Tech Support Forum - View Single Post

Skie · 02-28-2009, 08:18 AM

mod_ssl will only give you SSL capabilities to encrypt the actual transmission. It won't do anything for you in regards to securing the actual software.

What things confused you? Perhaps someone can explain things better.

One place you may wish to start if you're using any PHP scripts (any scripts or no scripts, doesn't matter, it helps) is to install and configure ModSecurity. It basically looks for specific URL's that are accessing your server and rejects them. Here's an example of my Mod Security log.

Code:

Date  	Time  	IP  	GET  	Host  	Message  	Action
2007-11-24 	10:36:40 	1.2.3.4 	/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.1 	www.domain.com 	Access denied with code 406. Pattern match "/etc/passwd" at THE_REQUEST 	406

What's happening here is someone's trying to gain access to the /etc/passwd file and display it using cat. Normally, a properly configured Apache and PHP server won't allow something like this, but people do find security holes in the software and use it to take advantage of it. This time around, they're trying to use a perl script that may or may not be located in cgi-bin. What ModSecurity does is it stops these types of attacks from even reaching Apache/PHP/whatever.

02-28-2009, 08:18 AM	#2 (permalink)
Skie Manager, Alternative Comp Join Date: Mar 2003 Location: Chicago burbs Posts: 2,194 OS: Gentoo Linux, CentOS, OS X My System	Re: Thoughts on securing apache mod_ssl will only give you SSL capabilities to encrypt the actual transmission. It won't do anything for you in regards to securing the actual software. What things confused you? Perhaps someone can explain things better. One place you may wish to start if you're using any PHP scripts (any scripts or no scripts, doesn't matter, it helps) is to install and configure ModSecurity. It basically looks for specific URL's that are accessing your server and rejects them. Here's an example of my Mod Security log. Code: Date Time IP GET Host Message Action 2007-11-24 10:36:40 1.2.3.4 /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.1 www.domain.com Access denied with code 406. Pattern match "/etc/passwd" at THE_REQUEST 406 What's happening here is someone's trying to gain access to the /etc/passwd file and display it using cat. Normally, a properly configured Apache and PHP server won't allow something like this, but people do find security holes in the software and use it to take advantage of it. This time around, they're trying to use a perl script that may or may not be located in cgi-bin. What ModSecurity does is it stops these types of attacks from even reaching Apache/PHP/whatever. __________________