Security Basics mailing list archives
Re: securing linux webserver?
From: David Glosser <david_glosser () yahoo com>
Date: Wed, 02 Mar 2005 18:05:10 -0500
In addition to the other helpful posts about using google and Bastille: -Lock down the external firewall to only allow port 80 and 443 inbound and outbound. -Consider getting a firewall with some sort of application-level awareness (sometimes calles "IPS" for intrusion prevention system) in order to block out some of the sql buffer overrun attempts and the like before they hit your webserver -Run tripwire to detect any system changes as soon as possible. (For example, newly created directories). -Run nessus and other vulnerability scanners BEFORE opening the site up to the internet. -Copy the http and syslog files to another server so evidence isn't destroyed. Syslog can easily send to an external box, you may have to have to find a client which will manually grab the apache logs on a regulat basis. Due to your inexperience, expect to be hacked again. This isn't a negative statement, just be prepared....Hope for the best and prepare for the worst. Consider yourself lucky that the hacker didn't root the box and put stuff on it w/o your knowledge, such porn, warez, or IE exploits coded into web pages on your server. Consider yourself lucky the box wasn't used as a zombie to DOS someone else or send out zillions of spam emails. (or maybe it did.....) Also: Consider running your website within a virtual server (of course the box will need extra horsepower for that). You can save a copy of the virtual disk after you've done the initial installation. That way you can always back out to that copy if an upgrade fails, and if you are hacked again, you can save a copy of the virtual server and examine it *offline*. Hopefully you can find the exploit (usually in a log file if it hasn't been deleted), go back to your initial image, fix the problem, make a copy, and start up your server once again. ----- Original Message ----- From: "Kurt Leum" <sarinshadow () yahoo com> To: <security-basics () securityfocus com> Sent: Sunday, February 27, 2005 9:04 PM Subject: securing linux webserver?
sorry to be so noob, A friend of mine set up a webserver: http://www.globalgamesearch.com problem is, he and I have no idea how to go about securing it; he started with SuSE Linux 9.1 with Apache 2.0, PHP 4.3.1, and MySQL out of the box and put it up. about half an hour ago, an intruder broke in, replaced SSHD with a back door, and pretty much screwed the system up. We're going to reinstall the system with minimal programs, extremely secure permissions and a basic firewall, but beyond that we have no clue what to do. Can anyone here please help me out on this? Thanks in advance for any help. __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250
Current thread:
- Re: securing linux webserver?, (continued)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hamish Stanaway (Mar 03)
- Re: securing linux webserver? Eduardo Kienetz (Mar 01)
- Re: securing linux webserver? AragonX (Mar 02)
- Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
- Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
- Re: securing linux webserver? Kurt Leum (Mar 02)