i was bored so i scanned scanned linux-egypt with nmap and here's the result:
OneOfOne [~] -> nmap www.linux-egypt.org -O

Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-07-19 05:48 EEST
Interesting ports on 64.247.26.182:
(The 1629 ports scanned but not shown below are in state: closed)
Port State Service
1/tcp filtered tcpmux
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
143/tcp open imap2
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql
6666/tcp open irc-serv
Device type: general purpose|firewall
Running (JUST GUESSING) : Linux 2.4.X|2.5.X|2.3.X (97%), Checkpoint Windows NT/2K/XP (89%)
Aggressive OS guesses: Linux 2.4.7 (X86) (97%), Linux Kernel 2.4.0 - 2.5.20 w/o tcp_timestamps (95%), Linux Kernel 2.4.0 - 2.5.20 (91%), Checkpoint SecurePlatform NG FP3 (89%), Linux 2.4.18 (88%), Linux 2.3.47 - 2.3.99-pre2 x86 (88%)
No exact OS matches for host (test conditions non-ideal).

Nmap run completed -- 1 IP address (1 host up) scanned in 83.225 seconds
OneOfOne [~] ->

where is the security problem exactly

This must go to the Website moderators ,right , doesnt make you look good putting it here .

you have too many unneeded ports open..

peace

Originally posted by alaa
where is the security problem exactly
I also can't find any problem!
Originally posted by jitter
This must go to the Website moderators ,right , doesnt make you look good putting it here .
Sure, If you founf any security problem you must email the admins not post it in public like this!

Originally posted by OneOfOne
you have too many unneeded ports open..

peace
I don't think so
can you point out the unneeded ports?
also how can this unneeded ports be a security problem?

close port 80 :D

lol :D
Good idea, I'll try it some time, so when ever you try to access Linux-Egypt and you can't don't worry ;) its just me closed port 80 :D

how do you know what is a needed port and what isn't??
do you have any idea what the server is doing apart from hosting the forum??

and anyway the openports thing is overrated if a port is open but nothing is listening to it then its not such a big deal.
it is important to close uneeded ports in environments where you can't be sure about what goes on in the system, for instance if you have a whole network behind the firewall not just one server then you'd better close uneeded ports because you might not be in full control of what happens in all machines connected to the network.
the other case is when you have services that you want to serve localy yet want to stop remote users from accessing.

cheers,
Alaa

well i really don't know much about this server, but afaik having too many public ports incresses the chances they you get hacked.
i used to run phpBB on apache2/mysql and never had to open a port for mysql on my iptables.
also you don't run https, why open it?

i'm sorry for making a public post but i wasn't sure who to email it to...
sorry if this post is useless but i'm just concerned about linux-egypt.

peace

again you are missing the point.
did you think that Linux-Egypt has a dedicated server that does nothing but host the forum??

try this

ping www.linux-egypt.org
ping www.aza-group.com

they have the same IP address, WOW what will they think of next??

so yeah Linux-Egypt only uses http, smtp and pop and there is no need for its database to be accessible from the net.
so yeah this is a setup that resembles what you had when you ran phpBB,

but (get a hold of this) AZA Group and all its clients use the same server and we are not running phpBB :-)

we do secure webhosting (https), database hosting (mysql), ftp hosting and ftp access to webhosting space (ftp), mail hosting (smtp, imap, pop), we support several domains (domain).
and of course for remote adminestration we needs remote logins (ssh).

I don't know what we are using sunrpc for, but then again we are not the only ones using the same IP.


cheers,
Alaa

>well i really don't know much about this server, but afaik having too many
>public ports incresses the chances they you get hacked.

only if there are servers listening on these ports, if nothing is listening then you don't increase the risk.

cheers,
Alaa

Originally posted by alaa

only if there are servers listening on these ports, if nothing is listening then you don't increase the risk.

cheers,
Alaa [/B]

Let me correct something.
There is no such thing called open port.
There is a service listening on a certain port.
If there is no service listening on port 80 (for example), then you won't ever be able to connect to port 80 ( which the public call, closed port).

So again, a port is _open_ only when there is a service behind it.

( the word _open_ above is technically incorrect, just used it for illustration.)

ok I stand corrected.

but don't they always advice you to reject packets going to unused ports or whatever (to set up the default rules for your firewall so that communication with said ports would be impossible).

cheers,
Alaa

Yes, that is from the firewall side.
And they advise that, so that even in the case an intruder has managed to install a backdoor application, that application won't be able to receive connections and commands from the bad guys.

Again, that means there should be an application listening on that port.

Regards

but this advice is only useful if the firewall is seperate from the server, right.

I mean if an intruder can install software then surely "it" can also mess up your firewall settings right??
and anyway its to set up a cron job that informs you about newly installed software.

or did you mean an intruder who managed to infiltrate some trusted sourc and doctor their packages (thats what we have pgp signatures for).

anyway I didn't say its a bad advice, I just said its overrated (most security talk is IMO).

cheers,
Alaa

Of course it is preferred to keep the firewall on another machine.
Thus you can keep the whole network behind that firewall, and even create a DMZ.

Examples of unwanted software installed is the famous slammer worm, it exploited a vuln. in openSSL with apache to install a worm.
A variant of this worm (cinik) can even infect other binaries on the system and listen for incoming commands ( I have its code if you want to check it).
Actually, gentoo was the most exploited because it ran apache as user root, thus the worm could infect ALL binaries on the system.
I believe they have changed that stupid configuration.

Regarding monitoring new files installed, there are some tools to check it.
For example tripwire and other variants.

Regards
Mohamed Eldesoky

Gentoo had apache running as root??

Hey OneOfOne, security alert for you, your computer has Gentoo installed :-)

cheers,
Alaa