[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

[Alex Satrapa]

On 16/06/2011, at 20:22 , Bob Edwards wrote:

> Without wanting to marginalise the horror of cyber-bullying (and
> all other forms of bullying), especially as a parent, I would
> still argue that of all the many activities I am involved in, I am
> least likely of all to be seriously injured or killed by a "worm",
> "trojan", "virus", "spam", "phish", "DDOS attack" or similar coming
> from the Internet, from poorly-"secured" web sites or otherwise.

Do you live
 - near a nuclear reactor? (no, you're not in Lucas Heights)
 - with electricity supplied through utilities controlled using SCADA (yes, you're in Canberra)
 - with Internet banking (my guess is yes, but you might be Korean)

The Internet is not a toy, there are serious consequences that can arise from having many unsecured hosts connected.

Lulzsec recently scoffed at 4chan /b/tards getting angry, stating that Lulzsec was using 50% of 4chan users' computers as part of their DDoS weapon.

Are you on the Lulzsec side of the "I'm smarter than 4chan /b/tards" fence, or the /b/tard side of the fence?

Do you use
 - One computer to connect to the internet and do any of the following: serve your web site, host your file share, stream your movies
 - A JavaScript enabled web browser
 - A Flash enabled web browser
 - A Java enabled web browser

If you answered "yes" to any of those questions, you are likely to be on the /b/tard side of the fence, rather than the lulzsec side of the fence.

And finally, do you believe it is true that your computer could not possibly be of interest to anyone, so there's no real need for you to try securing it other than slapping Basic Authentication on your Apache web server?

If you answered "yes", you really need to take your computer off the Internet - you're part of the problem.

Alex