Solved

howto prevent hacker access port 80

Posted on 2010-11-30
4
826 Views
Last Modified: 2012-05-10
Hi all,

Under /etc/httpd/log/ I found the following addresses trying to hack our web server through port 80, it is about 50 MB log file.

Example:
error_log:[Tue Nov 30 13:11:42 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin1
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin2
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/pma
error_log:[Tue Nov 30 13:11:44 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/xampp
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:46 2010] [client 173.201.28.49] File does not exist: /var/www/html/php-my-admin
error_log:[Tue Nov 30 13:11:47 2010] [client 173.201.28.49] File does not exist: /var/www/html/websql

what procedure shall I take to prevent this, it is too many ip address, do I need to block all of those, or just make sure password has  been set properly and prevent permission on important files.


0
Comment
Question by:rawandnet
4 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 34239825
You can ignore those .. as they are trying to find hole by using bot program.

or
You can use mod security .

its a free products to prevent your websites. very powerful.  
but there is a problem

i have seen if the site is badly programmed then it might blocked some good request .. but you can work on it to fix the rules

other then that

Yes. thats the only product i will go for Mod security.

0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
ID: 34240395
as said by fosiul install apache mod_security, generally patching the system, use the right user:group, turn off unwanted services, disable unused modules, tune server and apache,  hide httpd.conf, restrict access, firewall/dmz ....etc.

look @
http://httpd.apache.org/docs/2.2/misc/security_tips.html
http://www.linux-magazine.com/w3/issue/106/052-053_kurt.pdf
http://www.linux-magazine.com/w3/issue/96/038-041_webauth.pdf
http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/

i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/  to scan all my web application as vulnerability checkers.
0
 
LVL 15

Expert Comment

by:samri
ID: 34248654
another option to look at would be OSSEC which should take care of the whole OS.

http://www.ossec.net/

modsecurity is a way to go (imho) for apache alone.
0
 

Author Closing Comment

by:rawandnet
ID: 34291057
thanks for your advice
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Granting a new employee access to Ubuntu Server 9 119
How to analyze web traffic logs 10 90
SFTP and RSync on RHEL 7 1 66
phpPgAdmin problem 14 70
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now