Randy Cassingham's Blog

Posted by Russ, NC on May 5, 2007:

Just to second the statistics and from a home based machine. I don't run a full-time server, but do have one running from time to time for getting data to friends. It always surprises me when I look at the attempt logs and see what is going on. While I don't get 3000 attempts from a single IP, I do see 70-100 different IP addresses every day attempting 20-50 times each. The longer the server is running, the more attempts I see.

Periodically, for fun, I research out where the IP addresses are located, thinking I would find them mainly from China or Russia (as the newspapers claim). While I do get them from those locations, I also get them from all over the US, a few from South America, and a bunch from other European countries.

Luckily I can shutdown my server when no longer needed and the problems go away. I'm glad I don't have to worry about keeping a full-time server secure.

Posted by Kim, Havana, FL on May 5, 2007:

Years ago I dealt with classified information on government computers. The single best method of stopping folks from getting in, is to turn the computer/modem OFF. Unplug it. Pull the com wire out of the wall. If you do not absolutely need to be up and running, turn it off. Even today, I simply disconnect from the Internet if I do not need to be working it.

I also have a back up/slave bootable hard drive on my computer that has a separate on/off power switch I installed on the outside of the computer. When not needed the switch is off, so if I get a virus/worm/hack, they cannot effect this drive. If a problem arises with the master, I shut down, swap the master/slave drives, reboot and I can deal with the problem since the corrupted registry did not boot.

---

It's absolutely true that disconnecting or unplugging will make you safe. Just don't think that when you do get online you're still safe, since the moment you connect the cracking attempts will start. -rc

Posted by michelle, ontario canada on May 5, 2007:

I work telephone tech support for a major computer company that many first time computer users buy due to the low prices. These are the people who need the most help. Yes most of them are surprised to find that I don't run an anti virus program. I usually tell them that i just wait for the inevitable windows crash and then reformat but the truth is that i haven't reformatted in a while. New users feel that if they have a security program or two running they'll be safe. Then they call me to ask me why their operating system is slow and not working properly. I've seen someone call with internet connectivity issues that were caused by them accidentally clicking on the lockdown button on their secuirty program. I don't advocate securing your computer unless you're going to actually educate yourself on what you're doing first because having that anti virus program makes people think they are invincible while they're not realizing that every night when the automatic updates are supposed to run, their computer is turned off and not getting them.

Posted by Marika, Glendale, CA on May 5, 2007:

Since *none* of the links you provide have anything to do with using a Mac I must (ahem) still (but for how long?) be safe using OS X... I do, however, sporadically run ClamXav (a free antivirus program) and MacScan because I have to connect to Windows computers.

---

Look more closely at the links: the Steve Gibson one is great for your system.

I'm not sure what all the windows vs mac comments are about here. My server is definitely Unix, not Windows. This isn't about windows, it's about systems trying to break in no matter what you run. Windows is simply more vulnerable since most systems are running that OS. -rc

Posted by Sandy in Australia on May 6, 2007:

I, too, thought I had all the security talked about in the article. I have my own newsletter so I have to be extremely careful, if not for my own safety then for the safety of my subscribers. Last week I lost ALL my bookmarks. No problem - I back them up twice a day to, not just my hard drive, but to a cd. Problems arose when I went to put the backed up copy back onto my computer. SOMEhow, both my copies were from 2004 despite my backing up twice every single day and having the current updates to all my security programs.

I have since started another newsletter for which I had added hundreds of bookmarks to use down the track in that newsletter. I started that at the end of 2005 so all of those were and are now lost to me. I had, also, spent days at a couple of hours a day, going through all my bookmarks, clearing out dead links and replacing and updating links that had moved - all lost. I am in the process of redoing the updates of the links but all those new bookmarks added since 2004 are all lost. Thankfully, that was ALL I lost - this time. You just cannot be too careful - I am and STILL got caught.

Posted by Murray, Iowa on May 7, 2007:

I am running a firewall at home and I was so annoyed by all the attempt to get in notifications I turned them off. I'm on a dial up line and the phone line is old so I get a 24K connection at best, even though I have a 56K modem, and often times in the short time between the time I dial in and the time I start my e-mail program I'd get a notice that the firewall had already blocked some sort of break-in attempt. So much for the idea of a slow line detering them. Either a software or hardware firewall is rqequired and as Randy says, so is anti virus software.

Posted by Carol Corrao - Ann Arbor, Michigan, USA on May 7, 2007:

I may be a little slow on the uptake, but, exactly what is the purpose of SPAM, anyway? I get a few e-mails a day from the UK Lotto, telling me I've won, and a few more from various dying wives of dead diplomats in Africa who want me to take their money and invest in some Christian charity. It's become part of my routine to read these out loud to my coworkers every morning (and I won't even go into the penis enlargement ads I keep getting!) But do people actually take this crap seriously??

---

Believe it or not, yes. Most people roll their eyes over them, but enough bite on the scam to make it profitable. I've even run a couple of such stories in True. -rc

Posted by Hugh K. - Kallen Web Design - S.W. Michigan on May 12, 2007:

For individuals, there is no reason to not be running a current antivirus, particularly with free ones like AVG.

Also I strongly recommend a "router" hooked up between your fast internet modem (cable or dsl) and your computer. The Linksys WRT54G model is very functional, totally easy to set up, and just plain works. Amazon sells it for about $50 shipped free, and usually officemax, office depot, staples, best buy or circuit city will have it on sale for that price as well. Not perfect protection, but does a ton of good with a minimum of hassle.

Posted by Mike from Dallas on May 13, 2007:

I agree with both of Hugh's recommendations.

I also add that a hardwall firewall is not complete. Hardware firewalls prevent break-INs to your computer. They don't keep your computer from giving away secrets in the OUTbound direction. If (and it's a very likely 'if') your computer has ever been compromised by a worm or spyware, you may have an open door that your hardware firewall 'thinks' is okay.

For Windows computers, both XP and Vista have a software firewall, but how much can you trust it when you see XP continuously updating newly discovered security flaws? Still, it's free and better than nothing. Use it.

And then there's spyware (malware). If you surf, you WILL hit a site that tries to install spyware and you won't know it. Ask 5 people about the best anti-spyware program and you'll get 10 answers, many of them contradictory. All I can say is use the free ones, even 2 or 3 of them as each works a little differently. Those that cost haven't proven themselves to be any better.

Posted by David in Phoenix on May 14, 2007:

Three comments.

First, I'd like to also second the earlier suggestion to use a router hooked to your DSL or Cable modem. That DOES keep people from getting INTO your systems, unless you open up a DMZ port to host a Dynamic DNS channel -- most folks don't.

Second, I think that anti-virus companies and vendors who load AV software onto modern computers should be sued for fraud. Originally, viruses were little snippets of code that hooked into your system's interrupt vectors and did nasty stuff with your hard drive. They are virtually non-existant today, and have been for several years. Rather, most threats today come from Trojans that are embedded in emails (esp. attachments) that target widely-known vulnerabilities in Outlook Express, which Microsoft actually prevents you from deleting completely from Windows. Estimates show that up to 80% of all Windows users WORLDWIDE use Outlook Express as their email client. And the vast majority of them NEVER CHANGE THEIR DEFAULT SETTINGS. It's no wonder that people target it.

Finally, I've had a little server on a co-lo with a hosting place for 4 years now. When we put it in, it was getting hammered with pings from Windows-based hosts sitting on the same sub-net constantly searching for NETBIOS ports and other crap that unsecured Windows boxes do (especially those not cleared of CODE-RED viruses). We installed a small firewall and that cut down on 98% of this "noise" traffic.

I added a small script into my server that runs every few hours and tallies up the number of attempts to login to the system from specific IPs. On a typical day, it gets a half-dozen attempts, and sometimes 1000-3000 tries by individual IPs. Analysis of the logs indicates a pattern; these are obviously being run by "script kiddies", just running scripts that cycle through a long litany of known exploits. And the lists keep growing.

The IPs originate all over the world. However, the largest number seem to originate in northern Europe, like Norway. Maybe they're using proxy servers; I can't tell. It's annoying, but I regard it like the weather -- some days are clear (few attempts), some cloudy (more light attempts), and some are quite stormy (multiple attempts with thousands of tries each). It's just life on the internet!