Security Basics mailing list archives
Re: securing linux webserver?
From: Alejandro Flores <alejandro.flores () triforsec com br>
Date: Mon, 28 Feb 2005 20:01:05 -0300
Hey, Firstly, don't permit ROOT logins through ssh. Permit the minimum users possible to log in through ssh, using the directive AllowUsers. Don't use easy passwords, there's LOT's of zombie bots running ssh brute force attacks. If possible, change the default port of sshd, it will minimize the zombies knocking at your door. If possible, also specify what machines can log using ssh. AllowUsers nick () somehost somedomain com Try to use certificates instead of password authentication. Just some recommendations. Regards, Alejandro Flores
sorry to be so noob, A friend of mine set up a webserver: http://www.globalgamesearch.com problem is, he and I have no idea how to go about securing it; he started with SuSE Linux 9.1 with Apache 2.0, PHP 4.3.1, and MySQL out of the box and put it up. about half an hour ago, an intruder broke in, replaced SSHD with a back door, and pretty much screwed the system up. We're going to reinstall the system with minimal programs, extremely secure permissions and a basic firewall, but beyond that we have no clue what to do. Can anyone here please help me out on this? Thanks in advance for any help.
Current thread:
- securing linux webserver? Kurt Leum (Feb 28)
- Re: securing linux webserver? Alejandro Flores (Mar 01)
- Re: securing linux webserver? John Doe (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hamish Stanaway (Mar 03)
- Re: securing linux webserver? Eduardo Kienetz (Mar 01)
- Re: securing linux webserver? AragonX (Mar 02)
- Re: securing linux webserver? xyberpix (Mar 01)
- Re: securing linux webserver? Aman Raheja (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 01)
- Re: securing linux webserver? Marco (Mar 01)
- Re: securing linux webserver? Hecber Cordova (Mar 02)
- Re: securing linux webserver? David Glosser (Mar 03)
(Thread continues...)