Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Would it be possible for someone to hack into my apache server and delete my web site and the directory it was in? It was just a test server I was using to learn Linux/Apache/MySQL/PHP and anything else along the way. Anyway, I tried to get on this morning and the server didn't respond. I found that the service didn't start because the root directory was missing. I had copies of the files and it is working fine now. I'm not that savy with linux yet and definetly not with security. However, I'm serving the page an port 8000 so I don't even know how anyone could have found it.
If you were "hacked" and someone got root access then anything is possible. Anything. Maybe you should study your apache logs. Are you running a firewall? Not to sound condesending, but are you sure you didn't misplace the files? You should search for some of your files on the hard drive.... You should also keep all your programs/net servers up to date.
If you are running a site off port 8000, then someone can port scan you and see that it is open. It takes little effort from there to see that it is a webserver. You were assuming security through obscurity. That is not a good policy.
Not condesending at all. That's probably what I did. I was just curious about the security. If I portscan my home IP (where the server is running) from work I come back with a dead host. I can still connect though. Am I running a firewall? That depends on how exactly you define a firewall. Everything is behind a router but nothing is filtered by host. There is no DNS pointing to my IP and all my systems are password protected. I do however have open ports for http(port 8000), telnet, ssh, ftp, vnc, and terminal services.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Random attackers almost never use DNS, they just scan millions of IPs at a time for open ports that match certain patterns (either certain port numbers, or certain response banners). When they get a hit, they go back and run a list of exploit scripts against it.
Apache itself doesn't have any remotely exploitable bugs recently, but PHP has a number of them. You're also running some other services that I would be concerned about (vnc, telnet[!?!??!], and terminal services).
Update regularly, read bugtraq and possibly even the official mailing list for the software. Make sure the configurations are as conservative as they need to be.
If there's a configuration option whose security implications you don't understand, you shouldn't be using the software There are a few well-known applications that are ridiculously hard to understand. Consider using an alternative if you find this is the case.
In case someone gets in anyway, be prepared to detect breakins as soon as they happen. Have backups ready so you can get running again - but make sure you've figured out how the attacker got in, so it won't just happen again right away.
Sorry if some of this sounds dumb. BTW, are you 100% sure you need telnet? Isn't sending passwords in the clear a problem?
You have 4 different versions of remote access going on there. Just choose 1. If anything turn off telnet and go to ssh. You can do anything with the command line that you can do in gui, so vnc isn't necessary.