Comment by sam_lowry_
12 hours ago
The nastiest break in I ever had worked because I installed wget on that server for convenience.
It exploited a known Drupal vulnerability to drop in a PHP script that in turn executed wget to download a payload.
So I agree about the importance of reducing the attack surface.
Now, ssh with password authenticated on a tightly controlled server, without fail2ban, port knocking and other tricky setups is exactly it. A setup with reduced attack surface.
> Anyone who sacrifices security for convenience is asking for trouble.
The you should switch off your mobile devices, destroy the sim cards and never connect again.
No comments yet
Contribute on Hacker News ↗