1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Securing my website

Discussion in 'Programming & Webmastering' started by llllllllllll, Apr 1, 2010.

  1. llllllllllll

    llllllllllll

    Joined:
    Jun 16, 2008
    Messages:
    375 (0.15/day)
    Thanks Received:
    30
    Location:
    San Antonio TX
  2. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,475 (5.02/day)
    Thanks Received:
    3,776
    Location:
    Florida
    what are they doing/trying to do?
     
  3. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,635 (4.50/day)
    Thanks Received:
    3,448
    yea a description of the problem would be nice...
     
  4. llllllllllll

    llllllllllll

    Joined:
    Jun 16, 2008
    Messages:
    375 (0.15/day)
    Thanks Received:
    30
    Location:
    San Antonio TX
    Trying to get into the admin area..trying to mess with the modules..ect ect. The website is based on Nuke Evolution Extreme 2.0
     
  5. IggSter

    IggSter

    Joined:
    Aug 24, 2007
    Messages:
    443 (0.16/day)
    Thanks Received:
    127
    Location:
    BY-S36
    You will constantly get attacked by bots, scripts...you name it...

    here is one extract from my web server:
    - [Sat Mar 27 17:56:09 2010] [error] [client 124.42.124.251] File does not exist: C:/UniServer/www/scripts
    - [Sat Mar 27 17:57:16 2010] [error] [client 124.42.124.251] File does not exist: C:/UniServer/www/phpMyAdmin
    - [Sat Mar 27 17:58:26 2010] [error] [client 124.42.124.251] File does not exist: C:/UniServer/www/phpmyadmin
    - [Sun Mar 28 10:35:55 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/phpMyAdmin
    - [Sun Mar 28 10:36:45 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/phpmyadmin
    - [Sun Mar 28 10:37:39 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/pma
    - [Sun Mar 28 10:38:32 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/mysql
    - [Sun Mar 28 10:39:24 2010] [error] [client 94.102.211.93] File does not exist: C:/UniServer/www/scripts
    - [Sun Mar 28 12:50:14 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phpmyadmin
    - [Sun Mar 28 12:50:15 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/pma
    - [Sun Mar 28 12:50:16 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/admin
    - [Sun Mar 28 12:50:17 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/dbadmin
    - [Sun Mar 28 12:50:18 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/mysql
    - [Sun Mar 28 12:50:20 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/php-my-admin
    - [Sun Mar 28 12:50:21 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/myadmin
    - [Sun Mar 28 12:50:22 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/PHPMYADMIN
    - [Sun Mar 28 12:50:23 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phpMyAdmin
    - [Sun Mar 28 12:50:24 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/config
    - [Sun Mar 28 12:50:28 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phppgadmin
    - [Sun Mar 28 12:50:34 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/phpMyAdmin2
    - [Sun Mar 28 12:50:35 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/mail
    - [Sun Mar 28 12:50:38 2010] [error] [client 61.147.67.206] File does not exist: C:/UniServer/www/webmail

    The best options for you are:

    Make sure that you regularly patch your server...PHP, MySQL, Apache, IIS etc
    Add the incoming IP addresses to your block list at the router (tbh this will be a full time job as the IPs will change day by day
    Make sure that your admin passwords are long, alpha-numeric and contain at least one special char.
     
    llllllllllll and Solaris17 say thanks.
  6. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    17,475 (5.02/day)
    Thanks Received:
    3,776
    Location:
    Florida
    ^ this. it happens all the time

    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:14 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:15 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:15 2010] [error] [client 83.7.109.170] File does not exist: /usr/local/apache/htdocs/images, referer:
    [Fri Apr 02 15:25:18 2010] [error] [client 60.28.232.49] File does not exist: /usr/local/apache/htdocs/upimg, referer:
    [Fri Apr 02 15:25:18 2010] [error] [client 60.28.189.102] File does not exist: /usr/local/apache/htdocs/upimg, referer:

    password protect important dir and I personally 775 dir. and 644 files as a general rule. of course certain files and dir will get certain permissions.

    EDIT:: also to make it easy. if you have root access and an FTP account get your self file-zilla or any other easy use FTP program. It allows you to do the changes above in bulk.

    [​IMG]

    take that picture for example. you can right click on any dir. or hit CTRL+A and select them all. right click enter the permissions you want to give click "recurse" and you can apply them to files+dir. files or just dir. So say for example you want to go basic like i said above. you would go to root. select all right click. type 755 recurse "apply to all dir." then hit ok. it will immedietly start to change all your dir permissions (including sub dir.) to the permissions you set. after the operation is done. go back to root. select all type 644 recurse "apply to files only"
     
    Last edited: Apr 3, 2010
    llllllllllll, Easy Rhino and IggSter say thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page