Solved

howto prevent hacker access port 80

Posted on 2010-11-30
4
828 Views
Last Modified: 2012-05-10
Hi all,

Under /etc/httpd/log/ I found the following addresses trying to hack our web server through port 80, it is about 50 MB log file.

Example:
error_log:[Tue Nov 30 13:11:42 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin1
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin2
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/pma
error_log:[Tue Nov 30 13:11:44 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/xampp
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:46 2010] [client 173.201.28.49] File does not exist: /var/www/html/php-my-admin
error_log:[Tue Nov 30 13:11:47 2010] [client 173.201.28.49] File does not exist: /var/www/html/websql

what procedure shall I take to prevent this, it is too many ip address, do I need to block all of those, or just make sure password has  been set properly and prevent permission on important files.


0
Comment
Question by:rawandnet
4 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 34239825
You can ignore those .. as they are trying to find hole by using bot program.

or
You can use mod security .

its a free products to prevent your websites. very powerful.  
but there is a problem

i have seen if the site is badly programmed then it might blocked some good request .. but you can work on it to fix the rules

other then that

Yes. thats the only product i will go for Mod security.

0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
ID: 34240395
as said by fosiul install apache mod_security, generally patching the system, use the right user:group, turn off unwanted services, disable unused modules, tune server and apache,  hide httpd.conf, restrict access, firewall/dmz ....etc.

look @
http://httpd.apache.org/docs/2.2/misc/security_tips.html
http://www.linux-magazine.com/w3/issue/106/052-053_kurt.pdf
http://www.linux-magazine.com/w3/issue/96/038-041_webauth.pdf
http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/

i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/  to scan all my web application as vulnerability checkers.
0
 
LVL 15

Expert Comment

by:samri
ID: 34248654
another option to look at would be OSSEC which should take care of the whole OS.

http://www.ossec.net/

modsecurity is a way to go (imho) for apache alone.
0
 

Author Closing Comment

by:rawandnet
ID: 34291057
thanks for your advice
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server specifications for web hosting 7 90
XAMPP 14 42
whm high memory usage in processes 7 69
PHP_POST() error message 9 40
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now