Security Basics mailing list archives

Re: securing linux webserver?

From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Tue, 01 Mar 2005 16:15:35 +1000

Kurt,

check out google, it has all your answers.

 SuSE Linux 9.1
http://www.google.com.au/search?hl=en&q=securing+suse+9.1&btnG=Search&meta=

 Apache 2.0
http://www.google.com.au/search?hl=en&q=securing+apache+2&btnG=Search&meta=

 PHP 4.3.1
http://www.google.com.au/search?hl=en&q=securing+php&btnG=Search&meta=

MySQL 
http://www.google.com.au/search?hl=en&q=securing+mysql&btnG=Search&meta=

cheers
Ivan



Ivan Coric, CISSP
Senior IT Security Specialist
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

Kurt Leum <sarinshadow () yahoo com> 28/02/2005 12:04:12 pm >>>

sorry to be so noob,

A friend of mine set up a webserver:
http://www.globalgamesearch.com
problem is, he and I have no idea how to go about
securing it;
he started with SuSE Linux 9.1 with Apache 2.0, PHP
4.3.1, and MySQL out of the box and put it up.

about half an hour ago, an intruder broke in, replaced
SSHD with a back door, and pretty much screwed the
system up.

We're going to reinstall the system with minimal
programs, extremely secure permissions and a basic
firewall, but beyond that we have no clue what to do.
Can anyone here please help me out on this?
Thanks in advance for any help.

__________________________________
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250

Visit our new web site at www.workcoverqld.com.au

***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
****************************************************************************

Current thread:

Re: securing linux webserver?, (continued)
- Re: securing linux webserver? John Doe (Mar 01)
  - Re: securing linux webserver? Aman Raheja (Mar 01)
    - Re: securing linux webserver? Hamish Stanaway (Mar 03)
  - Re: securing linux webserver? Eduardo Kienetz (Mar 01)
    - Re: securing linux webserver? AragonX (Mar 02)
  - Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
  - Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
- Re: securing linux webserver? Kurt Leum (Mar 02)