| It's Summer Time! Time for 'Sharpening the Saw!' ... in your spare time. |
 |
 |
 |
| Written by Ken Task | |||
| Friday, 04 June 2010 09:35 | |||
One of the attack vectors to any ISD's network today is via port 80 and pointed at a weakness in AMP stack applications such as Moodle and Joomla. It seems that many hackers are no longer interested in defacing the home page or similar 'claim to fame', but, rather, using your web server for other purposes … ie, root kit. Once breached a server could become part of a bot network and it's resources could be used for other purposes. And, from what am seeing on SOSSIG server, it makes no difference if the ISD is running an AMP stack server internally OR if it's remotely hosted.
(matter of fact, most probes I see on SOSSIG server comes from remotely hosted sites - NOT a server inside an ISD). Below is something added to a Moodle course and is for those that run servers internally or those that remotely host on a dedicated machine (where the admin has shell access as well). NOTE: the course requires registration. Added to Advanced Moodle Administration course: http://moodle.tcea.org/kensmoodle/course/view.php?id=13#section-24 Section 24: Block pesky IP's from attempting to do harm to your web server … Logwatch Messages ** See the screen movie: Checking Server Logs Immediately Block Malicious IP's from Your Web Server NOTE: I can make the scripts shown in the movie available if anyone desires. The scripts were written for CentOS/Red Hat server, but can be edited and made to run on a Ubuntu server as well. Contact me.
|