Topic: do a security audit on my server pls or just hack me

Posted under Off Topic

According to netcat, you have the following ports open:
- 21 (FTP)
- 22 (SSH)
- 80 (HTTP)
- 199 (SMUX???)

Also apparently the ISP is blocking the following ports:
- 135
- 136
- 137
- 138
- 139
- 445
Which are all related to Windows SMB file sharing.

The FTP server (vsftpd, right?) is misconfigured and has its anonymous account enabled, but I get an error 500 after login in.

The server also either has the "root" account disabled (which is good) or uses a custom password (which is not as good, but good anyway)

Apache server is four versions old, but apparently according to the Apache HTTPD changelog your version has no security issue and therefore should be safe to use.

MySQL does not have its port public at 3306, which is good.

Updated by anonymous

Lizardite said:
According to netcat, you have the following ports open:
- 21 (FTP)
- 22 (SSH)
- 80 (HTTP)
- 199 (SMUX???)

Also apparently the ISP is blocking the following ports:
- 135
- 136
- 137
- 138
- 139
- 445
Which are all related to Windows SMB file sharing.

The FTP server (vsftpd, right?) is misconfigured and has its anonymous account enabled, but I get an error 500 after login in.

The server also either has the "root" account disabled (which is good) or uses a custom password (which is not as good, but good anyway)

Apache server is four versions old, but apparently according to the Apache HTTPD changelog your version has no security issue and therefore should be safe to use.

MySQL does not have its port public at 3306, which is good.

I see that my Apache is 2.2.22 when it should be 2.4.7... I just got it with apt-get install apache2. Are my repositories outdated or something? Should I manually install the newest version?
FTP is turned off atm.
Root isn't disabled.
I know about the ports, but I don't even know what SMUX is :p

Updated by anonymous

  • 1