LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-18-2014, 05:54 PM   #1
sniper8752
Member
 
Registered: Oct 2012
Posts: 477

Rep: Reputation: Disabled
opening server to http/ssh requests


If I open my server to http/ssh requests, I was wondering if there was any way if someone could attack and gain access easier if I were to open it this way? Is there any way to prevent this? I have fail2ban and keys so far.
 
Old 08-18-2014, 06:09 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Problem here isn't the port but what you run on it. Any outdated CMS, forum, shopping cart, photo gallery or other software including themes, plug-ins, add-ons and whatnot will be probed for. Having fail2ban is good but mod_security, maybe a reverse proxy, but most of all preventing any situation from occurring or escalating should be common sense. So what will you be running?
 
Old 08-18-2014, 07:11 PM   #3
sniper8752
Member
 
Registered: Oct 2012
Posts: 477

Original Poster
Rep: Reputation: Disabled
a website (apache, or nginx), sftp, and that should be it.
 
Old 08-19-2014, 02:22 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by sniper8752 View Post
a website (apache, or nginx), sftp, and that should be it.
Apache is an example of web server software. I mean web site software. Anyway, whatever CMS, forum or other software you'll be running: read its (security) documentation, keep everything up to date, harden, audit regularly, respond to reporting, use common sense.

Last edited by unSpawn; 08-19-2014 at 02:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache server does not respond to LAN http requests fedix Linux - Server 9 07-18-2012 03:51 PM
redirect all http requests to a different squid proxy server r2d2#jedi Linux - Networking 1 05-27-2009 01:31 AM
Server took a poo, responds to pings but no http/ssh requests. Heres my log... zushiba Linux - Networking 2 05-14-2009 04:35 PM
How to use tcpdump to be able to see http requests sent to the server? helptonewbie Linux - Networking 4 01-12-2009 10:33 AM
Can't get my http server to respond to requests... garydamm Linux - Networking 9 01-16-2005 11:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration