Server :: How To Protect Website From Such Attach And Similar
Jan 19, 2011
Today I've found several attempt to access the following url on my website: [URL] After googleing a bit it seems that in some cases, using this attack, the bag guy is able to change the code in some of your files. it also seems to affect only a certain version of oScommerce. I don't use oScommerce, so I do believe that I'm on the safe side, but it's not the first time that I see some similar attempt of attack on my website. So to protect my self I was wondering if using .htaccess restriction would be enough?
Code:
########## Begin - Rewrite rules to block out some common exploits
#
RewriteEngine on
Options +FollowSymLinks
[code]....
But I do think that these rewrite string are more specificity write to protect oScommerce site. how to protect my web site from such attach and similar?
View 5 Replies
ADVERTISEMENT
Dec 19, 2010
So I am (excitedly frustrated) 3-4 months from the first working install of my linux server. So I am setting up a team to work on the server, I have a couple questions. first what the server will do.The server will host icecast (internet broadcasting program similar to shoutcast), podcast versions of said shows, and a website.
1. Will icecast or similar interfere with normal hosting of the website (though they are coming from the same server I believe its broadcasted on different ports so I imagine not)
2. Should I use a seperate server to store the mp3's or is it ok to keep them where on the same machine ( I would like to keep them on the same machine, logicly I would think it would cut down on load time)
3. I am worried about server maintaince in the way of hackers n such as well as hardware and software, memory usuage, bandwidth is there a checklist and maybe a way to automate this.
I should clarify, I know how to tell schedule a task but what if I need it in perverbial safe mode (yay windows) and I can't be there for it to happen and when its finished return to work as usual by its self.
4. I was thinking my content (file) manager, server maintainer, and I would have access to wlan when we can't physically be there, is this safe? Can I make it safer? What about ftp for my webdesigners and podcasters?
5. I started having doubt about myself using linux (ubuntu server) because for cost saving I am sacrificing a gui as well as general knowledge. I have previously installed and got working a server in linux before but I don't know what hole I could have possibly left open. Question would it be better and easier to use someone else to host my site for me such as amazon or o-f.com or should I keep going with linux, or buy windows server?
View 3 Replies
View Related
Jul 8, 2011
My brother and I currently use a shared server, we both connect via SSH. I store files (via SFTP) on it as I only normally use a laptop. He uses to host his own personal files and also a public website promoting his photography business. I am interested in cryptography and security and have restricted our SSH connections to require keys and use encfs to encrypt my personal folder. Comments on this are welcome.
I am struggling to work out how to protect his home folder without preventing access to his site. Normal methods prevent access entirely or require the web browser to enter a password (no good for promotion). I would like to prevent both alien users and myself from accessing his home folder but still allow his website to be functional from within this area of restricted access. Both the site and his personal files need to be protected.
View 2 Replies
View Related
Aug 4, 2011
I have a question about NFS and CentOS 6.0. Here is the environment: Server running VMware's esxi 3.5 (Fully patched) 10.1.1.50 Server running CentOS 5.5 with NFS. 10.1.1.51 With the systems in the above config everything is working fine. Install a new hard drive in the CentOS server and install CentOS 6.0. Use the same IP 10.1.1.51. Configure NFS, the VM server can't attach to the NFS share.
Here is the config of the NFS server:
Firewall Disabled
SELinux Disabled
NFS installed and running.
NFS-Utils installed.
Contents of /etc/exports
[Code]...
I have confirmed I can telnet to the ports listed. Any clue why the setup with CentOS 6.0 doesn't work? Is this a NFS4 vs. NFS3 thing? Is there a way to force CentOS to use NFS3? I am pretty sure the CentOS 5.5 server is using NFS4.
View 3 Replies
View Related
Jul 27, 2011
I am using postfix as spam Mailscanner to protect my mail server running sendmail. The problem is that when I forward an email from MailScanner mail me back with the following error:
<postmaster@localhost.@mydomain.com.>... Real domain name required for sender address (in reply to MAIL FROM command))
Jul 27 13:15:59 smtp postfix/local[28465]: C68AC1000001: to=<root@smtp.mydomain.com>,
[code]....
View 1 Replies
View Related
Jun 10, 2011
I cant seem to select a file on a server on my LAN to attach to a mail
View 1 Replies
View Related
May 20, 2010
I am facing problem on my Linux server, those runing php sites, most of the time hacker upload file in my website and take the control, and hack the sites, shoot the thousands of mail etc
View 7 Replies
View Related
Mar 11, 2010
I just want to know is it possible to protect our kernel through password. If i have three kernels and i want to protect it through kernel so any one without providing the correct password could not be able to boot from that kernel.
View 1 Replies
View Related
Dec 21, 2010
I have just configured Centos 5.5 LocalMailServer with fetchmail and sendmail , Proxy with Squid and FileServer with samba. Now my concern is security.. How can i protect my server with outside attack. Will I need to block some ports or I need special tools or script so no one from outside can attack my machine. My machine is working on intranet with local ip only.. No web server or static ip exists. Machine is connected with ADSL router to access internet.
View 5 Replies
View Related
Apr 1, 2011
I run a small website, and the customers need to contact me from our website,and I run sendmail, but I get lots of spam, they use my sendmail to send spam, here is the ps aux: all those url are spam url, and slow my vps down.I believe I need to use SMTP to accept connect so that my customers can contact us from our website, (plz correct me if i'm wrong..I'm new to those stuff..)by the way, we did not need to receive any email from the sendmail server,
View 2 Replies
View Related
Jun 27, 2011
To Protect Web Page Directories With Passwords i have done the below configuration but the problem is when i click the linux it is not asking username and password,
Created new account for logging into web interface:
htpasswd -c /etc/httpd/conf/.htpasswd travelkarega
Created a file name .htaccess in /opt/apps/deploy/websites/travelkarega/html/
vi .htaccess
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Please enter password"
AuthType Basic
<Limit GET POST>
require user travelkarega
</Limit>
Added these above entries in the file .htaccess
View 1 Replies
View Related
Apr 10, 2010
Im running apache2 on a debian webserver and i was wondering how i can password protect a folder in my www directory when someone try to access it from the web.
View 1 Replies
View Related
Nov 24, 2010
I was looking for a way to protect my samba server for limiting access to certain domains.Can I use the parameterhosts allow = example.comor something like that or is there another way to do the job for domains
View 4 Replies
View Related
Jun 15, 2011
I want protect my server from syn attack
My server Linux - Cantos 5.6.
View 8 Replies
View Related
Aug 21, 2009
I've got a home server running Ubuntu Server 9.04 and several machines running Ubuntu Desktop (9.04 and 8.04) and Windows (XP, Vista and 7). Now what I want to do is to create a domain and directory server similar in function to Windows Server w/ AD and join my other machines to the domain, but am not sure where to start. I already have file shares with Samba but now I want to setup a domain.
View 3 Replies
View Related
Jul 23, 2010
I am returning to Linux after falling of the Wagon to Microsoft land. Would like to go back to developing on a GNU collaboration package - very mutch like cobalt cube. Can anyone make a suggestion as to a package, app, or appliance. Would consider packaged hardware with software. I heard a freind mention Pogo.
Web based Email
Password protected groups w/private HTML/XML
Threaded discussions private and public
Administrative functions user administration
Perl/ CGI scripting support
[Code]...
View 1 Replies
View Related
Sep 22, 2011
I'm experimenting with CentOS DS and have a question.Is it possible to attach windows xp machines to a CentOS DS? If so, how?!I think I've skimmed most of the documentation out there. Did I miss something? Is this not what the DS was designed to do?
View 4 Replies
View Related
Aug 16, 2011
I have an Ubuntu Desktop 11.04 virtual machine using VirtualBox on my Windows 7 system.
Up until now I have been doing all my development within the Ubuntu environment but unfortunately, I don't like it. I want to move back to Windows, which is much more familiar to me but I would still like to access the virtual box like a virtual server as it is already set up with Apache, PHP, Pear, Git etc...
How can I make the two work in harmony? I essentially want to be able to start the VM and connect to it as if it was a server machine somewhere on my network, without having to actually buy another machine to put on my network.
View 3 Replies
View Related
Jan 25, 2011
I am looking for a command line utility like ping that can use for checking appropriate services on a server . I do not want do any port scan . I just want to use it for checking apache , mail,ftp and other services on a server if they are running or down.
View 3 Replies
View Related
May 24, 2010
We have Nagios running on a server, and are installing NRPE as a daemon on web servers we need to monitor. I'm two servers in and have hit a small snag. The two servers we're currently trying to monitor are, to the best of our knowledge, very similar (Centos 5.4, Apache, MySQL, PHP etc etc), and the installations of NRPE on them should be the same. One is being monitored just fine, however we can't check on the other one without including the -n switch (to disable SSL) in the check_nrpe call. If we don't, however, the error we get is, "CHECK_NRPE: Socket timeout after 10 seconds.". In /var/log/messages on the machine that fails we see:
May 24 17:23:49 ourserver xinetd[23583]: START: nrpe pid=27932 from=123.123.123.123
May 24 17:23:59 ourserver nrpe[27932]: Could not read request from client, bailing out...
May 24 17:23:59 ourserver xinetd[23583]: EXIT: nrpe status=0 pid=27932 duration=10(sec)
The only kind of related thing I can think of that's different between the two machines is that one (the one that works) has actually had an SSL certificate installed on it, for the site it hosts.
View 2 Replies
View Related
Feb 2, 2011
I try to config my apache server to list all my files: c/c++, php, java files, like the txt file on my server,
e.g /var/www/mydomain/pub
i want to dump all my c/c++, php, java file under the pub directory and I can access it from my domain name,
if I dump txt file, I have no problem to view it, but when I dump c/c++ or php files under pub directory, then I can't view it like regular txt file,
Q: is there anyway I can configure my apache server to view all the c/C++, php, java file as like txt file?
View 1 Replies
View Related
Feb 23, 2011
config my apache server to list all my files: c/c++, php, java files, like the txt file on my server, e.g /var/www/mydomain/pub i want to dump all my c/c++, php, java file under the pub directory and I can access it from my domain name, if I dump txt file, I have no problem to view it, but when I dump c/c++ or php files under pub directory, then I can't view it like regular txt file, Q: is there anyway I can configure my apache server to view all the c/C++, php, java file as like txt file?
View 1 Replies
View Related
Dec 4, 2010
I've got a Joomla website made for me. It is hosted with a hosting company. Here and there i change some of its content, but i want to practice it locally on my computer before i do bigger things on the web, so that if things get into a serious problem it is close at hand to fix it up. I've installed apache2 php5-mysql libapache2-mod-php5 mysql-server on my Ubuntu 10.04 desktop. also, I've installed Joomla up and running.
My question is: how do i transport/copy my website from the web into my computer?
I know that I need to transfer the database, where do i put it in my local file system, and what additional commands are required for that?
I know that I need to transfer the public_html, where do i put it in my local file system, and what additional commands are required for that?
View 7 Replies
View Related
Jul 22, 2011
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies
View Related
Mar 29, 2011
suppose i have a website named www.site.net now i want to access this website using proxy server(squid,or etc...) under my personal server named www.anotherwebsite.net:8080, means that www.site.net.
View 1 Replies
View Related
Jan 26, 2010
I have a debian machine with an apache2 webserver. I am able to start the machine from the internet (power plug board with webinterface) but I don't know how to shutdown the server automatically if nobody uses the website anymore. It is a homeserver which should only run if needed.
Unfortunately I don't know much about Linux, apache, php, cgi-scripts, cronjobs and other things that might be useful. But I googled a lot and have now an idea how it could work. It seems complicated to me and so I want to ask you guys what you think about it and if perhaps you could give me a hint.
The idea: A cronjob starts every ten minutes a php script that checks when the index.html of the welcome-page was opened the last time (fileatime()). Lets say it was opened last time at 3pm. Then the php script adds for example 60 minutes to that time (=4pm) and calculates how much time is left to 4pm. This time is saved in the variable $timeleft. Now the php script compares if $timeleft is less then 10 minutes (=600 seconds). If it is, the php script starts a cgi script that will shutdown the server. The cgi script will login as root (I think that can be done with the "expect"-command url and then enter the command "shutdown -h now"
Is all this realizable? Isn't there a better and/or easier way to do?
View 2 Replies
View Related
Oct 25, 2010
How can I view server signature on my website.
View 7 Replies
View Related
Aug 15, 2010
I'm just asking about a script (ex, bash script) that will let me know how many requests to each website on the server? So is there a way to get know from shell how many requests or connections to each web site on the server, in order to determine which website is under flood or DoS/DDoS attack.
View 14 Replies
View Related
Jan 9, 2011
i am using rhe5.4 , in this how to block the particular website ?
View 2 Replies
View Related
Feb 17, 2011
I'm running Ubuntu 10.04 with apache, rails, mysql, etc. My rails site is running at www.example.com. I'm intending to use named-based virtual hosting and I have a virtual hosts file configured/enabled for www.example.com. My site is hosted on Amazon EC2.
The problem is that if I set up a new DNS record -- say test.example.com -- and browse to that, my site www.example.com is served up! That's without configuring any new virtual hosts. And the same is true if I go to my DNS records and define test2.example.com, etc. Without touching my server, these new URLs serve up my website. That's not what I want! I want to use name-based virtual hosting and host different sites for each subdomain.
[Code]...
UPDATE: now I understand a bit more... apparently my real problem is not what I thought it was. My real problem now appears to be that when I copy this virtual hosts file and edit it to add a new subdomain name, set up the corresponding site, etc., and enable the virtual host (a2ensite) and restart (graceful), apache immediately stops serving up any websites. Apparently apache crashes although I do not see any error messages. But all my sites go down and I have to revert and then restart apache.
I thought this was because my virtual host file (pasted above) had an error. So I thought I would start by getting that first file right. Apparently it is right. So now I need to understand why adding a second virtual host causes all sites to stop being served up.
View 1 Replies
View Related
