Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Security

  1. #1
    Senior Member
    Join Date
    Aug 2003
    Posts
    300

    Security

    Alright, now I know it is against alot of peoples beliefs here but please hear me out. I have just added apache with php and java and added some security but I am not sure how secure it is. So I am wondering if someone would be able to look at the page http://68.21.225.39 and just tell me if it is secure. I know nothing can be 100% secure unless you are unplugged from the internet but, I am hopeing someone can help me here. You can PM me or e-mail me.

    Please!

    Adiz

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    just do a nessus scan against your self.
    get nessus from www.nessus.org

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    First of all, it's a blank page. 2nd of all, prove it's yours?

    A better method may be to explain what you have done, what versions of each are using, what you have done for security, and then ask what more can be done...just looking at it does nothing.

    Asking for a response by email is selfish...we are all here to learn? Why should we be your personal pernetration and insecurity auditors? By doing it this way, you rob the rest of us of what may be helpful information.

  4. #4
    Senior Member
    Join Date
    Dec 2002
    Posts
    134
    just a surgesstion but why don`t you put a little note on the homepage to prove it belongs to you.
    First things first, you should have a good look at your firewall, i did a quick scan with nmap and i certainly wouldn`t be happy if it was my computer.

  5. #5
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    OUCH!!! Not nice. You have waaaaaay too much stuff open. Also, you should look at Apache instead of IIS as the webserver.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by cgkanchi
    OUCH!!! Not nice. You have waaaaaay too much stuff open. Also, you should look at Apache instead of IIS as the webserver.
    Cheers,
    cgkanchi
    The server is actually running apache, not IIS.

    Code:
    $ echo -ne "GET \"http://68.21.225.39/\" HTTP/1.0\n\n" | nc 68.21.225.39 80
    HTTP/1.1 404 Not Found
    Date: Fri, 02 Jan 2004 16:55:14 GMT
    Server: Apache/1.3.19 (Win32) mod_perl/1.24_01 PHP/4.0.4pl1 DAV/1.0.2 mod_ssl/2.8.1 OpenSSL/0.9.6
    That being said, I very much doubt you'll get a lot of probing by asking us to just probe an address for you without any verification that its yours.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  7. #7
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,021
    I heard this quote (or something like it) on AO - reportedly from JP:

    Never portscan a computer without a written contract.

    Just some food for thought.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    I knew you guys would say that and rightly so, I would do the same thing if I was in your shoes. So, what would you like me to do to prove its mine?


    Adiz

  9. #9
    Developer Extraordinar
    Join Date
    Jul 2002
    Location
    On the IRC
    Posts
    572
    Okay, so I'm back, and I would like to say thank you to "X" button for being to damn close to the [] button. Anyways, as I was saying...
    just do a nessus scan against your self.
    get nessus from www.nessus.org
    nessusd (The Nessus Daemod) is only avaliable for *nix. Yes, there are Win32 clients for Nessus, but there is no offical Win32 daemon that I am aware of. There may be, however, a cygwin port of it, or there may be a Windows version. So either, you're probably going to need a *nix box to put the Daemon on, or, you can just do what I did, use a VMware station to run *nix, and put the daemon on there.

    For those who are going "What the hell? He never said he was on Windows you hooker." Look at chsh's post.

    Code:
    $ echo -ne "GET \"http://68.21.225.39/\" HTTP/1.0\n\n" | nc 68.21.225.39 80
    HTTP/1.1 404 Not Found
    Date: Fri, 02 Jan 2004 16:55:14 GMT
    Server: Apache/1.3.19 (Win32) mod_perl/1.24_01 PHP/4.0.4pl1 DAV/1.0.2 mod_ssl/2.8.1 OpenSSL/0.9.6
    Now, with that said, there are other scanners that will check your open ports, and any vulns that may come along with it. A very good one, that a friend of mine told me about would be Retina (http://www.eeye.com/html/Products/Retina/) and LanGuard (http://www.gfi.com/languard/)

    As for proving if it your IP address, I'm not really sure we could ever be sure for fact it is your IP without physical access to the computer. I can think of one way for you to prove it is your IP address, but then people will bitch and moan (does it ever stop? :-() about me advertising a small site) *coughsigcough*

    I hope the scanners do you well.

    Peace

    MB

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    Thanks God - Microburn I will definately try it thanks!

    For all you wondering I am running on a windows based "machine" but I am using an Apache for my actual webserving.



    Thanks,

    Adiz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •