From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mike@fly.osdn.org.ua>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5
Date: Tue, 2 Mar 2010 23:11:26 +0200
From: Michael Shigorin <mike@osdn.org.ua>
To: "ALT Linux users (in English only)" <community-en@lists.altlinux.org>
Message-ID: <20100302211126.GW18182@osdn.org.ua>
Mail-Followup-To: "ALT Linux users (in English only)"
	<community-en@lists.altlinux.org>
References: <4B8C7278.2060404@gmail.com> <20100302073437.GR18182@osdn.org.ua>
	<1267516014.24688.14.camel@latitude.arlan>
	<5d2de3011003020934o322e4139o6fb63079c9f61fd4@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5d2de3011003020934o322e4139o6fb63079c9f61fd4@mail.gmail.com>
User-Agent: Mutt/1.4.2.1i
Subject: Re: [Comm-en] ALT Server 4.0 - Preventing Root Log-ins
X-BeenThere: community-en@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: shigorin@gmail.com, "ALT Linux users \(in English only\)"
	<community-en@lists.altlinux.org>
List-Id: "ALT Linux users \(in English only\)"
	<community-en.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/community-en>,
	<mailto:community-en-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community-en>
List-Post: <mailto:community-en@lists.altlinux.org>
List-Help: <mailto:community-en-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community-en>,
	<mailto:community-en-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2010 21:11:32 -0000
Archived-At: <http://lore.altlinux.org/community-en/20100302211126.GW18182@osdn.org.ua/>
List-Archive: <http://lore.altlinux.org/community-en/>

On Tue, Mar 02, 2010 at 11:34:01AM -0600, Virtual Sky Solutions wrote:
> Now, I'm not an expert on Apache or other such things - I just
> know enough to work my way around basic configurations.
> However, thinking about it some more, would I be correct in
> saying:  I could help prevent unwanted hacking of my server by
> changing the web configurator access port, from 8080 to another
> unused port?

Somewhat yes, since 8080 is well known http-related port;
but moreso with firewall setup blocking access to this or
another configured port by default and allowing it from a
few select IPs.

If feeling adventurous, you could also look into "knock"
package to employ so called port knocking technique on top
of "deny by default" firewall policy for web interface.

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/