Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

howto prevent hacker access port 80

Posted on 2010-11-30
4
Medium Priority
?
841 Views
Last Modified: 2012-05-10
Hi all,

Under /etc/httpd/log/ I found the following addresses trying to hack our web server through port 80, it is about 50 MB log file.

Example:
error_log:[Tue Nov 30 13:11:42 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin1
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/phpmyadmin2
error_log:[Tue Nov 30 13:11:43 2010] [client 173.201.28.49] File does not exist: /var/www/html/pma
error_log:[Tue Nov 30 13:11:44 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/xampp
error_log:[Tue Nov 30 13:11:45 2010] [client 173.201.28.49] File does not exist: /var/www/html/web
error_log:[Tue Nov 30 13:11:46 2010] [client 173.201.28.49] File does not exist: /var/www/html/php-my-admin
error_log:[Tue Nov 30 13:11:47 2010] [client 173.201.28.49] File does not exist: /var/www/html/websql

what procedure shall I take to prevent this, it is too many ip address, do I need to block all of those, or just make sure password has  been set properly and prevent permission on important files.


0
Comment
Question by:rawandnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 29

Accepted Solution

by:
fosiul01 earned 1000 total points
ID: 34239825
You can ignore those .. as they are trying to find hole by using bot program.

or
You can use mod security .

its a free products to prevent your websites. very powerful.  
but there is a problem

i have seen if the site is badly programmed then it might blocked some good request .. but you can work on it to fix the rules

other then that

Yes. thats the only product i will go for Mod security.

0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1000 total points
ID: 34240395
as said by fosiul install apache mod_security, generally patching the system, use the right user:group, turn off unwanted services, disable unused modules, tune server and apache,  hide httpd.conf, restrict access, firewall/dmz ....etc.

look @
http://httpd.apache.org/docs/2.2/misc/security_tips.html
http://www.linux-magazine.com/w3/issue/106/052-053_kurt.pdf
http://www.linux-magazine.com/w3/issue/96/038-041_webauth.pdf
http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html
http://www.modsecurity.org/

i use ex. watchfile now IBM aapscan tools http://www-01.ibm.com/software/rational/offerings/websecurity/  to scan all my web application as vulnerability checkers.
0
 
LVL 15

Expert Comment

by:samri
ID: 34248654
another option to look at would be OSSEC which should take care of the whole OS.

http://www.ossec.net/

modsecurity is a way to go (imho) for apache alone.
0
 

Author Closing Comment

by:rawandnet
ID: 34291057
thanks for your advice
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question