On Fri, 27 Jun 2003 11:07:23 +0200, roman dissertori wrote:

> Hello anyone,
>
> I'm using the operating System Linux - RedHat9
> I'm totally a newbie in linux-security and that's why I've got a Problem:
> A month ago, I got hacked by someone 3 times!
> I always had to reinstall my distribution for security reasons.
> Poeple in groups.google suggested to do so after a successful hack.
> I changed the _standard known_ portnumbers and I denied the access for all
> incoming internet connections to the ports 0-1024 and mysql per protocol tcp
> and udp in my ipchains.
> Is that enough or - what should else should I do to prevent him/her from
> hacking into my computer again (and it would be nice if i could trace him
> back and do something about it)
> Any suggestions?

Hi Roman!
First of all, use iptables instead of ipchains; it offers stateful-
inspection capabilities.

Then, don't change the port numbers of services; security through
obscurity was never supposed to work.

Use iptables to close all ports incoming, and only allow those
outgoing that you need (http/https/ftp/ssh, I guess).

Do not run any services that you don't use.

Make the services you decide to use listen only to the internal
interface.

Run an intrusion detection system like snort to get a couple of
points what is going on in your network.

Choose your system passwords carefully (your username backwars
is not a very secure password).

Use up2date to update your system regularly.


This should keep you quite safe :)
Peace,
Georg