[136980] in North American Network Operators' Group
RE: Web Server and Firewall Hellp
daemon@ATHENA.MIT.EDU (Brandon Kim)
Mon Feb 7 14:36:38 2011
From: Brandon Kim <brandon.kim@brandontek.com>
To: <tshaw@oitc.com>, <joshua.klubi@gmail.com>
Date: Mon, 7 Feb 2011 14:36:29 -0500
In-Reply-To: <A725841D-E7C4-4C35-A85A-B76DCE576C0D@oitc.com>
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
If you're getting SQL injections through your website=2C then you have to l=
ook at the programming of your website.
It has nothing to do with your firewall. Definitely patch and update all yo=
ur software running LAMP=2C but also have
to check how you allow input on your websites.....
> Subject: Re: Web Server and Firewall Hellp
> From: tshaw@oitc.com
> Date: Mon=2C 7 Feb 2011 13:26:39 -0500
> To: joshua.klubi@gmail.com
> CC: nanog@nanog.org
>=20
>=20
> On Feb 7=2C 2011=2C at 1:18 PM=2C Joshua William Klubi wrote:
>=20
> > Hi=2C
> >=20
> > I run a web-server based on ubuntu server and the LAMP stack.
> > I used Ubuntu's UFW firewall model and have enabled only Web and SSH po=
rts.
> > Namely port 80 and port 22 only.
> >=20
> > Unfortunately once a while some guys get to inject some content onto ou=
r web
> > pages.
> >=20
> > Now managements are looking at getting a well proven infrastructure to
> > counter that.
> > But I also think i can fall on this community to help me get the right =
stuff
> > done. Where
> > i can protect the server from such attack.
> >=20
> >=20
> > I want to know what measure i can do on the server to get it protected =
which
> > mysql protection
> > I should implement. since i can see that it might be a php or mysql
> > injection that is been used.
> >=20
> > Currently I run these security measures on it.
> > Ubuntu UFW
> > Fail2ban
> > PHP model security
> > Apache security
>=20
> Josh
>=20
> Patch your lamps =2C collab env=2C builtin boards and everything=2C make =
sure mySQL has a password on it since it doesn't out of the box=2C also up=
date all passwords to hard ones and change all updates in the future to not=
use ftp first. Close firewall ports you are not useing and then check your=
logs to see what vulnerabilities you still have if any.
>=20
> Tom
>=20
>=20
=
