I am a simple home mac hobbyist. I stumbled across this article (part 1 & 2) and followed it to the letter. Turning on Apache, setting up my router to forward port 80 requests, setting up a personal DNS address with DynDNS.org. It was all quite simple and within an hour I had a nice little "Welcome" html page served up. This was last Friday (1/14/05)
I went to bed that night and pondered over what kind of security I had since this article didn't even touch on it and resolved to look into it further the next day.
When I awoke the next morning my PowerMac was suspended in a Kernel Panic & I rebooted. Here is what I discovered:
1. My login password was no longer accepted.
I rebooted of the restore DVD & reset password.
2. Once I got in to the system, my external firewire hard drive nor my DVD drive would mount, effectively leaving me unable to back up any data.
3. My firewall settings were grayed out and it told me that there was a system error and could not start the firewall.
I started looking through all my logs. All kinds of kernel modules & services were simply GONE! Permissions were changed.
I did a little online research (on my ibook) and found where to see the Apache server logs. Lo and behold, there it was. Someone had been hammering through my system around 3:15am Saturday morning and continued to monkey with my computer until 4:30am. I sent every possible log I could find to my ISP and hopefully they will be able to do something (his isp showed up in several of the logs). I had to completely reload my system and it still acted "weird", so I zeroed out the hard drive and reloaded again. Finally, I have a stable system again. I have to change the password to every website I frequent as well as notify the bank.
This article did nothing to make me aware of the fact that I was simply handing over my system to any punk on the internet that wanted it. I've learned my lesson. I had heard how "secure" apache and Mac OSX was and I was bitten by believing it.