[136973] in North American Network Operators' Group
Web Server and Firewall Hellp
daemon@ATHENA.MIT.EDU (Joshua William Klubi)
Mon Feb 7 13:20:13 2011
From: Joshua William Klubi <joshua.klubi@gmail.com>
Date: Mon, 7 Feb 2011 18:18:23 +0000
To: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
I run a web-server based on ubuntu server and the LAMP stack.
I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports.
Namely port 80 and port 22 only.
Unfortunately once a while some guys get to inject some content onto our web
pages.
Now managements are looking at getting a well proven infrastructure to
counter that.
But I also think i can fall on this community to help me get the right stuff
done. Where
i can protect the server from such attack.
I want to know what measure i can do on the server to get it protected which
mysql protection
I should implement. since i can see that it might be a php or mysql
injection that is been used.
Currently I run these security measures on it.
Ubuntu UFW
Fail2ban
PHP model security
Apache security
Joshua
