LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-06-2006, 11:43 PM   #1
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Rep: Reputation: 31
How to secure an apache server?


I have been messing around with hosting a website a little bit. The other day, it got hacked I believe, as suddenly the entire directory of information was gone with out a trace.

I didn't see any login attempts thru ssh, or ftp, so I was unsure about how it happened. Either an exploit of some sort, or my own error? No idea.

I installed a fresh copy of Fedora 6 and would like to go back online. But where are some good resources , or a check list of sorts to make sure I didn't miss anything, so I can sleep better at night.

Where would I go to find exploits of apache and such so I can keep up on the times?

Many thanks,

Last edited by neocontrol; 05-06-2010 at 01:38 PM.
 
Old 12-07-2006, 12:21 AM   #2
Fadoksi
Member
 
Registered: Apr 2006
Location: Finland
Distribution: Ubuntu, Gentoo, Debian
Posts: 88

Rep: Reputation: 15
Have a look at mod_security
http://www.modsecurity.org/

And mod_evasive
http://www.zdziarski.com/projects/mod_evasive/

I'm using these
 
Old 12-07-2006, 04:06 AM   #3
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
And also:
http://www.freesoftwaremagazine.com/...ardening_linux
http://httpd.apache.org/docs/2.0/mis...rity_tips.html
http://www.howtoforge.com/apache_mod_security

That's a beginning...
 
Old 12-07-2006, 09:55 AM   #4
neocontrol
Member
 
Registered: Jul 2005
Posts: 273

Original Poster
Rep: Reputation: 31
This is what I was looking for. Many thanks.
 
Old 12-09-2006, 01:29 PM   #5
jlgreer1
Member
 
Registered: Aug 2005
Location: Under the rainbow
Distribution: LFS 7, CentOS 7, OS X
Posts: 119

Rep: Reputation: 25
Neocontrol,

You might consider using CentOS instead of Fedora Core. You could enable the firewall and SELinux upon install. Extensive logging in enabled making it easier to follow breakin attempts and the aftermath of hacking.

You could then install something like DenyHosts python script to block multiple login failures.

Jeff
 
Old 12-09-2006, 02:33 PM   #6
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally Posted by neocontrol
Where would I go to find exploits of apache and such so I can keep up on the times?
If you want to keep up on bleeding edge stuff that's just released, one of the infosec mailing lists is the way to go, like bugtraq or full-disclosure. The signal-to-noise ratio can be a bit low on those, especially if you're interested in just Apache vulns, so you may want an Apache-specific list.

Probably the single most-effective measure you can take is to turn on nightly YUM updates, so that your server will be fully patched at all times. If you are hosting anything with dynamic content like CGI scripts, PHP or third-party add ons like phpBB bulletin boards then you need to independently monitor their security status as they will not be automatically updated (PHP core files will be). Also many of these addons have individual security tweaks that can be very helpful, like turning off register_globals in pre-4.2 versions of PHP. I'd also second using mod_security.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
secure. vs www. ssl apache config hank43 Linux - Networking 4 08-09-2006 10:06 PM
LXer: Secure Your Apache With mod_security LXer Syndicated Linux News 0 07-13-2006 08:33 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
Apache Help (Secure Web Server) carlg Linux - Networking 1 10-19-2004 07:46 PM
apache install disrupting secure website access? edsmithers Linux - Networking 3 04-23-2004 05:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration