securing php, apache and mysql

javier_ccs · 09-27-2005, 10:21 AM

hello,

i would like to find quality documentation about securing php, mysql and apache... i've google it and found tons of info but i would like some experts advice of where is the GOOD documentation

TigerOC · 09-28-2005, 01:57 AM

The key things that need to be addressed IMHO are:

1. Good iptables firewall.

2. Minimise the number of ports that are open. If you you don't need to ssh into the box from the net then close port 22 via the firewall as this is the port that is most commonly probed. If you need acccess only open it to the world via the firewall when you need to.

3. Probably the most important - have strong passwords.

4. Keep your software updated regularly.

slackie1000 · 10-01-2005, 05:05 AM

hi there,

Quote:

Originally posted by TigerOC
3. Probably the most important - have strong passwords.

agreed. considering the volume of "brute force" attacks nowadays this is the key.
on a side note, i suggest this tips for apache.
regards,
slackie1000

javier_ccs · 10-06-2005, 03:26 PM

thanks for the tips... really appreciate them.....

|2ainman · 10-07-2005, 05:30 AM

mod_security is good. Also try some of the different kernel patches out there.

di11rod · 10-18-2005, 11:08 AM

Quote:

Originally posted by TigerOC

4. Keep your software updated regularly.

Of all these recommendations, I think #4 needs to be #1.

More websites get comprimised due to vulnerabilities in web applications than via brute-forced passwords. Usually, a vulnerability in some secondary piece of software is then used to elevate priveleges for the intruder.

di11rod