|
-
January 2nd, 2004, 03:42 PM
#1
Security
Alright, now I know it is against alot of peoples beliefs here but please hear me out. I have just added apache with php and java and added some security but I am not sure how secure it is. So I am wondering if someone would be able to look at the page http://68.21.225.39 and just tell me if it is secure. I know nothing can be 100% secure unless you are unplugged from the internet but, I am hopeing someone can help me here. You can PM me or e-mail me.
Please!
Adiz
-
January 2nd, 2004, 03:57 PM
#2
Senior Member
just do a nessus scan against your self.
get nessus from www.nessus.org
-
January 2nd, 2004, 03:57 PM
#3
First of all, it's a blank page. 2nd of all, prove it's yours? 
A better method may be to explain what you have done, what versions of each are using, what you have done for security, and then ask what more can be done...just looking at it does nothing.
Asking for a response by email is selfish...we are all here to learn? Why should we be your personal pernetration and insecurity auditors? By doing it this way, you rob the rest of us of what may be helpful information.
-
January 2nd, 2004, 04:02 PM
#4
Senior Member
just a surgesstion but why don`t you put a little note on the homepage to prove it belongs to you.
First things first, you should have a good look at your firewall, i did a quick scan with nmap and i certainly wouldn`t be happy if it was my computer.
-
January 2nd, 2004, 04:47 PM
#5
OUCH!!! Not nice. You have waaaaaay too much stuff open. Also, you should look at Apache instead of IIS as the webserver.
Cheers,
cgkanchi
-
January 2nd, 2004, 05:53 PM
#6
Originally posted here by cgkanchi
OUCH!!! Not nice. You have waaaaaay too much stuff open. Also, you should look at Apache instead of IIS as the webserver.
Cheers,
cgkanchi
The server is actually running apache, not IIS.
Code:
$ echo -ne "GET \"http://68.21.225.39/\" HTTP/1.0\n\n" | nc 68.21.225.39 80
HTTP/1.1 404 Not Found
Date: Fri, 02 Jan 2004 16:55:14 GMT
Server: Apache/1.3.19 (Win32) mod_perl/1.24_01 PHP/4.0.4pl1 DAV/1.0.2 mod_ssl/2.8.1 OpenSSL/0.9.6
That being said, I very much doubt you'll get a lot of probing by asking us to just probe an address for you without any verification that its yours.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
January 2nd, 2004, 05:57 PM
#7
I heard this quote (or something like it) on AO - reportedly from JP:
Never portscan a computer without a written contract.
Just some food for thought.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
January 2nd, 2004, 09:15 PM
#8
I knew you guys would say that and rightly so, I would do the same thing if I was in your shoes. So, what would you like me to do to prove its mine?
Adiz
-
January 2nd, 2004, 09:51 PM
#9
Okay, so I'm back, and I would like to say thank you to "X" button for being to damn close to the [] button. Anyways, as I was saying...
just do a nessus scan against your self.
get nessus from www.nessus.org
nessusd (The Nessus Daemod) is only avaliable for *nix. Yes, there are Win32 clients for Nessus, but there is no offical Win32 daemon that I am aware of. There may be, however, a cygwin port of it, or there may be a Windows version. So either, you're probably going to need a *nix box to put the Daemon on, or, you can just do what I did, use a VMware station to run *nix, and put the daemon on there.
For those who are going "What the hell? He never said he was on Windows you hooker." Look at chsh's post.
Code:
$ echo -ne "GET \"http://68.21.225.39/\" HTTP/1.0\n\n" | nc 68.21.225.39 80
HTTP/1.1 404 Not Found
Date: Fri, 02 Jan 2004 16:55:14 GMT
Server: Apache/1.3.19 (Win32) mod_perl/1.24_01 PHP/4.0.4pl1 DAV/1.0.2 mod_ssl/2.8.1 OpenSSL/0.9.6
Now, with that said, there are other scanners that will check your open ports, and any vulns that may come along with it. A very good one, that a friend of mine told me about would be Retina (http://www.eeye.com/html/Products/Retina/) and LanGuard (http://www.gfi.com/languard/)
As for proving if it your IP address, I'm not really sure we could ever be sure for fact it is your IP without physical access to the computer. I can think of one way for you to prove it is your IP address, but then people will bitch and moan (does it ever stop? :-() about me advertising a small site) *coughsigcough*
I hope the scanners do you well.
Peace
MB
-
January 2nd, 2004, 10:55 PM
#10
Thanks God - Microburn I will definately try it thanks!
For all you wondering I am running on a windows based "machine" but I am using an Apache for my actual webserving.
Thanks,
Adiz
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
