LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-09-2004, 09:39 AM   #1
patpawlowski
Member
 
Registered: Mar 2003
Location: Centreville, Virginia
Distribution: Mandrak, Red Hat
Posts: 163

Rep: Reputation: 30
Apache hack?


Would it be possible for someone to hack into my apache server and delete my web site and the directory it was in? It was just a test server I was using to learn Linux/Apache/MySQL/PHP and anything else along the way. Anyway, I tried to get on this morning and the server didn't respond. I found that the service didn't start because the root directory was missing. I had copies of the files and it is working fine now. I'm not that savy with linux yet and definetly not with security. However, I'm serving the page an port 8000 so I don't even know how anyone could have found it.
 
Old 02-09-2004, 11:11 AM   #2
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
If you were "hacked" and someone got root access then anything is possible. Anything. Maybe you should study your apache logs. Are you running a firewall? Not to sound condesending, but are you sure you didn't misplace the files? You should search for some of your files on the hard drive.... You should also keep all your programs/net servers up to date.

If you are running a site off port 8000, then someone can port scan you and see that it is open. It takes little effort from there to see that it is a webserver. You were assuming security through obscurity. That is not a good policy.
 
Old 02-09-2004, 11:58 AM   #3
patpawlowski
Member
 
Registered: Mar 2003
Location: Centreville, Virginia
Distribution: Mandrak, Red Hat
Posts: 163

Original Poster
Rep: Reputation: 30
Not condesending at all. That's probably what I did. I was just curious about the security. If I portscan my home IP (where the server is running) from work I come back with a dead host. I can still connect though. Am I running a firewall? That depends on how exactly you define a firewall. Everything is behind a router but nothing is filtered by host. There is no DNS pointing to my IP and all my systems are password protected. I do however have open ports for http(port 8000), telnet, ssh, ftp, vnc, and terminal services.
 
Old 02-09-2004, 12:48 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Random attackers almost never use DNS, they just scan millions of IPs at a time for open ports that match certain patterns (either certain port numbers, or certain response banners). When they get a hit, they go back and run a list of exploit scripts against it.

Apache itself doesn't have any remotely exploitable bugs recently, but PHP has a number of them. You're also running some other services that I would be concerned about (vnc, telnet[!?!??!], and terminal services).
 
Old 02-09-2004, 12:54 PM   #5
patpawlowski
Member
 
Registered: Mar 2003
Location: Centreville, Virginia
Distribution: Mandrak, Red Hat
Posts: 163

Original Poster
Rep: Reputation: 30
Let me ask this then. Assuming that I need, or really, really want these services available, how can be as safe as possible with them?
 
Old 02-09-2004, 01:04 PM   #6
snacky
Member
 
Registered: Feb 2004
Distribution: Debian
Posts: 286

Rep: Reputation: 30
Update regularly, read bugtraq and possibly even the official mailing list for the software. Make sure the configurations are as conservative as they need to be.

If there's a configuration option whose security implications you don't understand, you shouldn't be using the software There are a few well-known applications that are ridiculously hard to understand. Consider using an alternative if you find this is the case.

In case someone gets in anyway, be prepared to detect breakins as soon as they happen. Have backups ready so you can get running again - but make sure you've figured out how the attacker got in, so it won't just happen again right away.

Sorry if some of this sounds dumb. BTW, are you 100% sure you need telnet? Isn't sending passwords in the clear a problem?
 
Old 02-09-2004, 01:30 PM   #7
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
You have 4 different versions of remote access going on there. Just choose 1. If anything turn off telnet and go to ssh. You can do anything with the command line that you can do in gui, so vnc isn't necessary.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hack,,, apenguinlinux General 4 02-22-2005 10:13 AM
help with my first hack? oldstinkyfish Programming 1 11-13-2004 06:03 AM
Apache logs - Hack attempt or not? lawadm1 Linux - Software 6 11-05-2004 11:53 PM
Apache source code hack - Server response headers 2.0.49 fireman949 Linux - Software 2 05-24-2004 10:31 AM
are they trying to hack me? epox111 Linux - Security 9 09-10-2003 08:23 PM


All times are GMT -5. The time now is 06:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration