[136983] in North American Network Operators' Group
RE: Web Server and Firewall Hellp
daemon@ATHENA.MIT.EDU (Ingo Flaschberger)
Mon Feb 7 15:00:54 2011
Date: Mon, 7 Feb 2011 21:00:46 +0100 (CET)
From: Ingo Flaschberger <if@xip.at>
To: nanog group <nanog@nanog.org>
In-Reply-To: <BLU158-w2806166BCD50C8239552D5DCEB0@phx.gbl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>>> I run a web-server based on ubuntu server and the LAMP stack.
>>> I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports.
>>> Namely port 80 and port 22 only.
>>>
>>> Unfortunately once a while some guys get to inject some content onto our web
>>> pages.
>>>
>>> Now managements are looking at getting a well proven infrastructure to
>>> counter that.
>>> But I also think i can fall on this community to help me get the right stuff
>>> done. Where
>>> i can protect the server from such attack.
>>>
>>>
>>> I want to know what measure i can do on the server to get it protected which
>>> mysql protection
>>> I should implement. since i can see that it might be a php or mysql
>>> injection that is been used.
>>>
>>> Currently I run these security measures on it.
>>> Ubuntu UFW
>>> Fail2ban
>>> PHP model security
>>> Apache security
have a look at mod_security, helps very successfull against outdated,
exploitable user webpages.
mod_security ist a layer 7 firewall wich runs as a apache module.
Kind regards,
Ingo Flaschberger
