That Pesky Password for www-data
Having a home server has been an educational experience. And, between Debian’s sensible defaults and my own research and experience, I feel like I run a safe shop.
Last weekend I got portscanned on joey. The scanner found my SSH port and started running a dictionary attack. (Amazing what a real operating system’s logs will tell you!) The scanner managed to login as an extremely unprivileged user (www-data, the user account under which Apache2 runs on Debian). They were logged in for exactly 7 seconds.
The Apache2 user can barely even view files without asking permission, so the threat was less than nil. However, I felt like refreshing the system just to make sure.
I have also now disabled SSH logins from external sources, which pretty much nips that issue in the bud. But, I could re-open it without any concern. I learned my lesson about passwords and exactly how many nefarious characters are really operating around the web.
I managed to get all essential services up and running last night, aside from forgetting to get the Dynamic DNS client running (which effectively makes the server inaccessible from the outside). I need to tweak Samba (Windows-compatible file server) to have a shared directory again, but all in all things were done very quickly.
It’s not hard to administer a server like this, but I’m beginning to respect the need for constant vigilence on a much higher level.