Re: Spykids
From: The Doctor (doctor_at_doctor.nl2k.ab.ca)
Date: 07/28/05
- Previous message: The Doctor: "Re: Spykids"
- In reply to:(deleted message) Leythos: "Re: Spykids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Jul 2005 15:51:31 +0000 (UTC)
In article <MPG.1d52a8716b851357989a7c@news-server.columbus.rr.com>,
Leythos <void@nowhere.lan> wrote:
>In article <dc9d6p$53n$3@gallifrey.nk.ca>, doctor@doctor.nl2k.ab.ca
>says...
>> In article <MPG.1d52008b4f03a9a6989a7a@news-server.columbus.rr.com>,
>> Leythos <void@nowhere.lan> wrote:
>> >In article <dc8ti0$nld$2@gallifrey.nk.ca>, doctor@doctor.nl2k.ab.ca
>> >says...
>> >> SPykids is a known defacer of Web Site. How does one prevent them
>> >> from ever having access to Server or even a LAN?
>> >>
>> >> Customer complained:
>> >>
>> >> Spykids should not be able to get into our websites
>> >> regardless of whether they are
>> >> piggy-backing on a member or not. This has happened 2x so far.
>> >
>> >You need to learn how they are getting in, what measures you can do to
>> >block it and such.
>> >
>> >First, put the web server behind a dedicated firewall, not a NAT box, a
>> >firewall - only allow real HTTP or HTTPS sessions to it.
>> >
>> >Require users to have strong passwords, look it up if you don't know
>> >what that means.
>> >
>> >Block IP networks that don't need access to your web sites - as an
>> >example I block about 50 subnets in countries outside of our own and it
>> >cuts down on a lot of attempts.
>> >
>>
>> I am using pf via OpenBSD. What do I need to add?
>
>I don't use that combination, so I can't specifically state what you
>need to use, but, I have to ask:
>
>1) Is the firewall and web server the same machine?
> If so, bad idea, firewall should be a stripped down machine with
> minimal services and only the firewall application.
Firewall, the OpenBSD machine running pf, is ISOLATED!
>
>2) Did you secure Apache and the OS on the machine you use?
I am running BSD/OS 4.3.1 running current Apache.
Still my compile script looks like:
CC=/usr/bin/gcc CFLAGS="-Wall -DDEBUG -g -O9 -march=i686 " ./configure \
--enable-layout=BSDI\
--enable-v4-mapped \
--enable-maintainer-mode\
--enable-modules=most\
--enable-mods-shared=all\
--disable-optional-hook-export\
--disable-optional-hook-import\
--disable-optional-fn-export\
--disable-optional-fn-import\
--disable-ldap\
--disable-auth-ldap\
--disable-proxy\
--disable-proxy-connect\
--disable-proxy-ftp\
--disable-proxy-http\
--enable-auth-anon=shared\
--enable-auth-dbmi=shared\
--enable-auth-digest=shared\
--enable-file-cache=shared\
--enable-echo=shared\
--enable-charset-lite=shared\
--enable-cache=shared\
--enable-disk-cache=shared\
--enable-mem-cache=shared\
--enable-ext-filter=shared\
--enable-deflate=shared\
--enable-logio=shared\
--enable-mime-magic=shared\
--enable-cern-meta=shared\
--enable-expires=shared\
--enable-headers=shared\
--enable-usertrack=shared\
--enable-unique-id=shared\
--enable-ssl=shared\
--enable-bucketeer=shared\
--enable-static-support\
--enable-static-htpasswd\
--enable-static-htdigest\
--enable-static-rotatelogs\
--enable-static-logresolve\
--enable-static-htdbm\
--enable-static-ab\
--enable-static-checkgid\
--enable-http\
--enable-dav=shared\
--enable-info=shared\
--enable-suexec=shared\
--enable-cgi=shared\
--enable-cgid=shared\
--enable-dav-fs=shared\
--enable-vhost-alias=shared\
--enable-speling=shared\
--enable-rewrite=shared\
--enable-so\
--with-z=/usr\
--with-ssl=/usr/contrib\
--with-mpm=prefork\
--enable-nonportable-atomics=yes\
--with-suexec-bin=/usr/contrib/bin\
--with-suexec-caller=www\
--with-suexec-userdir=html\
--with-suexec-docroot=html\
--with-suexec-uidmin=100\
--with-suexec-gidmin=100\
--with-suexec-logfile=/var/log/httpd/suexec_log\
--with-suexec-safepath=/bin:/usr/bin://usr/contrib/bin\
--with-suexec-umask=022
>
>3) Does your site require user authentication?
In the one that got nailed, .htaccess
>
>I'm in the US and don't do business with foreign companies or need to
>provide access to our services from foreign hosts, so I block many
>subnets that seem to target our public IP addresses, here is my short
>list, it may not work for you.
>
>12.144.182.0/24
>12.45.203.0/24
>12.98.139.0/24
>155.48.106.0/24
>168.126.0.0/16
>172.184.111.203
>193.251.0.0/16
>193.252.0.0/16
>193.253.0.0/16
>195.174.0.0/16
>195.175.16.0/20
>195.58.124.0/24
>200.30.203.0/24
>202.88.186.0/24
>203.152.22.0/24
>205.251.79.0/24
>210.173.37.0/24
>210.201.153.0/24
>210.71.115.0/24
>211.54.40.0/25
>212.150.124.0/24
>212.18.57.0/24
>212.202.178.0/24
>212.27.32.0-212.27.63.255
>212.64.192.0-212.64.203.255
>212.64.223.160/29
>212.64.223.168/29
>212.9.7.0/24
>213.13.26.0/24
>213.144.176.0/24
>213.190.213.0/24
>213.228.7.0/24
>213.228.8.0/24
>216.184.97.0/24
>216.76.35.0/24
>217.118.224.0/24
>217.118.225.0/24
>217.118.239.0/24
>217.160.110.0/24
>218.164.28.0/24
>218.252.74.0/24
>218.67.128.0-218.69.255.255
>218.69.108.0/24
>218.69.148.0/24
>218.76.98.0/24
>219.212.4.0/24
>
>
>
>--
>
>spam999free@rrohio.com
>remove 999 in order to email me
-- Member - Liberal International This is doctor@nl2k.ab.ca Ici doctor@nl2k.ab.ca God Queen and country! Beware Anti-Christ rising! Better to serve in Heaven that to Rule in Hell.
- Previous message: The Doctor: "Re: Spykids"
- In reply to:(deleted message) Leythos: "Re: Spykids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
