LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-15-2013, 12:18 PM   #16
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled

Dear Habitual,
My apology yes its facing public but is password protected. I got things mixed up.
 
Old 11-15-2013, 12:26 PM   #17
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
Quote:
Originally Posted by newbie14 View Post
Dear Habitual,
My apology yes its facing public but is password protected. I got things mixed up.
No need to apologize. I been at this 20 years and I get mixed up all the time.
How is this "password protection" utilized?

.htpasswd?
 
Old 11-15-2013, 12:30 PM   #18
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
Which password you mean? You mean the machine password or the application. I never utilized .htpasswd. I am still newbie in hardening and security learning to improvise and apply.
 
Old 11-15-2013, 12:31 PM   #19
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
How is the "password protection" implemented for the application?
 
Old 11-15-2013, 12:34 PM   #20
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
For the application its purely mysql db storing it. So I just run a check on the username and password. I got to admit its now clear text and I was soo busy doing all other hardening on the server I forgot to change this to hashing based. Now I am learning on best hashing.
 
Old 11-15-2013, 12:39 PM   #21
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
an application password does NOT prevent scans on the web's DocumentRoot.

Like I asked, send me a PM of some of the complete couple of lines from the apache|httpd logs
 
1 members found this post helpful.
Old 11-15-2013, 12:44 PM   #22
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
Ok I just sent you test pm. I dont know it reached you if yes then I am preparing the full logs of this activity to send over.
 
Old 11-15-2013, 01:46 PM   #23
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
OK. PM replied to...
 
Old 11-15-2013, 02:00 PM   #24
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
I have replied with the required information.

---------- Post added 11-16-13 at 03:01 AM ----------

Dear Habitual,
I have replied with the required information.
 
Old 11-15-2013, 02:04 PM   #25
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
Great. Give me some time to analyze. I have a full-time Job.
 
Old 11-15-2013, 02:06 PM   #26
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
Is ok take your time but do guide me and share me to knowledge in this line.
 
Old 11-16-2013, 04:22 PM   #27
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
I don't believe there's anything in those logs to worry about.
You can either block that IP using .htaccess or iptables.
http://www.htaccess-guide.com/deny-v...by-ip-address/
Code:
iptables -I INPUT -s 207.182.143.146 -j DROP
The scans are nothing out of the ordinary.

I'd use an "deny from 207.182.143.146" in .htaccess explained in the link above and keep an eye on the logs for a few days.

Good luck.
 
1 members found this post helpful.
Old 11-17-2013, 01:09 AM   #28
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
To my surprise how could they guess so well the names and even the exact get query input? This puzzles me till now. I have been monitoring there is not activity from this ip or this sort for now. Where to store this .htacces is it in my /var/html or /var/html/myfolder?
 
Old 11-17-2013, 09:08 AM   #29
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,354
Blog Entries: 36

Rep: Reputation: Disabled
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. However, it is important to also remember that there may have been .htaccess files in directories higher up. Directives are applied in the order that they are found. Therefore, a .htaccess file in a particular directory may override directives found in .htaccess files found higher up in the directory tree. And those, in turn, may have overridden directives found yet higher up, or in the main server configuration file itself.

http://httpd.apache.org/docs/2.2/howto/htaccess.html
 
Old 11-19-2013, 12:24 PM   #30
newbie14
Member
 
Registered: Sep 2011
Posts: 534

Original Poster
Rep: Reputation: Disabled
Dear Habitual,
I read here http://httpd.apache.org/docs/2.2/howto/htaccess.html it say if you have the main config file then you should us that? So what is you opinion on it? Go with .htaccess or change the main config file?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] http 404 error ansrewdps Linux - Server 11 02-08-2011 11:48 AM
[SOLVED] Error: 0516-404 allocp mufy AIX 1 02-04-2010 02:02 AM
Is a 404 error a server issue? M$ISBS General 2 05-13-2007 12:22 PM
wget 404 error BarryM45 Linux - General 2 10-12-2004 06:12 AM
(404)error johncla Linux - Networking 1 03-25-2001 07:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration