jepke
09-04-2007, 11:44 AM
Is it possible for hackers to break into your server/forum on port 80 (html port)
Or do they post anything to get it down.
I contact the server from local network so i don't have to open port 22 or 23 or 21.
But is my forum safety better or just the same as other forums that must open some ssh or ftp ports.
epctechno
09-04-2007, 11:40 PM
Well do you have mod_security in place with a good set of rules? Anything is possible to do to them script kiddies that have no life...
greenpassion
09-05-2007, 08:44 PM
Gee, what is mod_security?
Mike54
09-06-2007, 04:58 AM
gp, contact your host and ask if they have mod_security installed. They will be able to provide you a quick answer.
jepke
09-08-2007, 09:06 AM
I do host at my place so i can't contact the hoster;) Could you explain it a little for me.
Xhris
09-08-2007, 12:03 PM
Read here and look at making sure mod security in some way is added to your setup.
http://www.modsecurity.org/
Noppid
09-08-2007, 01:08 PM
Read here and look at making sure this is added to your setup.
http://www.modsecurity.org/
That was/is a very interesting read.
Did you install and implement this?
Xhris
09-08-2007, 01:14 PM
That was/is a very interesting read.
Did you install and implement this?
No I haven't installed that one. I have a friend that is going to give me some info on it. He is trying it out. I do not own my own server so the mod security is already on mine by my host.
I was just throwing out the site so that they could look at it if they wanted to and try it if they want. I thought it has some good information on the site.
I reworded my statement above. I didn't mean to sound like they had to install that exact one. I was just saying mod security in some way.
Noppid
09-08-2007, 01:19 PM
I agree with you completely. That's why I asked. I was hoping to have access to an experienced mod_security user to exchange notes if I dive into it.
I have implemented the mod_geoip part of mod security at the apache level. It's great and it was not too complicated to fetch, compile, install and use. This one looks pretty complicated, but definitely useful.
Xhris
09-08-2007, 01:24 PM
I have not done enough to be an experienced user in it. Yes I agree it does look useful. I plan on setting up my own server at home in the future and that is how I found that site. Doing a search for security for it when I do it.
Noppid
09-08-2007, 02:29 PM
Oh you need to learn IPTABLES then, if you don't know it already. It's a powerful first line of defense, on linux anyway.
Then with the mod_security, you can build something really secure.
Good Luck.
Xhris
09-08-2007, 02:57 PM
Cool thanks for the info on that. Will look into that some more.
