hi there
its very important to protect our website . so i thought to share this steps. here is some advices to follow....
1. Config your php.ini
safe_mode = On [This is optional, many open sources applications will not run properly]
fopen = Off
disable_functions = “apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, disk_free_space, diskfreespace, dl, highlight_file, ini_alter, ini_restore, openlog, passthru, proc_nice, shell_exec, show_source, system”
2. Config your .htaccess
Add these more lines to your .htaccess file:
SetEnvIfNoCase User-Agent “^libwww-perl*” block_bad_bots
Deny from env=block_bad_bots
3. Look after your host
Use zgrep to check your log. Example:
zgrep “?*=http://” /var/www/html/*/statistics/logs/access_log*| awk ‘/Dec/ && /libww/ && $9 !~/^4/’
The hacker usually make use of perl-libww to include the script, so run this command, you could figure out.
Exploit files are often uploaded on tmp directory, so try to remove them by these commands:
find /var/tmp -user apache -exec rm -Rf {} \;
find /tmp -user apache -exec rm -Rf {} \;
find /var/spool/samba -user apache -exec rm -Rf {}\;
4. Database security:
You should create one user for each databse for each application. By doing this way, even one of your sites is attacked or stole the database, others are still remained.
Then, try to back up your all databases, at least, weekly
5. Take care your web applications:
Last but not least. ALWAYS UPGRADE YOUR APPLICATIONS, especially when you are using open source application such as joomla, wordpress, drupal … Many exploit are discovered and informed to the community. Hence, the bad guy can make use of them to attack the old version.
Absolutely, 5 steps above are just very very basic fundamentals to protect ourself from some script kiddies, they may be useless, against a real hacker. If you have any experiences in this matter, I am very pleased to discuss in order to improve our knowledge.
its very important to protect our website . so i thought to share this steps. here is some advices to follow....
1. Config your php.ini
safe_mode = On [This is optional, many open sources applications will not run properly]
fopen = Off
disable_functions = “apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, disk_free_space, diskfreespace, dl, highlight_file, ini_alter, ini_restore, openlog, passthru, proc_nice, shell_exec, show_source, system”
2. Config your .htaccess
Add these more lines to your .htaccess file:
SetEnvIfNoCase User-Agent “^libwww-perl*” block_bad_bots
Deny from env=block_bad_bots
3. Look after your host
Use zgrep to check your log. Example:
zgrep “?*=http://” /var/www/html/*/statistics/logs/access_log*| awk ‘/Dec/ && /libww/ && $9 !~/^4/’
The hacker usually make use of perl-libww to include the script, so run this command, you could figure out.
Exploit files are often uploaded on tmp directory, so try to remove them by these commands:
find /var/tmp -user apache -exec rm -Rf {} \;
find /tmp -user apache -exec rm -Rf {} \;
find /var/spool/samba -user apache -exec rm -Rf {}\;
4. Database security:
You should create one user for each databse for each application. By doing this way, even one of your sites is attacked or stole the database, others are still remained.
Then, try to back up your all databases, at least, weekly
5. Take care your web applications:
Last but not least. ALWAYS UPGRADE YOUR APPLICATIONS, especially when you are using open source application such as joomla, wordpress, drupal … Many exploit are discovered and informed to the community. Hence, the bad guy can make use of them to attack the old version.
Absolutely, 5 steps above are just very very basic fundamentals to protect ourself from some script kiddies, they may be useless, against a real hacker. If you have any experiences in this matter, I am very pleased to discuss in order to improve our knowledge.
Comment