Re: Web server security
- From: ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin)
- Date: Fri, 01 Jun 2007 15:03:11 -0500
On Fri, 01 Jun 2007, in the Usenet newsgroup comp.os.linux.security, in article
<1180663203.045342.223890@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, Shidony wrote:
Not sure whether to post this topic here or on the Linux-Admin
forums. Here goes!
On the 15th of every month, there is a posting to the Usenet newsgroups
news.announce.newgroups, news.groups, and news.lists.misc with the
subject "List of Big Eight Newsgroups". It lists just 17 newsgroups
with the word Linux in the name:
[compton ~]$ zgrep linux ../big.8.list.05.15.07.gz | cut -f1 | column
comp.os.linux.advocacy comp.os.linux.misc
comp.os.linux.alpha comp.os.linux.networking
comp.os.linux.announce comp.os.linux.portable
comp.os.linux.answers comp.os.linux.powerpc
comp.os.linux.development.apps comp.os.linux.security
comp.os.linux.development.system comp.os.linux.setup
comp.os.linux.embedded comp.os.linux.x
comp.os.linux.hardware comp.os.linux.xbox
comp.os.linux.m68k
[compton ~]$
No admin group.
I have various pages on our company website whereby a user can
populate their information and email to us. Recently I have noticed a
lot of emails with similar data formatting as the web forms and it
appears to be coming from our web server. However, on some emails the
subject is different to what is hard coded in PHP.
Hopefully, you also have the mail services blocked such that mail from
this system is NEVER allowed to leave your local network - ideally, it
should all be sent to a single individual for vetting. PHP is _so_
easy to abuse.
So my question is, what security measures should I take to ensure that
only legitimate emails sent through the web forms come through and not
the ones filled out by bots? I highly doubt that a bot would be using
our forms since all the coding is in PHP and not visible to users.
I take it you aren't familiar with Bugtraq. PHP has been abused so often
that it's not even funny any more.
comp.infosystems.www.authoring.html Writing HTML for the Web.
comp.lang.php PHP, server side scripting.
There is also a 'comp.mail.sendmail', and there was a recent (last 15
days) about reducing the risk of being abused by brain-dead web page
scripting, but that group really isn't the place for this question.
That only leaves the possibility of insecure SMTP.
Sendmail when restricted as is normal in Linux installations doesn't
have that much of a problem. Invariably, it's some horrible coding
error on the web page.
BTW our web host is a Fedora Core 2 server with Sendmail 8.12.11 and
Apache 2.0.51 installed on it.
FC2 was end-of-life in May 2005, and the last backport errata available
on download.fedoralegacy.org was July 2006. There was a sendmail errata
(to 8.12.11-4.26.legacy) backported in March 2006, but PHP has been
updated no less than five times (the last being in July 2006) for security
problems and bug fixes. Subsequent errata have not been made available
for FC4 or older, and even FC5 is close to end-of-life.
Can anybody provide a link of best practices for securing linux
web/mail/dns servers that have a public presence?
While that comp.mail.sendmail thread (Subject: Tracking Spam hackers)
offered some help, the other two groups noted above are more likely to
useful. Is there any particular reason you are running an obsolete
version of Fedora (which is more an experimenters distribution which
therefore lacks long term support, than one of the commercial or
Enterprise distributions - even a GPL release of one) where it can be
seen from the Internet?
Old guy
.
- Follow-Ups:
- Re: Web server security
- From: Sylvain Robitaille
- Re: Web server security
- References:
- Web server security
- From: Shidony
- Web server security
- Prev by Date: Re: Web Server Security
- Next by Date: Re: Web server security
- Previous by thread: Re: Web Server Security
- Next by thread: Re: Web server security
- Index(es):
Relevant Pages
|
|
