NEW web server
Results 1 to 9 of 9

Thread: NEW web server

  1. #1
    Banned
    Join Date
    Jul 2005
    Posts
    36

    Arrow NEW web server

    hi guys
    i have a new website. what are the thingz i need to do to keep safe enough????
    help me please

  2. #2
    Banned
    Join Date
    May 2005
    Posts
    173
    burp... update, backup, audit, review results, repeat?

  3. #3
    Banned
    Join Date
    Jul 2005
    Posts
    36
    what settings do i need to change so that regular loopholes are covered

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    update...patch...reboot....repeat.


    then backups....


    how can you possibly expect mor einfo than that without details...you have a website, good for you. Are you hosting it? or do you have a host? is it their server? is the server a winxp box on your bedroom floor? details.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #5
    Banned
    Join Date
    Jul 2005
    Posts
    36
    its an apache, i'm hosting it, linux

  6. #6
    Banned
    Join Date
    Jul 2005
    Posts
    511
    If you want to keep it 100% safe and secure, disconnect it from the Internet. Otherwise, accept the risk that your security might be broken one day, so you will have to keep a regular eye on that system to check for weird irregularities. Don't use automated tools to do the checking, since even those tools might get fooled by some hacker.
    In other words, how paranoid do you want to be? There's always a small risk anyway. So main setting? Turn your "Common Sense" on.

  7. #7
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    The biggest trouble I've seen with a well up to date linux and apache.. is the php stuff people put on it..

    Webmail (squirrelmail) and forum software (phpbb) only one version older then the latest might open you up to mass mailing or irc spamming worms..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    WHat distribution are you running? Then google web server hardening + yourdistribution.

    thats a good start.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    As with any server, step one is to harden the operating system and application software. Install all available patches, and disable all non-essential services. Also, make sure that the password for root is as complex as you can feasably make it. I would also recommend that the server is situated behind a firewall, but that's just plain old common sense these days.

    I typically like to situate my webservers behind a seperate firewall than the one that I use for internet access, on the gateway's DMZ port. That way I can be a little more granular with the firewall rules, and not affect the useability of the corporate LAN. Also, I like to run a promiscuous mode sniffer as an IDS, like snort, on the DMZ, just to see what kind of traffic is occuring and to spot suspicious activity.

    For example, If all you have is a plain jane webserver running no additional services, such as email or ftp, and you see traffic destined to your server on non-http or https ports, this could indicate an intrusion attempt. A host based IDS is a start, but a determined cracker can defeat such countermeasures (or any that are put in place for that matter...which is why we as security admins must remain dilligent).

    Also, as a webserver is a publicly accessable system, the log files should be remotely stored on a syslog server for security reasons, because when the webserver is compromised, nothing that resides on that system can be trusted for anything. (I say when because it is only a matter of time before it happens...you should expect that one day, despite your determined efforts and hard work, that system will be hacked.) The Honeynet project has excellent details on how to accomplish this, among other interesting security methods.

    I would also recommend visiting some other security related sites, such as Security Focus, and pick up a good book like Hacking Linux Exposed to use as a starting point.

    Also, Google the topic and learn more...learn, learn, learn...never stop.

    kr5kernel and Katja: great minds think alike! The majority of system security is to excercise common sense and sound judgement. Basic hardening is likewise just common sense.

    Sorry for the lengthy post...security may be mostly common sense, but it is also a complex subject.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides