Originally Posted by abesirovic1
It doesn't matter if he has it in virtualbox if the network interface is shared (i.e. outside people still open the apache site).
Just set it to: Listen 127.0.0.1 in httpd.conf file.
The positive point of using Virtualbox is someone can test and play in an isolated environment. Virtualbox set as NAT as default so the outside world can acces the Apache. But the purpose of Web server is inverted, so 'Host Only' type of networking required in Virtualbox. Open necessary port, hack the configuration file,give a dummy data,test the security and performance.
In my experiences, many adjustment required when developing web server to public service. Remove unecessary packets (like x,xap,d),adjust firewall,...hacking here and there
. Virtualbox is nice tool to experiment before run in real tournament.
It's hard to play hard in daily basis computer system. (without virtual environment, I need the other computer/server).
All in all, security is an art
For me, it's great to see the log catch many effort to compromise the system... I can learn from this. Ofcourse it doesn't happen if I disconnect my network cable from wall.