Linux Ask! is a Q & A web site specific for Linux related questions. Questions are collected, answered and audited by experienced Linux users.
How to avoid SQL injection in PHP?
Answer:
The easiest method is to use the mysql_real_escape_string function
Example:
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Reference: http://php.net/manual/en/function.mysql-real-escape-string.php
Should I use Telnet and FTP for remote access?
Answer:
In a word, No.
The problem with Telnet, FTP, and other non-encrypted protocols is that everything is sent across the network as plain text. This means that someone running a sniffing program on the network, which is very simple under many circumstances, can see all of your traffic - including your login and password.
Consider replacing Telnet and FTP with SSh.
How do I set up a firewall under Linux?
Answer:
In Linux, IPTables is the default firewall for kernels 2.4 and above.
IPTables is quite a complicated software which cannot be explained in just a few words, please refer to a more comprehensive howto:
What Intrusion Detection systems exist for Linux?
Answer:
Try Snort (http://www.snort.org), it is the most popular Linux IDS solution.
What is a trojan? What is a worm?
Answer:
A trojan is a malicious program that masquerades as a legitimate application. Unlike viruses, they do not self replicate, but instead, their primary purpose is (usually) to allow an attacker remote access to your computer or its resources. Sometimes, users can be tricked into downloading and installing trojans onto their own computers, but more commonly, trojans are installed by an intruder to allow him future access to your box.
Trojans often come packaged as "root kits". A "root kit" is a set of trojaned system applications to help mask a compromise and facilitate unauthorized remote access. A root kit will usually include trojaned versions of ps, getty, passwd, tcp_wrappers, login, and syslogd.
A worm is a self-replicating, auto infecting program that spreads through computer networks. Unlike a virus, a worm does not require user intervention to be activated. Worms take advantage of vulnerabilities to propagate themselves across networks. Once it has infected a machine, a worm may also install a DDOS zombie, a r00tkit to prevent detection, or a trojan to allow unauthorized remote access. Many worms exist for Linux, including ADM, Ramen, and Lion.
