Tired of hackers
Hi:
I'm tired of security holes in PHP scripts of my customers.
I'm tired of that holes makes system to start UDP attacks to other systems.
Is there any solution ? Is there any restrictive rules to prevent this ?
I'm open to ANYTHING
I have test so many things (monitors, nessus-like software, mod_security and other mods)... Please.. i'm open !!!
Suggestions ? Maybe i do not know the existence of a super software that everybody uses
Addressing security issues is one of those cases where "an ounce of prevention is worth a pound of cure". A hacker could do untold damage if they get into your system or network. And because hackers learn their trade in underground electronic communities, if one finds a way into your system you can bet that they'll let everyone else know about it.
Insecure scripts can be used as a back door to access your server, regardless. You need to patch and then upgrade these scripts. In addition, unless you have good set of rules and your applications including mod_security and other firewalls are configured properly, your server will be an open gate to hackers and spammers.
Andy Reed
RHCE and CCNA
ServerTune.com
is there any "blocker" of mass outgoing traffic ?
i mean
most of out-attacks from a compromised host run through DNS port.
is there any way to detect a massive outgoing traffic through that port ?
because obviously you can not disable it :P
Hire a system administrator.
seriously...
maybe some program that detects a sudden growth of outgoing traffic...
APF with egress filtering.
No 'magic' security bullet exists. Typically the best approach is by layering multiple security features and hopefully through more trial and error you will come up with a workable solution that will mitigate the majority of issues you've experienced.
Some quick suggestions:
APF
tcpwrappers
noexec /var/tmp and /tmp
remove /dev/shm from /etc/fstab
mod_security <--research rules others have successfully used on this forum
strong passwords
PHP Openbase_dir protection
PHP suexec
change permissions on your compilers
Don't permit ssh (even jailshell) access
etc etc.
It's not an easy task, nor something you can do once and forget about it.
Hope that helps.
Tom
i can not believe there's no program like that.
Ok to that security patches, or to try to fix security holes...
but what i mean is... ONCE hackers have compromised the server...
is there any tool to detect a sudden grow of traffic in any port ?
something like bwm-ng...
but bwm-ng does not ALARM when some K'b is reached .... :P
LinkBack URL
About LinkBacks
Reply With Quote