Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th June 2006, 23:54
trigar trigar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default Preventing http access by IP address

I notice that our sites are accessible via the server IP address followed by web1,2,3 etc. This enables hackers to browse all webs folders, including cgi-bin, ftp, log, phptmp, ssl, user, and web.

Worse the perl scripts open as plain/text in the browser, enabling hackers to work out precisely how to abuse my code.

We haven't yet gone live on this server, and the only modification I have made from the perfect setup was to set-up suexec, which in turn made me chmod the scripts and folder to 755.

I clearly have gone adrift somewhere, probably related to these mods, and would appreciate any advice!

Thanks!

Chris.
Reply With Quote
Sponsored Links
  #2  
Old 5th June 2006, 12:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Which ISPConfig version do you use?

Is the IP address that you can use to browse the websites assigned to a website in ISPConfig?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 5th June 2006, 14:03
trigar trigar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default Preventing http access by IP address

Thanks for the prompt reply!

Quote:
Which ISPConfig version do you use?
Version: 2.2.2

Quote:
Is the IP address that you can use to browse the websites assigned to a website in ISPConfig?
No. Only the internal LAN address of the server is assigned to the sites, not the WAN address.
Reply With Quote
  #4  
Old 5th June 2006, 14:57
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Quote:
Originally Posted by trigar
No. Only the internal LAN address of the server is assigned to the sites, not the WAN address.
Did you forward port 80 and 443 from your router to your internal IP address that you assigned to the website?

If you enter your internal IP address that you assigned to the website in the browser, you get the behaviour that you can browse the websites?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 5th June 2006, 15:23
trigar trigar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till
Did you forward port 80 and 443 from your router to your internal IP address that you assigned to the website?
No we don't use NAT forwarding, the server WAN interface has its own static IP, using the standard ISPConfig Bastille firewall.

Quote:
Originally Posted by till
If you enter your internal IP address that you assigned to the website in the browser, you get the behaviour that you can browse the websites?
Interestingly not, I assumed it would, but in fact typing "http://lan ip address/" returns:

Quote:
This IP address is shared. For access to the web site which you look for, enter its address instead of its IP.
And entering "http://lan ip address/web1/" returns:

Quote:
Object not found!

The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.

If you think this is a server error, please contact the webmaster.
Error 404
This is very much the behaviour I would have liked to see when using the WAN IP.

(Just in case you have not gathered this from my early posts, entering the domain name for each site works perfectly.)
Reply With Quote
  #6  
Old 5th June 2006, 15:27
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Then you just used the wrong IP. Add your WAN IP in ISPConfig, change the IP in the websites to your WAN IP and hit save.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 5th June 2006, 16:49
trigar trigar is offline
Junior Member
 
Join Date: Jun 2006
Posts: 17
Thanks: 2
Thanked 0 Times in 0 Posts
Red face

Quote:
Originally Posted by till
Then you just used the wrong IP. Add your WAN IP in ISPConfig, change the IP in the websites to your WAN IP and hit save.
Feeling somewhat red-faced over here; but yes you're absolutely right I had indeed been that daft. All updated as you suggested and the server is now not accessible by IP.

I cannot thank you enough.

Chris.
Reply With Quote
  #8  
Old 6th June 2006, 07:09
byteme byteme is offline
Junior Member
 
Join Date: Jun 2006
Location: Elkhart Indiana - US
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Shared IP Address

Why am I getting "This IP address is shared. For access to the web site which you look for, enter its address instead of its IP." when going to http://domainname but not when going to http://www.domainname?
I have an A record pointing to my ip for ftp,www, and @?
Reply With Quote
  #9  
Old 6th June 2006, 13:00
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
Default

Please add domainname to the Co-Domains tab of that web site. Technically domainname and www.domainname are two different things.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 6th June 2006, 14:04
byteme byteme is offline
Junior Member
 
Join Date: Jun 2006
Location: Elkhart Indiana - US
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Thanks falco. If I could just figure out why ftp through a browser does not work I think with the help of this forum I have most other issues fixed or a least know where to find the information on how to fix them.

You guys to a great job!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistics not compiling. thevinster Installation/Configuration 137 11th November 2010 11:54
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 13:20
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 19:26
No login access by http or https onoxsis Installation/Configuration 9 24th October 2005 12:13
Webmail access from different address? maxx General 1 30th July 2005 13:22


All times are GMT +2. The time now is 03:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.