nanog mailing list archives
RE: Web Server and Firewall Hellp
From: Ingo Flaschberger <if () xip at>
Date: Mon, 7 Feb 2011 21:00:46 +0100 (CET)
I run a web-server based on ubuntu server and the LAMP stack. I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports. Namely port 80 and port 22 only. Unfortunately once a while some guys get to inject some content onto our web pages. Now managements are looking at getting a well proven infrastructure to counter that. But I also think i can fall on this community to help me get the right stuff done. Where i can protect the server from such attack. I want to know what measure i can do on the server to get it protected which mysql protection I should implement. since i can see that it might be a php or mysql injection that is been used. Currently I run these security measures on it. Ubuntu UFW Fail2ban PHP model security Apache security
have a look at mod_security, helps very successfull against outdated, exploitable user webpages.
mod_security ist a layer 7 firewall wich runs as a apache module. Kind regards, Ingo Flaschberger
Current thread:
- Web Server and Firewall Hellp Joshua William Klubi (Feb 07)
- Re: Web Server and Firewall Hellp TR Shaw (Feb 07)
- RE: Web Server and Firewall Hellp Brandon Kim (Feb 07)
- RE: Web Server and Firewall Hellp Ingo Flaschberger (Feb 07)
- RE: Web Server and Firewall Hellp Brandon Kim (Feb 07)
- Re: Web Server and Firewall Hellp TR Shaw (Feb 07)