Re: securing linux webserver?

[Alejandro Flores <alejandro.flores () triforsec com br>]

Hey,

Firstly, don't permit ROOT logins through ssh. Permit the minimum users
possible to log in through ssh, using the directive AllowUsers. Don't
use easy passwords, there's LOT's of zombie bots running ssh brute force
attacks. If possible, change the default port of sshd, it will minimize
the zombies knocking at your door.
If possible, also specify what machines can log using ssh. AllowUsers
nick () somehost somedomain com
Try to use certificates instead of password authentication.

Just some recommendations.

Regards,
Alejandro Flores

> sorry to be so noob,
>
> A friend of mine set up a webserver:
> http://www.globalgamesearch.com
> problem is, he and I have no idea how to go about
> securing it;
> he started with SuSE Linux 9.1 with Apache 2.0, PHP
> 4.3.1, and MySQL out of the box and put it up.
>
> about half an hour ago, an intruder broke in, replaced
> SSHD with a back door, and pretty much screwed the
> system up.
>
> We're going to reinstall the system with minimal
> programs, extremely secure permissions and a basic
> firewall, but beyond that we have no clue what to do. 
> Can anyone here please help me out on this? 
> Thanks in advance for any help.