Dear All,
I have been monitoring my logwatch content and I notice there is some 170 times of myfolder/cache/09fe503e5898bcbc55056542d470a803. Is this any hack attempt? I have also install mod_secure should I do some more hardening then?

Good, good...


Please be more specific. I don't what log file the warning stems from or why you obfuscate the location of "myfolder/". And did you check the contents of "myfolder/cache/"?


Maybe start by listing what the purpose of this machine is (LAN file server, exposed web server, etc) and what you already have done in terms of hardening.

Dear All,
I have an exposed web server machine. The hardening part I have done is that to stop using normal user name password, putting the machine behind a firewall thus only port 80 is open and to access the machine via ssh it to be via vpn. In additonal it is minimal install centos 6.3 and directory browsing have been blocked too. I have also install mod_secure which claims to protect the apache server. I might be missing other option which I have might not have come learned yet. The log file is content from the logwatch and titled as 404 Not Found. I have done this find / -name cache and I dont see any folder by the name myfolder/cache. What can I do the further harden by server to avoid attacks on my folders?

After some more googling and further going through the error and access log of my httpd I found this link speak the same problem too http://serverfault.com/questions/390...ge-named-cache. Thus I can see it is any issue with the client browser and not my server? Anyway I will welcome further idea on hardening my web server though.

As per http://code.google.com/p/chromium/is...?id=132059#c47 this seems to be caused by the "Ginyas Ltd. Browser Companion" (extension ID bodddioamolcibagionmmobehnbhiakf) browser helper object (HBO) commonly called "Browser Companion Helper" which affects common browsers like Google Chrome, Internet Explorer, and Mozilla Firefox. Indeed it is a client side issue and does not harm the server. Three ways to deal with this I can see: 0) ignore these requests as harmless, 1) block them or 2) alert users their browser is infected by using a rewrite in the httpd.conf (performance-wise avoid using .htaccess files). Should look something like this:
and check http://httpd.apache.org/docs/current...d_rewrite.html for how to apply this.


Now I remember who you are. You had 2 breaches of security in one year and Noway2 and I spent about 2 months getting you to re-install from scratch and configure your machine(s) last year, according to the detailed list of basic OS hardening steps we sent you. Asserting you actually completed that please provide an inventory using servdoc 1.0rc1 and a local check with Tiger 3.2.3 (attach to email and send to my address). Even though you have mod_security running (which is good) please also review the tips at http://httpd.apache.org/docs/2.4/mis...rity_tips.html and as it's often not Apache itself but what you run on top of it do run a basic Nikto 2.1.5 check.

Dear Unspawn,
Ok I will take some to grab regarding mod_rewrite as this are something new to me. Yes you recognise me well. I am not too sure how you want me to use both servedoc.1.Orc1 as I have downloaded it ready. Must I install it? I will read the tips given at the apache site and also the Nikto I have download so what should I do install it?

You can run ServDoc without installing it and it only requires Perl. Commonly tar balls include files called README and INSTALL containing detailed instructions what to do.

Dear Unspawn,
Give me some time to go through it and run it first. How about the Tiger I gone to to this link http://download.savannah.gnu.org/rel...tiger/?C=M;O=D . I guess to pick the latest file right? Thank you.

Download version 3.2.3.

Dear Unspawn,
Ok will do it accordingly.