Re: securing linux webserver?

From: John Doe (security.department_at_tele2.ch)
Date: 03/01/05

  • Next message: Robert Hines: "RE: Preventing Copy/ Paste" 
    To: security-basics@securityfocus.com
Date: Tue, 1 Mar 2005 03:21:55 +0100

    Am Montag, 28. Februar 2005 03.04 schrieb Kurt Leum:
    > sorry to be so noob,
    >
    > A friend of mine set up a webserver:
    > http://www.globalgamesearch.com
    > problem is, he and I have no idea how to go about
    > securing it;

    Unfortunately I can't provide very much help to your question below;
    just wanted to say that it's a bad idea to give out the address of a server to
    a security list and stating it is insecure.

    There are a lot of people with high hacking capabilities reading this list,
    some of them could (theoretically) use the server as a target without
    searching for vulnerable servers.

    But maybe your idea with this mail is to attract penetration testers???

    > he started with SuSE Linux 9.1 with Apache 2.0, PHP
    > 4.3.1, and MySQL out of the box and put it up.
    >
    > about half an hour ago, an intruder broke in, replaced
    > SSHD with a back door, and pretty much screwed the
    > system up.

    basic tips:

    - don't use the standard port 22 for sshd
    - restrict the IPs allowd to contact sshd if possible
    - eventually use some port knocking to secure sshd

    > We're going to reinstall the system with minimal
    > programs, extremely secure permissions

    good idea

    > and a basic firewall

    Not clear what you mean by basic.

    If possible, when configuring the firewall, start by deny everything; then
    allow, step by step, what's absolutely necessary.

    > , but beyond that we have no clue what to do.
    > Can anyone here please help me out on this?
    > Thanks in advance for any help.

    beyond that... difficult. Wait for answers of real cracks :-)

    greetings joe

  • Next message: Robert Hines: "RE: Preventing Copy/ Paste"

    Relevant Pages

    • Re: securing linux webserver?
      ... > just wanted to say that it's a bad idea to give out the address of a server to ... > - restrict the IPs allowd to contact sshd if possible ... >> programs, extremely secure permissions ... >> and a basic firewall ...
      (Security-Basics)
    • Slow sftp transfer speed vs ftp
      ... with Solaris 9) I am transfering at 300 kb/sec. ... on both client and server. ... # The sshd shipped in this release of Solaris has support for major versions ... # Banner to be printed before authentication starts. ...
      (SunManagers)
    • Re: cgroup OOM killer loop causes system to lockup (possible fix included)
      ... Please note, the way I am detecting if the oom_adj bug is present, is by checking if the sshd user processes are -17. ... - oom problem not found ... (booted into new kernel) ... secure shell server, for secure access from remote machines ...
      (Debian-User)
    • Re: ssh_exchange_identification uClinux problem
      ... By default sshd does not let root login into a server. ... Connection closed by foreign host. ... inetd started sshd or logged an error. ...
      (comp.security.ssh)
    • OpenSSH 3.6.1p2 Inoperability Issue
      ... I am running a Linux Debian server at home, ... sshd will not accept connections. ... passwords, even if it is correct, is just says access denied. ... # Kerberos TGT Passing only works with the AFS kaserver ...
      (SSH)