Hello!
On my home laptop I have Kubuntu 18 with internet cable through network .
To connect to the internet no additive options/credentials,
with firewall activated :
sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] Apache Full ALLOW IN Anywhere
[ 2] Apache Full (v6) ALLOW IN Anywhere (v6)
Can I be sure that my laptop is safe with firewall activated ?
I have apache installed with several local hosts I work with.
I do not have any additive servers which are eccessible in internet.
Some time ago I encountered that several mysql databases were deleted with content :
To recover your lost Database send 0.03 Bitcoin (BTC) to our Bitcoin address 17MdANTVUPfn1SaqbbTQCNgAvQnoaQ6M2s and contact us by Email with your Server IP or Domain name and a Proof of Payment. Your Database is downloaded and backed up on our servers. Backups that we have right now: Boxbooking2_LIVE_2019_06_20, Hostels2, Votes. Any email without your server IP Address or Domain Name and a Proof of Payment together will be ignored. If we dont receive your payment in the next 10 Days, we will delete your backup.
I restored these these databases, that was not a problem, but I looked into why it happened so I found that firewall was inactive :
sudo ufw status verbose
Status: inactive
and weak password for root credentials.
I enabled firewall and created new mysql user with strong password and I did not have any problems like that,
but still not sure if I am safe now from such ( or similar ) problems?
I do not have any additive servers which are eccessible in internet.
That was just an example that I do not need any input requests into my system…
Depends entirely on how they got into your system.
Did they get into your system because your firewall was open and your mysql database was listening for remote connections?
Did they get into your system because your code has injection vulnerabilities?
Did they get into your system because they guessed your login credentials?