LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-27-2005, 10:21 AM   #1
javier_ccs
Member
 
Registered: Apr 2005
Location: Milton Keynes
Distribution: ubuntu 12.10
Posts: 87

Rep: Reputation: 15
securing php, apache and mysql


hello,


i would like to find quality documentation about securing php, mysql and apache... i've google it and found tons of info but i would like some experts advice of where is the GOOD documentation
 
Old 09-28-2005, 01:57 AM   #2
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
The key things that need to be addressed IMHO are:

1. Good iptables firewall.

2. Minimise the number of ports that are open. If you you don't need to ssh into the box from the net then close port 22 via the firewall as this is the port that is most commonly probed. If you need acccess only open it to the world via the firewall when you need to.

3. Probably the most important - have strong passwords.

4. Keep your software updated regularly.

Last edited by TigerOC; 09-28-2005 at 01:58 AM.
 
Old 10-01-2005, 05:05 AM   #3
slackie1000
Senior Member
 
Registered: Dec 2003
Location: Brasil
Distribution: Arch
Posts: 1,037

Rep: Reputation: 45
hi there,
Quote:
Originally posted by TigerOC
3. Probably the most important - have strong passwords.
agreed. considering the volume of "brute force" attacks nowadays this is the key.
on a side note, i suggest this tips for apache.
regards,
slackie1000
 
Old 10-06-2005, 03:26 PM   #4
javier_ccs
Member
 
Registered: Apr 2005
Location: Milton Keynes
Distribution: ubuntu 12.10
Posts: 87

Original Poster
Rep: Reputation: 15
thanks for the tips... really appreciate them.....
 
Old 10-07-2005, 05:30 AM   #5
|2ainman
Member
 
Registered: Mar 2004
Distribution: Slackware current, DSL 0.9.2
Posts: 133

Rep: Reputation: 15
mod_security is good. Also try some of the different kernel patches out there.
 
Old 10-18-2005, 11:08 AM   #6
di11rod
Member
 
Registered: Jan 2004
Location: Austin, TEXAS
Distribution: CentOS 6.5
Posts: 207

Rep: Reputation: 32
Quote:
Originally posted by TigerOC


4. Keep your software updated regularly.
Of all these recommendations, I think #4 needs to be #1.

More websites get comprimised due to vulnerabilities in web applications than via brute-forced passwords. Usually, a vulnerability in some secondary piece of software is then used to elevate priveleges for the intruder.

di11rod
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL,PHP and Apache Doug.Gentry Linux - General 4 03-26-2005 07:45 PM
Apache Mysql Php: mysql with php doesn't work breakerfall Linux - Networking 6 12-27-2003 08:59 PM
php-nuke with apache php mysql c0c0deuz Linux - Software 0 03-30-2003 06:23 AM
securing apache & PHP markus1982 Linux - Security 2 01-18-2003 02:16 PM
Apache/MySQL/PHP c0c0deuz Linux - General 2 05-18-2002 03:55 PM


All times are GMT -5. The time now is 07:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration