[136976] in North American Network Operators' Group
Re: Web Server and Firewall Hellp
daemon@ATHENA.MIT.EDU (TR Shaw)
Mon Feb 7 13:29:05 2011
From: TR Shaw <tshaw@oitc.com>
In-Reply-To: <AANLkTinsudF2-BwF-_npag6ujkFifLVsF8=YX9mnRpej@mail.gmail.com>
Date: Mon, 7 Feb 2011 13:26:39 -0500
To: Joshua William Klubi <joshua.klubi@gmail.com>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 7, 2011, at 1:18 PM, Joshua William Klubi wrote:
> Hi,
>=20
> I run a web-server based on ubuntu server and the LAMP stack.
> I used Ubuntu's UFW firewall model and have enabled only Web and SSH =
ports.
> Namely port 80 and port 22 only.
>=20
> Unfortunately once a while some guys get to inject some content onto =
our web
> pages.
>=20
> Now managements are looking at getting a well proven infrastructure to
> counter that.
> But I also think i can fall on this community to help me get the right =
stuff
> done. Where
> i can protect the server from such attack.
>=20
>=20
> I want to know what measure i can do on the server to get it protected =
which
> mysql protection
> I should implement. since i can see that it might be a php or mysql
> injection that is been used.
>=20
> Currently I run these security measures on it.
> Ubuntu UFW
> Fail2ban
> PHP model security
> Apache security
Josh
Patch your lamps , collab env, builtin boards and everything, make sure =
mySQL has a password on it since it doesn't out of the box, also update =
all passwords to hard ones and change all updates in the future to not =
use ftp first. Close firewall ports you are not useing and then check =
your logs to see what vulnerabilities you still have if any.
Tom
