[136974] in North American Network Operators' Group
WebServer and Firewall Help
daemon@ATHENA.MIT.EDU (Joshua William Klubi)
Mon Feb 7 13:24:16 2011
From: Joshua William Klubi <joshua.klubi@gmail.com>
Date: Mon, 7 Feb 2011 18:23:17 +0000
To: Seth Mattinen <sethm@rollernet.us>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi,
I run a web-server based on ubuntu server and the LAMP stack.
I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports.
Namely port 80 and port 22 only.
Unfortunately once a while some guys get to inject some content onto our web
pages.
Now managements are looking at getting a well proven infrastructure to
counter that.
But I also think i can fall on this community to help me get the right stuff
done. Where
i can protect the server from such attack.
I want to know what measure i can do on the server to get it protected which
mysql protection
I should implement. since i can see that it might be a php or mysql
injection that is been used.
Currently I run these security measures on it.
Ubuntu UFW
Fail2ban
PHP model security
Apache security
Joshua
