On 12/12/2018 12:02, Martin Gregorie wrote:
> On Wed, 12 Dec 2018 06:12:31 +0000, The Natural Philosopher wrote:
>
>> I mean, really, who cares about some bloke with a pi that is world
>> writeable?
>>
> Somebody who likes running virtual currency miners as well as blackhats
> running botnets. If either can have malware sit on a Pi and just chug
> away without it being noticed or disturbed they'd be happy as pig in a
> mudpool.
>
>> Not worth hacking.
>>
> Maybe, maybe not. More to the point: if you pick up bad security habits
> while learning to run an RPi and then ditch Windoze in favour of Linux
> you're liable to make a good target for blackhats.

I ditched windoze for Linux in around 2004

>
>> It is a fact that since I used Linux, I have not caught a single one. So
>> I don't scan for them.
>>
> Same here, but I do run rkhunter on my bigger Linux systems.
>
> Since its easy to avoid running anything with higher privileges than it
> needs, install ad-blockers etc on your web browser and set your firewall
> up securely, it just makes sense to do that stuff as a matter of course,
> just like having a regular backup and system upgrade schedule and using
> version control on files you care about.
>
>
I have done.

But my internal network has been very very secure. My online servers are
bombraded by ratware on a many per second basis., but they havent been
cracked yet.

I have to leave SSH world avialable in case they need attention when I
am roaming, so thats constantly under attack. usually using 'root' BUT
of course root access is disabled.


Then  there are no end of attempts to hack the wordpress/joomla/other
CMS that I don't and won't have installed...

Ive tried to break into my domestic site when Ive been away and couldn't
do it.

Ought to set up a VPN tunnel :-)


--
"I am inclined to tell the truth and dislike people who lie consistently.
This makes me unfit for the company of people of a Left persuasion, and
all women"

--- SoupGate-Win32 v1.05