Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Securing Apache/PHP - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Securing Apache/PHP
Nathan wrote in earlier with attempts to exploit PHP file inclusion that his server had automatically thwarted. He's promoting the use of mod_security, mod_evasive, fail2ban and suhosin in a Apache/PHP environment.

Since knowledge and experience is a way to win from the bad guys, how about sharing your favorite setup for Apache /PHP security (Basically a "LAMP" environment although I'd rather not focus on the OS part in there) and we'll summarize on this page. Also let us know what you like of the components you use, why they are your favorite etc.

mod_security

http://www.modsecurity.org/

mod_evasive

http://www.zdziarski.com/projects/mod_evasive/

fail2ban

http://www.fail2ban.org/

Nathan used this tool to ban IP addresses doing repeated 404/501 error results.  He catches attempts to hack forums based on PHP this way, and was able to trace it back to owned servers doing those attacks towards him.

suhosin

http://www.hardened-php.net/suhosin.127.html


--
Swa Frantzen -- net2s.com

Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!