[Info-vax] MYSQL error WWW.OPENVMS.ORG

Dave Froble davef at tsoft-inc.com
Mon Apr 15 00:54:08 EDT 2019 

On 4/14/2019 8:45 PM, David Turner wrote:
>
> There is something very strange
> i think when our server got hit with a DOS attack they were going after
> openVMS.org NOT Islandco.com
> Drupal has a lot of security issues and I think somehow the database was
> destroyed.
> We did a sql backup and the file had 0 bytes  - NOT good.
> I am so so so sick of maliciousness on the net. if the same brains out
> there decided to do something positive, perhaps the net would be a
> better place.
>
> I am so so so done with trying to stop people from attacking a server
> that has not important data....

Not important can still be a pain in the ass ....

I've had discussions here before about what I call services, and others 
call "not standard".  (Hi Jan-Erik)  Well I'm rather happy to use 
"non-standard" protocols when bringing in data.  My services know 
exactly what they want, and if a communication is not exactly what's 
required, PLONK, disconnected.  Then there is the vetting of the data, 
not a valid customer, PLONK, disconnected.  And many other checks.  At 
no time does a service attempt to use anything other than the expected 
protocol and data.

The problem with using some "standard", such as Apache, is that as soon 
as there is a web server exploit, you're toast.  There is something that 
will get the web server to do something you do not want, and there isn't 
much you can do about it.

As far as I'm concerned, the only way our external connections could 
have a problem is if it was internal to TCP/IP.  That's not my turf. 
That's up to the OS and TCP/IP folks.  Can it happen?  Anything can 
happen.  But it's much less unlikely that anyone from outside could 
reach our data, or modify or delete it.  I'll hit the billion $ lottery 
first.

If one wishes to run a standard web server, place your data and anything 
important elsewhere.  It's only prudent.  Then make sure anything that 
can reach the data is as secure as you can make it.

Is it more custom work?  Yes it is.  Do the benefits outweigh the work? 
  I'll leave that up to the reader, and how they feel about their data.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list