[clug] Secure your Internet facing stuff (was Re: googlebot doing funny things in logs)

[Daniel Rose]

On 16/06/11 22:48, Robert Edwards wrote:
> Getting Way Off-Topic...
>
> On 16/06/11 21:47, Sam Couter wrote:
>> Bob Edwards<bob at cs.anu.edu.au>  wrote:
>>> Without wanting to marginalise the horror of cyber-bullying (and
>>> all other forms of bullying), especially as a parent, I would
>>> still argue that of all the many activities I am involved in, I am
>>> least likely of all to be seriously injured or killed by a "worm",
>>> "trojan", "virus", "spam", "phish", "DDOS attack" or similar coming
>>> from the Internet, from poorly-"secured" web sites or otherwise.
>>
>> A few scenarios to consider:
>>
>> 1) Money from your bank account disappears, the bank's access logs show
>> the transfer request came from your computer, you can't pay your
>> mortgage
>> or rent, end up on the street, contract pneumonia and die.
>
> Does anyone actually _know_ of any instances where someones bank account
> was accessed without proper authorisation over the Internet and the
> bank didn't work hard to fix the problem? Just curious.
An engineering firm (mechanic) in Mitchell had 37 grand removed online
and the guy was found charged but insufficient evidence was available.

The money was never recovered, but the firm was reimbursed after a long
delay.  I don't know how hard the bank worked.


> I am not sure that advising people not to run their own web servers is
> in any way going to make spam go away or make the Internet any more
> "secure". I think most of us know that most spam is not coming from
> non-"secure" home web servers... There are much bigger problems out on
> the 'net than this.
>
Where I work they get over a million spam emails a month, and on the
times I've had reason to look into it I've found it coming from
disreputable web hosts.  However, the landing pages for the links
promoted in the spams are often on unsecured websites -- also note the
QLD Dentist who made it onto the Aust Gov blocklist.