LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-14-2006, 10:48 AM   #1
jcombs_31
Member
 
Registered: Dec 2004
Distribution: Slackware
Posts: 104

Rep: Reputation: 15
web server security


I've posted this problem in the slackware forum, but maybe I'll get some help here. I have a slackware 10 box set up at my house as my personal web/ftp/mysql/smtp/ssh server. I have noticed lots of traffic and that my site seems to be getting hit hard from spam to the guestbook and email form. How can I secure apache to not accept this kind of junk? It seems to be eating lots of bandwidth on my DSL connection.
 
Old 02-14-2006, 12:25 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
This is generally handled with "captcha" software. It's the software that creates those barely readable graphics with text/numbers that people have to type in before an entry is accepted. Many popular web applications now have this type of facility. Do a Google search for captcha and the software you're using on your web site to see if a plug-in is available.
 
Old 02-14-2006, 12:57 PM   #3
Intimidator
Member
 
Registered: Mar 2005
Distribution: FC4
Posts: 83

Rep: Reputation: 15
Some Tips:

- Apache:
- Enable only needed modules in Apache.
- Install mod_security, and run apache in a jail with chroot.
- Fix all security bugs in Apache installation (see Bugtraq).
- See modules like mod_access, mod_auth, mod_rewrite and mod_ssl, may help.

- MySQL:
- Be carefull with the databases/tables permissions. If you run MySQL in the
same host than apache, you must run MySQL only in localhost.
- Use other user than root (Database Superuser), to
connect your applications in php.

Have a look @:

http://www.securityfocus.com/infocus/1694
http://www.securityfocus.com/infocus/1706
http://www.lamphowto.com/
 
Old 02-14-2006, 02:36 PM   #4
jcombs_31
Member
 
Registered: Dec 2004
Distribution: Slackware
Posts: 104

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Intimidator
Some Tips:

- Apache:
- Enable only needed modules in Apache.
- Install mod_security, and run apache in a jail with chroot.
- Fix all security bugs in Apache installation (see Bugtraq).
- See modules like mod_access, mod_auth, mod_rewrite and mod_ssl, may help.

- MySQL:
- Be carefull with the databases/tables permissions. If you run MySQL in the
same host than apache, you must run MySQL only in localhost.
- Use other user than root (Database Superuser), to
connect your applications in php.

Have a look @:

http://www.securityfocus.com/infocus/1694
http://www.securityfocus.com/infocus/1706
http://www.lamphowto.com/
Do you have more detailed info about mod_security and jail with chroot?

I'm don't really have any mysql problems, everything seems to root from my site getting constantly scanned for forms to post. I can secure the forms, but that isn't really what I was looking for.
 
Old 02-14-2006, 04:02 PM   #5
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
If you're concerned about the (never ending) scans, then take a look at the source addresses. I find that the scans typically originate from one or two countries. If you don't have any need to interact with folks from those countries (e.g., no business requirement or personal relationships), you can look up their address ranges and simply block them at the firewall. This has the added advantage of reducing the resource requirements on your server, but it is a brute force method.
 
Old 02-15-2006, 09:36 AM   #6
jcombs_31
Member
 
Registered: Dec 2004
Distribution: Slackware
Posts: 104

Original Poster
Rep: Reputation: 15
I let netwatch run on the box for a little while and noticed all kinds of strange connections.

http://www.jcombs.net/~jeff/netwatch.jpg

I don't know why hotmail would be connected so many times. Any advise from looking at the screen shot?
 
Old 02-15-2006, 10:29 AM   #7
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 328Reputation: 328Reputation: 328Reputation: 328
Well, it looks like a considerable number of packets are coming from Korea.
 
Old 02-15-2006, 11:24 AM   #8
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 53
He these poor chineese people already have filtering done by their government but for the hackers that manage to go out of the chineese firewall they are blocked by our firewall. lol
Poor them...
I personnaly don't think its so nice to block a whole country just because some zombies or scriptkiddies are there.
 
Old 02-15-2006, 11:54 AM   #9
jcombs_31
Member
 
Registered: Dec 2004
Distribution: Slackware
Posts: 104

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by macemoneta
Well, it looks like a considerable number of packets are coming from Korea.
How do you know? I'm intersted in knowing more details.
 
Old 02-15-2006, 02:05 PM   #10
Intimidator
Member
 
Registered: Mar 2005
Distribution: FC4
Posts: 83

Rep: Reputation: 15
Quote:
Originally Posted by jcombs_31
How do you know? I'm intersted in knowing more details.
http://www.linuxquestions.org/questi...d.php?t=360119
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can we configure a Linux server with mail server,file server and web server kumarx Linux - Newbie 5 09-09-2004 07:21 AM
setting up password protected web forms on an apache web server AZDAVE Linux - Security 3 07-07-2004 01:03 PM
Security advice for a web server please pembo13 Linux - Security 4 07-01-2004 04:19 PM
Mandrake 10: Issues with "higher" security setting and web server maverick106 Mandriva 6 04-26-2004 11:39 AM
Linux Newbie seeking advice on proper security for 7.3 web server... marvc Linux - Security 3 03-24-2003 03:42 PM


All times are GMT -5. The time now is 03:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration