in the _web_ folder to be public. If a person knows the name of the file in a web folder, then they can download it. So I definitely would not put TPS files in here.
Unless you have specifically added code to retrieve files from other places (eg like example 40) t is impossible for the server to get a file from elsewhere on the drive. So they can definitely not be downloaded.

Cheers
Bruce