On Tue, 2010-08-03 at 13:10 -0600, Stephen John Smoogen wrote: > On Mon, Aug 2, 2010 at 13:28, seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > > Hi, > > Mike noticed that someone had setup an irc bot running on > > fedorapeople.org talking to an irc channel that was not remotely fedora > > related. Even if it had been fedora-related it's still not something we > > want running fedorapeople.org. I put in an outgoing port reject to > > things bound to 6667. I'll work on a slightly better option soon but I > > wanted to let everyone know about this and ask if there were any other > > suggestions on how to best block this sort of thing. > > > > Thanks, > > -sv > > Coming from a different background but dealing with summer students we > usually put our people systems on a limited outbound network. We knew > that 80,443,22,53 were going to happen so we allowed those through a > proxy and everything else got logged and checked daily. Way overkill > probably but the wonders of iptables tables allows for all kinds of > local magic :). [Or a good selinux policy]. > > Personally I was thinking policy wise we MOTD that this server is not > meant for running services or daemons off of and the definition of > such things is up to the administrators and not the users :). i like the idea of changing the MOTD, too. -sv _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
