Article:		Homemade Dot-Mac with OS X
Subject:		This article is DANGEROUS!
Date:		2005-01-17 08:51:13
From:		npenny
I am a simple home mac hobbyist. I stumbled across this article (part 1 & 2) and followed it to the letter. Turning on Apache, setting up my router to forward port 80 requests, setting up a personal DNS address with DynDNS.org. It was all quite simple and within an hour I had a nice little "Welcome" html page served up. This was last Friday (1/14/05) I went to bed that night and pondered over what kind of security I had since this article didn't even touch on it and resolved to look into it further the next day. When I awoke the next morning my PowerMac was suspended in a Kernel Panic & I rebooted. Here is what I discovered: 1. My login password was no longer accepted. I rebooted of the restore DVD & reset password. 2. Once I got in to the system, my external firewire hard drive nor my DVD drive would mount, effectively leaving me unable to back up any data. 3. My firewall settings were grayed out and it told me that there was a system error and could not start the firewall. I started looking through all my logs. All kinds of kernel modules & services were simply GONE! Permissions were changed. I did a little online research (on my ibook) and found where to see the Apache server logs. Lo and behold, there it was. Someone had been hammering through my system around 3:15am Saturday morning and continued to monkey with my computer until 4:30am. I sent every possible log I could find to my ISP and hopefully they will be able to do something (his isp showed up in several of the logs). I had to completely reload my system and it still acted "weird", so I zeroed out the hard drive and reloaded again. Finally, I have a stable system again. I have to change the password to every website I frequent as well as notify the bank. This article did nothing to make me aware of the fact that I was simply handing over my system to any punk on the internet that wanted it. I've learned my lesson. I had heard how "secure" apache and Mac OSX was and I was bitten by believing it.

Showing messages 1 through 2 of 2.

• Re: This article is DANGEROUS!
  2005-01-17 09:14:23  Alan Graham | [View]
  
  
  I'm sorry you were the victim of an attack...there are some real crappy people oout there, but I would point out that at the end of this piece it mentions Part 2 and setting up a Firewall.
  
  From Part 2:
  "The importance of this is simply to keep private information private and keep nasty people from nefarious tasks...A firewall is a security measure to prevent unwanted users from gaining access to a LAN (Local Area Network). Usually, a firewall consists of one computer that acts as a gateway to the Internet. All Internet traffic must pass through that computer."
  
  ...plus much more.
  
  Again I'm sorry this happened to you, but this piece was intended to be read in two installments. I've been running my Homemade Dot Mac server for two years and I've never had a hacker penetrate my network...however as with anything...that is possible. Even browsing the web can put a computer at risk. One thing you might look at is creating a account on your machine that is dedicated to hosting, with limited permissions and access to other portions of your machine. Then just made a copy of that account on CD in case you ever have to restore it. And don't forget a firewall.
  
  Wish you the best.
  
  Alan
• Re: This article is DANGEROUS!
  2006-02-11 03:03:23  Donaldo [View]
  
  
  What this article really should have mentioned was to get an up-to-date version of Apache. Apache is very secure. It sounds however like the hacker acquired priveleges greater than what should be allocated to Apache, suggesting that Apple's out-of-the-box configuration of Apache for your system, npenny, was poor. This is in addition to your Apache being out-of-date.
  
  Alan: A firewall wouldn't have helped if npenny's computer was compromised through Apache, which based on what he mentioned in his post, it probably was.
  
  Readers: A firewall only blocks other systems on your network from accessing not-explicitly-exposed applications and services running on your system. This way every application is by default inaccessible, and if there is a vulnerability in one of them, they cannot be accessed by anyone on the other side of your firewall. If you want people to access your web server or any other application or service, then you must expose it to the internet, nullifying the effect of the firewall for that particular application / service.