Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Ubuntu based stuff for the most part
Posts: 1,174
Rep:
Is your website running webapps that can be run in users browsers? Then a WAF can help protect it.
Most websites will not get a lot of benefit from a WAF since they are only doing basic things, like let letting people login and post questions/answers.
If the website is used like a portal to access other servers, then a WAF between the web server and the others will help protect them.
Is your website running webapps that can be run in users browsers? Then a WAF can help protect it.
Most websites will not get a lot of benefit from a WAF since they are only doing basic things, like let letting people login and post questions/answers.
If the website is used like a portal to access other servers, then a WAF between the web server and the others will help protect them.
Yes, it is a WordPress website. When people can login and post, then some attacks like XSS and SQL Injection happen!
Distribution: Ubuntu based stuff for the most part
Posts: 1,174
Rep:
A WAF sits between the webserver and other application servers or databases, so will not help you much in this case since things are all on the same server. Odds are the attacks are coming from security holes in a plugin you installed.
You need some sort of intrusion detection system. If your server has SELinux, you could try setting it to enforcing mode which may prevent exploitation from the plugin exploits. Or better yet, remove the plugin that is causing the breach.
Hard to answer without knowing what those php scripts do and how selinux attributes are configured on the rest of the system. Also ownership has an affect, which could have been shown by "ls -lZ ..."
The fact that they appear to be executable scripts automatically makes them suspect, but as long as they are restricted to functioning within the bounds of the web server and its user space that should be fine.
Hard to answer without knowing what those php scripts do and how selinux attributes are configured on the rest of the system. Also ownership has an affect, which could have been shown by "ls -lZ ..."
The fact that they appear to be executable scripts automatically makes them suspect, but as long as they are restricted to functioning within the bounds of the web server and its user space that should be fine.
Thank you.
The owner of the files and directories is "apache" user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.