Security Basics mailing list archives
Re: securing linux webserver?
From: Eduardo Kienetz <eduardok () gmail com>
Date: Tue, 1 Mar 2005 11:59:23 -0300
On Tue, 1 Mar 2005 03:21:55 +0100, John Doe <security.department () tele2 ch> wrote:
Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:sorry to be so noob, A friend of mine set up a webserver: http://www.globalgamesearch.com problem is, he and I have no idea how to go about securing it;Unfortunately I can't provide very much help to your question below; just wanted to say that it's a bad idea to give out the address of a server to a security list and stating it is insecure. There are a lot of people with high hacking capabilities reading this list, some of them could (theoretically) use the server as a target without searching for vulnerable servers. But maybe your idea with this mail is to attract penetration testers???he started with SuSE Linux 9.1 with Apache 2.0, PHP 4.3.1, and MySQL out of the box and put it up. about half an hour ago, an intruder broke in, replaced SSHD with a back door, and pretty much screwed the system up.basic tips: - don't use the standard port 22 for sshd - restrict the IPs allowd to contact sshd if possible - eventually use some port knocking to secure sshdWe're going to reinstall the system with minimal programs, extremely secure permissionsgood ideaand a basic firewallNot clear what you mean by basic. If possible, when configuring the firewall, start by deny everything; then allow, step by step, what's absolutely necessary., but beyond that we have no clue what to do. Can anyone here please help me out on this? Thanks in advance for any help.beyond that... difficult. Wait for answers of real cracks :-) greetings joe
Also, block the disclosure of application versions: Apache x.xx (i.e. when you try to access a page tat does not exist is shows: "Apache/1.3.xx Server at xxxxx.com Port 80") Bind version (version "secret") Do not forget to change mysql default root password. Database "test" could be removed. /etc/issue{.net} should be blank at best. php.ini allow_url_fopen tag should be Off Regards, -- Eduardo Bacchi Kienetz http://www.noticiaslinux.com.br/eduardo/
Current thread:
- securing linux webserver? Kurt Leum (Feb 28)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hamish Stanaway (Mar 03)
- Re: securing linux webserver? Eduardo Kienetz (Mar 01)
- Re: securing linux webserver? AragonX (Mar 02)
- Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
- Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
- <Possible follow-ups>
- Re: securing linux webserver? Ivan Coric (Mar 01)
- RE: securing linux webserver? Smith, Ryan (Mar 01)
- Re: securing linux webserver? Kurt Leum (Mar 02)