Solved

howto prevent hacker access port 80

Posted on 2010-11-30
4
836 Views
Last Modified: 2012-05-10
Hi all,

Under /etc/httpd/log/ I found the following addresses trying to hack our web server through port 80, it is about 50 MB log file.

Example:
error_log:[Tue Nov 30 13:11:42 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin1
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin2
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/pma
error_log:[Tue Nov 30 13:11:44 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/xampp
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:46 2010] [client 173.201.28.49] File does not exist: /var/www/html/php-my-admin
error_log:[Tue Nov 30 13:11:47 2010] [client 173.201.28.49] File does not exist: /var/www/html/websql

what procedure shall I take to prevent this, it is too many ip address, do I need to block all of those, or just make sure password has  been set properly and prevent permission on important files.


0
Comment
Question by:rawandnet
4 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 34239825
You can ignore those .. as they are trying to find hole by using bot program.

or
You can use mod security .

its a free products to prevent your websites. very powerful.  
but there is a problem

i have seen if the site is badly programmed then it might blocked some good request .. but you can work on it to fix the rules

other then that

Yes. thats the only product i will go for Mod security.

0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
ID: 34240395
as said by fosiul install apache mod_security, generally patching the system, use the right user:group, turn off unwanted services, disable unused modules, tune server and apache,  hide httpd.conf, restrict access, firewall/dmz ....etc.

look @
http://httpd.apache.org/docs/2.2/misc/security_tips.html
http://www.linux-magazine.com/w3/issue/106/052-053_kurt.pdf
http://www.linux-magazine.com/w3/issue/96/038-041_webauth.pdf
http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/

i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/  to scan all my web application as vulnerability checkers.
0
 
LVL 15

Expert Comment

by:samri
ID: 34248654
another option to look at would be OSSEC which should take care of the whole OS.

http://www.ossec.net/

modsecurity is a way to go (imho) for apache alone.
0
 

Author Closing Comment

by:rawandnet
ID: 34291057
thanks for your advice
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question