HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Security question (http://www.howtoforge.com/forums/showthread.php?t=46732)

bernholdt 24th June 2010 00:29

Security question
 
Hi
I experienced a defacing today on one of my sites. someone managed to get a r57 shell into my site.

I have modsecurity2, php soushin, suphp, installed as security precautions.

What else can I do to protect my self against remote file inclusion.

I am running Debian Lenny with a perfect server setup, from here

Any hints or ideas ??

topdog 24th June 2010 10:37

A properly configured mod security should be able to ward of most of those attacks, you could also investigate running php in safe mode. The issue with security is that it is a moving target. Keep scanning your applications for security vulnerabilities to keep ahead of the attackers.

bernholdt 24th June 2010 20:32

Hi Topdog

You write Keep scanning your applications for security vulnerabilities to keep ahead of the attackers can you recomend a securityscanner wich i can use to find any holes in this particular script ??

topdog 24th June 2010 20:37

Scanning is not just about using automated tools, but good examples are http://www.cirt.net/nikto2 and nessus with the commercial feed.

You need to subscribe to security vulnerability lists as well, and also do your own application auditing to check applications for XSS, CSRF and other kinds of web vulnerabilities.

Ben 25th June 2010 10:57

for application scanning you won't be that good with using nessus or nikto, eventhough they can help you as a start.
it's like doing app pentests, where you have either the choice of doing some kind of black box testing, with automated support (e.g. with acunetix or similar, acunetix for at least detecting xss and crawling is free, you could combine this with other free tools like burp that can help to find more, when letting acunetix crawl through the page) and manual test versus (manual / automated) code review. for php software you could try "rips". I did not use it yet, but the description sounded pretty interesting. Sqlmap for e.g. is interesting for checking sql injections... you will find more tools when googling around for the above, owasp or webappsec (and their mailinglist archives) are a good ressourcepool as well.


All times are GMT +2. The time now is 22:06.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.