Martin Ankerl wrote:

> > And here's an amusing anecdote. Something on the 'net just tried to
crack my
> > MRW!
>
> There seem to be quite a lot of crackers who automatically scan lots of
> of computers for security holes. A few days after they got a list of
> computers with possible security holes they come back and really crack
> them. If your machine allows SSH access over the net, grep for "Invalid
> user" or "POSSIBLE BREAKIN ATTEMPT" in your log files under /var/log/sshd.
> I have recently become aware of this, because I accidently had a user
> with the name and password set to 'chris'. So one of these crackers had
> the luck to guess this account, and got onto my machine. I was lucky
> enough to recognize this before he could get root.

I use Win32, and MRW uses either a CGI server or its own built-in server,
which can't report cracks. Except by casually streaming what it is fetching.

I think I must disrecommend running MRW on port 80 with only a home
computer's firewall. MRW cannot be cracked, but you CAN hit it and write a
wiki page with a !run! command that does anything I can do from a command
prompt!

Y'all can run it at work, behind a real firewall that blocks your port.

-- 
  Phlip
  http://industrialxp.org/community/bin/view/Main/TestFirstUserInterfaces