Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
our network include a RH9 iptables firewall and RH9 web server.
several days ago, our webpage been hacked and change the default
webpage to a blank page which contain belowing
sentence"SegmentationFault -need a help?segfaultbr@hotmail.com."
After we replace the original homepage , we found that the firewall
server always show messages that it have lots of connection to
webserver's port 80 from different outside ip address. Moreover, our
webserver always appear message: "NET XXX messages suppressed".
it make our server very slow and can't provoid normal service again.
Does any one have been face similar situation before? Any methods
to avoid port 80 attack through iptables? Does the "Snort" can help
after we been hacked, we already install a new RH9 linux web server , and then copy web data from old server to new web server, then install trend server protect anti-virus software to ensure no virus on web server.
and we install trend server protect anti-virus software
on linux firewall too, and not found any virus.
The question at now is we must let firewall accept port 80 requirement from internet and then redirect it to web server's port80 for broswing webpage. But very large quantity of port 80 connection requirement appear if we enable port 80 on firewall. we can't find any method to solve it now.
i Look at shorewall.com and dos_evade for apache as
sgrayban said. but i can't find any result? Can you give us some suggestion more detail?
Originally posted by david_ross Moved: This thread is more suitable in Security and has been moved accordingly to help your thread/question get the exposure it deserves.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.