[ILUG] Help with web site security
tom at tomsalmon.com
Thu Jan 5 14:43:40 GMT 2012
It may also be worth running one of the penetration testing tools against your server. I have often used openvas (formerly Nessus).
Although if you're using shared hosting, running scanning software against a server that someone else manages could be considered inappropriate.
On Thu, Jan 05, 2012 at 02:30:24PM +0000, Killian Faughnan wrote:
> I'd look at upgrading Drupal first as theres a few known issues with 5.5
> (may or may not be applicable in your situation):
> http://www.cvedetails.com/cve/CVE-2008-3742/ (Unrestricted file upload)
> http://www.cvedetails.com/cve/CVE-2008-3741/ (XSS)
> http://www.cvedetails.com/cve/CVE-2008-3740/ (XSS)
> http://www.cvedetails.com/cve/CVE-2008-3222/ (Session fixation)
> If you own the server then restrict SSH access to the IP you usually manage
> the site from, remove root SSH access and restrict down to only the user
> you connect as using AllowUsers. Change the default listening port. Put
> on fail2ban etc. Restrict all outbound access as a lot of exploits require
> outbound access to work. Ideally you'd do this from a managed firewall
> instead of IPTables but make use of whatever you have. Remove services
> you're not using, especially ones that listen on the outside interface.
> Make sure your Apache is patched and look into mod_security. Pretty much
> anything you can do to limit the potential attack surface, and therefore
> make it more effort than it's worth.
> Killian Faughnan
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug
> Who we are : http://www.linux.ie/
> Where we are : http://www.linux.ie/map/
Tom Salmon BEng (Hons)
More information about the ILUG