Hi, I run a web-server based on ubuntu server and the LAMP stack. I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports. Namely port 80 and port 22 only. Unfortunately once a while some guys get to inject some content onto our web pages. Now managements are looking at getting a well proven infrastructure to counter that. But I also think i can fall on this community to help me get the right stuff done. Where i can protect the server from such attack. I want to know what measure i can do on the server to get it protected which mysql protection I should implement. since i can see that it might be a php or mysql injection that is been used. Currently I run these security measures on it. Ubuntu UFW Fail2ban PHP model security Apache security Joshua
On Feb 7, 2011, at 1:18 PM, Joshua William Klubi wrote:
Hi,
I run a web-server based on ubuntu server and the LAMP stack. I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports. Namely port 80 and port 22 only.
Unfortunately once a while some guys get to inject some content onto our web pages.
Now managements are looking at getting a well proven infrastructure to counter that. But I also think i can fall on this community to help me get the right stuff done. Where i can protect the server from such attack.
I want to know what measure i can do on the server to get it protected which mysql protection I should implement. since i can see that it might be a php or mysql injection that is been used.
Currently I run these security measures on it. Ubuntu UFW Fail2ban PHP model security Apache security
Josh Patch your lamps , collab env, builtin boards and everything, make sure mySQL has a password on it since it doesn't out of the box, also update all passwords to hard ones and change all updates in the future to not use ftp first. Close firewall ports you are not useing and then check your logs to see what vulnerabilities you still have if any. Tom
If you're getting SQL injections through your website, then you have to look at the programming of your website. It has nothing to do with your firewall. Definitely patch and update all your software running LAMP, but also have to check how you allow input on your websites.....
Subject: Re: Web Server and Firewall Hellp From: tshaw@oitc.com Date: Mon, 7 Feb 2011 13:26:39 -0500 To: joshua.klubi@gmail.com CC: nanog@nanog.org
On Feb 7, 2011, at 1:18 PM, Joshua William Klubi wrote:
Hi,
I run a web-server based on ubuntu server and the LAMP stack. I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports. Namely port 80 and port 22 only.
Unfortunately once a while some guys get to inject some content onto our web pages.
Now managements are looking at getting a well proven infrastructure to counter that. But I also think i can fall on this community to help me get the right stuff done. Where i can protect the server from such attack.
I want to know what measure i can do on the server to get it protected which mysql protection I should implement. since i can see that it might be a php or mysql injection that is been used.
Currently I run these security measures on it. Ubuntu UFW Fail2ban PHP model security Apache security
Josh
Patch your lamps , collab env, builtin boards and everything, make sure mySQL has a password on it since it doesn't out of the box, also update all passwords to hard ones and change all updates in the future to not use ftp first. Close firewall ports you are not useing and then check your logs to see what vulnerabilities you still have if any.
Tom
I run a web-server based on ubuntu server and the LAMP stack. I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports. Namely port 80 and port 22 only.
Unfortunately once a while some guys get to inject some content onto our web pages.
Now managements are looking at getting a well proven infrastructure to counter that. But I also think i can fall on this community to help me get the right stuff done. Where i can protect the server from such attack.
I want to know what measure i can do on the server to get it protected which mysql protection I should implement. since i can see that it might be a php or mysql injection that is been used.
Currently I run these security measures on it. Ubuntu UFW Fail2ban PHP model security Apache security
have a look at mod_security, helps very successfull against outdated, exploitable user webpages. mod_security ist a layer 7 firewall wich runs as a apache module. Kind regards, Ingo Flaschberger
participants (4)
-
Brandon Kim -
Ingo Flaschberger -
Joshua William Klubi -
TR Shaw