Solved

howto prevent hacker access port 80

Posted on 2010-11-30
4
840 Views
Last Modified: 2012-05-10
Hi all,

Under /etc/httpd/log/ I found the following addresses trying to hack our web server through port 80, it is about 50 MB log file.

Example:
error_log:[Tue Nov 30 13:11:42 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin1
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin2
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/pma
error_log:[Tue Nov 30 13:11:44 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/xampp
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:46 2010] [client 173.201.28.49] File does not exist: /var/www/html/php-my-admin
error_log:[Tue Nov 30 13:11:47 2010] [client 173.201.28.49] File does not exist: /var/www/html/websql

what procedure shall I take to prevent this, it is too many ip address, do I need to block all of those, or just make sure password has  been set properly and prevent permission on important files.


0
Comment
Question by:rawandnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 250 total points
ID: 34239825
You can ignore those .. as they are trying to find hole by using bot program.

or
You can use mod security .

its a free products to prevent your websites. very powerful.  
but there is a problem

i have seen if the site is badly programmed then it might blocked some good request .. but you can work on it to fix the rules

other then that

Yes. thats the only product i will go for Mod security.

0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
ID: 34240395
as said by fosiul install apache mod_security, generally patching the system, use the right user:group, turn off unwanted services, disable unused modules, tune server and apache,  hide httpd.conf, restrict access, firewall/dmz ....etc.

look @
http://httpd.apache.org/docs/2.2/misc/security_tips.html
http://www.linux-magazine.com/w3/issue/106/052-053_kurt.pdf
http://www.linux-magazine.com/w3/issue/96/038-041_webauth.pdf
http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/

i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/  to scan all my web application as vulnerability checkers.
0
 
LVL 15

Expert Comment

by:samri
ID: 34248654
another option to look at would be OSSEC which should take care of the whole OS.

http://www.ossec.net/

modsecurity is a way to go (imho) for apache alone.
0
 

Author Closing Comment

by:rawandnet
ID: 34291057
thanks for your advice
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question