RE: Web Server and Firewall Hellp

[Brandon Kim <brandon.kim () brandontek com>]

If you're getting SQL injections through your website, then you have to look at the programming of your website.
It has nothing to do with your firewall. Definitely patch and update all your software running LAMP, but also have
to check how you allow input on your websites.....




> Subject: Re: Web Server and Firewall Hellp
> From: tshaw () oitc com
> Date: Mon, 7 Feb 2011 13:26:39 -0500
> To: joshua.klubi () gmail com
> CC: nanog () nanog org
>
>
> On Feb 7, 2011, at 1:18 PM, Joshua William Klubi wrote:
>
> > Hi,
> >
> > I run a web-server based on ubuntu server and the LAMP stack.
> > I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports.
> > Namely port 80 and port 22 only.
> >
> > Unfortunately once a while some guys get to inject some content onto our web
> > pages.
> >
> > Now managements are looking at getting a well proven infrastructure to
> > counter that.
> > But I also think i can fall on this community to help me get the right stuff
> > done. Where
> > i can protect the server from such attack.
> >
> >
> > I want to know what measure i can do on the server to get it protected which
> > mysql protection
> > I should implement. since i can see that it might be a php or mysql
> > injection that is been used.
> >
> > Currently I run these security measures on it.
> > Ubuntu UFW
> > Fail2ban
> > PHP model security
> > Apache security
>
> Josh
>
> Patch your lamps , collab env, builtin boards and everything, make sure mySQL has a password on it since it doesn't 
> out of the box,  also update all passwords to hard ones and change all updates in the future to not use ftp first. 
> Close firewall ports you are not useing and then check your logs to see what vulnerabilities you still have if any.
>
> Tom