WebServer and Firewall Help
John Mason Jr
john.mason.jr at cox.net
Tue Feb 8 16:39:39 UTC 2011
On 2/8/2011 7:21 AM, William Warren wrote:
> On 2/7/2011 1:23 PM, Joshua William Klubi wrote:
>> Hi,
>>
>> I run a web-server based on ubuntu server and the LAMP stack.
>> I used Ubuntu's UFW firewall model and have enabled only Web and SSH
>> ports.
>> Namely port 80 and port 22 only.
>>
>> Unfortunately once a while some guys get to inject some content onto
>> our web
>> pages.
>>
>> Now managements are looking at getting a well proven infrastructure to
>> counter that.
>> But I also think i can fall on this community to help me get the
>> right stuff
>> done. Where
>> i can protect the server from such attack.
>>
>>
>> I want to know what measure i can do on the server to get it
>> protected which
>> mysql protection
>> I should implement. since i can see that it might be a php or mysql
>> injection that is been used.
>>
>> Currently I run these security measures on it.
>> Ubuntu UFW
>> Fail2ban
>> PHP model security
>> Apache security
>>
>> Joshua
> the problem may not be your operating system but the web application
> running. what web application/s are on that box?
>
>
>
Might also take a look at
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
John
More information about the NANOG
mailing list