PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Thu Oct 17, 2019 2:43 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 23 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sun Mar 29, 2015 7:39 pm 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179
Hi, I have it on my 87 long security list to look at this so I finally did. I was looking through the /var/log/httpd/error_log file and I noticed hacker attacks on the database (or just generally). After setting up fail2ban to block IP addresses related to SSH access and also seeing all these other IP addresses trying to go after the Apache database (or whatever they are doing) it finally occurred to me that except for (direct logging in to my database via my website PHP software) there is only one valid IP address (my home public ip address). Considering this, logically can I not set up iptables to block every single ip address other than my home IP address? Related to this can I not do this for every single software that I might in the future consider using that is not considered public access such as my website (or maybe in the future postfix email but for now I am only using outgoing email)?

Thanks,
John


Top
 Profile  
 
PostPosted: Sun Mar 29, 2015 11:13 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 3:41 am 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 4:58 am 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 5:40 am 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 6:51 am 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 1:41 pm 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 5:38 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US

_________________
(#10850)


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 6:30 pm 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179
Thanks Christopher. I will have a look at your suggestions tomorrow. I am trying to split my days between security and updating data on my database hoping when I get the data up to date I will have enough security in place to go ahead and draw attention to the website from potential normal users. John.


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 6:35 pm 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 7:37 pm 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179
Thanks guys. I don't totally understand everything but I will use Google searches to fill in the holes (I like to respect people's time and minimize my questions). Earlier today I looked up the favicon.ico file and learned it is for the icon in your browser's location bar. This website explains how to create it. http://www.thesitewizard.com/archive/favicon.shtml I put it on my todo list for later since My website seems to be working (meaning I can drag the icon and get an icon on the desktop that does lead to my website). It is not fancy but it works. I will look up the other files Tomorrow.

I fully intended on not making this website a pretty or fancy website. I mainly want the pages to come up fast and I mention that up front in the home page (a marketing approach). I can say one thing. The home page pops up faster than most others I see these days. I got into this way of thinking because some of my pages do way more processing that most and I worry about those pages if this website gets busy. Part of making it fast is making sure it does not get hacked (making sure it is not used to send out spam etc). I just need to know enough to know I don't need to do any more. I am not storing credit card information on purpose for example as a way to reduce the amount I need to know.

Thanks again,
John


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 9:19 pm 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179
A bit more because I got curious. I just did this search
cat error_log | grep 'favicon.ico'

After doing the search I have found that when I open my home page I too get this error. However I noticed/realized that it is not in fact an error. It simply states that this file does not exist. So it is implying that it is not an error and it is also not even a warning. It is a notice only. So the person who programmed Apache is thinking (exactly as I am thinking) that it is not really that important but you might want to consider having an icon for your website (for pretty marketing reasons if that is important to you that is). I personally think the Apache programmer would have been better to take it even lower and just ignore the fact that this file does not exist and let those who care about this stuff take the time to figure out how to have such an icon on their web page. But it is not a big deal. When I set up the system to limit the size of the logs properly (again a focus on efficiency since reducing space available for swap could slow things down) this will not be much of a problem if any. It seems that people are in fact discovering my website by accident (not hackers at all). Now I am really curious as to what these other files are for (lets hope google has the answer). This is all good. It means I need not panic about being hacked except for on the SSH side. The adventure continues - LOL - lots of fun.


Top
 Profile  
 
PostPosted: Mon Mar 30, 2015 10:06 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US

_________________
(#10850)


Top
 Profile  
 
PostPosted: Tue Mar 31, 2015 2:38 am 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179
Thanks Christopher. It just occurred to me when I woke up that is is a good idea to have it since (if it creates an icon on the desktop that stands out as different and associated with your website) then it will in fact speed the user up. I will check into the other missing files. Anyway, back to bed to get more sleep before starting another day. John.


Top
 Profile  
 
PostPosted: Thu Apr 02, 2015 2:49 pm 
Offline
Forum Contributor

Joined: Fri Jul 18, 2014 1:54 pm
Posts: 179
I did a few things.
**I set up a secure user (one with a long random user name and with a long random password)
**I disabled root access
**I set up the SSH key authentication
**I set PasswordAuthentication no

It is working (I can get in with Putty and with WinSCP using the SSH private key pass phrase).

I have a few questions.
**Will I see anything in the log files with these brute force attempts? (not seeing many now since the fail2ban is blocking their IP addresses).
**Is there any real need for fail2ban now? Currently brute force attempts are down to about 1 every 2 hours due to the iptable entries created by fail2ban.
**Would anyone be interested in seeing my full security list which has my priority settings (I will clean it up a bit if I post it). I have no idea if the priorities are correct (just a guess).
It might open up an interesting discussion (probably mostly over my head - LOL). I could post the spread sheet that it is from which shows the location of the info.

Thanks John.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 23 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group