Apache2Triad Help, Support and Development Forum Index Search Profile Log in to check your private messages Log in Register Memberlist Attachments Statistics Crew/Ranks Archive
 Securing Your Server (Tricks Of The Trade)
Google
Post new topic Reply to topic
Author Message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Fri Mar 18, 2005 2:11 pm Reply with quoteBack to top

I'm very interested in security for a live server, and thought I'd start a thread on making your server more secure. If you have any great utilities, .htaccess httpd.conf tricks or otherwise that increases a servers security please post them here.

Here's a few for your httpd.conf file

First from A2T's readme.
For production, or live servers, its best leave as little info about what kind of system you are running. The only info that web visitors need from your site is the content, not what makes it run. Good settings for live servers could be:
Code:

 The server signature configuration : Off or Email
 The amount of server info made public : Prod


Code:
## --------------- Help Protect PHP from abuse -------------
# For more security info visit http://us2.php.net/manual/en/security.php
<Location ~ "/[^ ](?=\.inc(\?[^ ]*)?)/">
   Options None
   Order Allow,Deny
   Deny from All
   AllowOverride None
   Satisfy All
</Location>

<Location ~ "/[^ ](?=\.phps(\?[^ ]*)?)/">
   Options None
   Order Allow,Deny
   Deny from All
   AllowOverride None
   Satisfy All
</Location>

<Location ~ "/[^ ](?=\.php(\?[^ ]*)?)/">
   Options None
   Order Allow,Deny
   Deny from All
   AllowOverride None
   Satisfy All
</Location>
## ---------------------------------------------------------


Code:
#---------- Prevent Bandwidth Thieves by Folder -----------
SetEnvIf REFERER "yoursite\.no-ip\.com" linked_from_here
SetEnvIf REFERER "^$" linked_from_here

<Directory C:/apache2triad/protectedfolder>
    Order deny,allow
    Deny from all
    Allow from env=linked_from_here
</Directory>
## ---------------------------------------------------------


Code:
##----------- Prevent Bandwidth Thieves -------------------
# Method 1: Block anything not linked from your site.
RewriteCond %{HTTP_REFERER}!^http://%{SERVER_NAME}/ [NC]
# Serve Alternate Item:
#RewriteRule [^/]+.(gif|jpg|mp3|swf)$ http://YOURSITE.com/denied.gif [R,L]
# Block Altogether
RewriteRule [^/]+.(gif|jpg|mp3|swf|png|jpeg)$ - [NC,F]

# Method 2: Block only linked items from a specific site.
#RewriteCond %{HTTP_REFERER} ^http://(www\.)?BlockedSiteName\.com/ [NC]
#RewriteRule \.(gif|jpg)$ - [NC,F]
## ---------------------------------------------------------






BAD BOT SCRIPTS

In Your httpd.conf
Code:
## ----------------- Help Protect server abuse -------------
# You can automatically ban:
# RewriteRule .* http://%{SERVER_NAME}/cgi-bin/trap.cgi [L,T=application/x-httpd-cgi,R,NC]
# You can warn:
# RewriteRule .* http://%{SERVER_NAME}/banwarning.htm [L,R,NC]
# Or you can just deny:
# RewriteRule .* - [F]

RewriteCond %{QUERY_STRING} ^(.*)echr(.*)
RewriteRule .* http://%{SERVER_NAME}/cgi-bin/trap.cgi [L,T=application/x-httpd-cgi,R,NC]

RewriteCond %{QUERY_STRING} ^(.*)highlight=%2527
RewriteRule .* http://%{SERVER_NAME}/cgi-bin/trap.cgi [L,T=application/x-httpd-cgi,R,NC]

RewriteCond %{HTTP_USER_AGENT} ^-$
RewriteRule .* http://%{SERVER_NAME}/cgi-bin/trap.cgi [L,T=application/x-httpd-cgi,R,NC]

RewriteCond %{HTTP_REFERER} ^-$
RewriteRule .* http://%{SERVER_NAME}/cgi-bin/trap.cgi [L,T=application/x-httpd-cgi,R,NC]

RewriteCond %{REQUEST_URI} ^/scripts.*$
RewriteRule .* http://%{SERVER_NAME}/cgi-bin/trap.cgi  [L,T=application/x-httpd-cgi,R,NC]
## ---------------------------------------------------------


The trap.cgi
Code:
#!C:/apache2triad/perl/bin/perl.exe
#######################################
# Trap Script Version 0.2             #
# By Joshua Meadows                   #
#-------------------------------------#
# http://jaydium.servehttp.com        #
#######################################
use CGI;

#################
# Configuration #
#################

my $htafile = "/\.htaccess";
my $termsfile = "/banwarning\.htm";

#################
# Program Code  #
#################

# Form full pathname to .htaccess file
my $basedir = $ENV{DOCUMENT_ROOT};
my $htapath = "$basedir"."$htafile";
 
# Form full pathname to terms.htm file
my $termspath = "$basedir"."$termsfile";
 
# Get the bad-bot's IP address, convert to regular-expressions
#(regex) format by escaping all periods.
my $remaddr = $ENV{REMOTE_ADDR};
$remaddr =~ s/\./\\\./gi;
 
# Get User-agent & current time
my $usragnt = $ENV{HTTP_USER_AGENT};
my $date = scalar localtime(time);
 
# Open the .htaccess file and wait for an exclusive lock. This
# prevents multiple instances of this script from running past
# the flock statement, and prevents them from trying to read and
# write the file at the same time, which would corrupt it.
# When .htaccess is closed, the lock is released.
#
# Open existing .htaccess file in r/w append mode, lock it, rewind
# to start, read current contents into array.
open(HTACCESS,"+>>$htapath") || die $!;
flock(HTACCESS,2);
seek(HTACCESS,0,0);
my @contents = <HTACCESS>;

   my $LogFileRead = index(join("",@contents),"$remaddr");
   if ($LogFileRead == -1) {
      # if remaddr doesn't exists:
      
      # New Attack Empty existing .htaccess file, then write new IP ban line and
      # previous contents to it
      truncate(HTACCESS,0);
      print HTACCESS ("#------------------\n");
      print HTACCESS ("SetEnvIf Remote_Addr \^$remaddr\$ getout\n");
      print HTACCESS ("#  $date\n");
      print HTACCESS ("#  $usragnt\n");
      print HTACCESS ("#------------------\n");
      print HTACCESS ("\n");
      print HTACCESS (@contents);

      # close the .htaccess file, releasing lock - allow other instances of this script to proceed.
      close(HTACCESS);
      ServerErrorPage();
      SendEmailWarning();
   }else{
      # if remaddr already exists just serve error:
      ServerErrorPage();      
      exit;
   }

sub ServerErrorPage{
   # Write html output to server response
   if (open(TERMS,"< $termspath"))
   {
    # Copy the terms.htm file as output here.
    print ("Content-type: text/html\n\n");
    seek(TERMS,0,0);
    @contents = <TERMS>;
    print (@contents);
    print "<hr>\n";
    print ("$date<br>\n");
    print ("User IP:  $ENV{REMOTE_ADDR}<br>\n");
    print ("$usragnt<br>\n");
    close(TERMS);
   }
   else
   {
    # if we can't open terms.htm, output a canned error message
    print "Content-type: text/html\n\n";
    print "<html><head><title>Fatal Error</title></head>\n";
    print "<body text=\"#000000\" bgcolor=\"#FFFFFF\">\n";
    print "<B>Ban Warning</B><BR>\n";
    print ("SetEnvIf Remote_Addr \^$remaddr\$ getout \# $date $usragnt\n");

    print "<HR>\n";
    print ("$date<BR>\n");
    print ("User IP:  $ENV{REMOTE_ADDR}<BR>\n");
    print ("$usragnt<BR>\n");
    print "<HR>\n";
    print "<p>Ban Page Auto Generated</p></body></html>\n";
    }
}

sub SendEmailWarning{
   # trying to send an e-mail message
   open(MAIL, "|C:/apache2triad/mail/bin/sendmail.exe -t") || die
   "Content-type: text/text\n\nCan't open C:/apache2triad/mail/bin/sendmail.exe!";

   print MAIL "To: admin\@jaydium\.servehttp\.com\n";
   print MAIL "From: admin\@jaydium.servehttp.com\n";
   print MAIL "Subject: Banned From Jaydium!\n";
   print MAIL "Reply-to: admin@jaydium.servehttp.com";
   print MAIL "Content-type: text/html\n\n";

   print MAIL "The ip address \^$remaddr\$ has been banned on $date\n";
   print MAIL "The associated user agent was $usragnt\n";
   print MAIL "\n";
   print MAIL "If you want to reverse this you will have to open you .htaccess file in your root directory and manually remove the entry.\n";
   print MAIL "\n";
   print MAIL "--------------------------------------------------------------------------------\n";
   print MAIL "Trap Script Version 0.2\n";
   print MAIL "By: Joshua Meadows. http://jaydium.servehttp.com\n";

   close(MAIL);
}
 
exit;


In your .htaccess
Code:
# Block bad-bots using lines written by trap.cgi script above
SetEnvIf Request_URI "^(/403.*\.htm|/robots\.txt|/banwarning\.htm)$" allowsome
<Files *>
order deny,allow
deny from env=getout
allow from env=allowsome
</Files>
 
Redirect /false_page_trapabuse.htm http://yoursite.com/cgi-bin/trap.cgi 
Redirect /lower_directory/false_page_trapabuse.htm http://yoursite.com/cgi-bin/trap.cgi


In your robots.txt
Code:
User-agent: *
Disallow: /banwarning.htm


Oh, yeah and a great module is mod_security located at http://www.modsecurity.org/
I'm still trying to find the right mix of settings for A2T though what I currently have....

Code:
<IfModule mod_security.c>
    # Turn module advertising On or Off
    SecServerResponseToken Off

    # Turn the filtering engine On or Off
    SecFilterEngine On

    # Make sure that URL encoding is valid
    SecFilterCheckURLEncoding On
    SecFilterCheckCookieFormat On
    SecFilterCheckUnicodeEncoding Off

    # Should mod_security inspect POST payloads
    SecFilterScanPOST On

    # Only allow certain byte values to be a part of the request.
    # This is pretty relaxed, most applications where only English
    # is used will happily work with a range 32 - 126.
    # a relaxed settings is 1 - 255
    SecFilterForceByteRange 1 255

    # The audit engine works independently and
    # can be turned On of Off on the per-server or
    # on the per-directory basis. "On" will log everything,
    # "DynamicOrRelevant" will log dynamic requests or violations,
    # and "RelevantOnly" will only log policy violations
    SecAuditEngine RelevantOnly

    # The name of the audit log file
    SecAuditLog logs/audit_log

    SecFilterDebugLog logs/modsec_debug_log
    SecFilterDebugLevel 0

    # Action to take by default
    #SecFilterDefaultAction "deny,log,status:500"
    SecFilterDefaultAction "deny,log,status:403"

    # Redirect user on filter match
    SecFilter xxx redirect:http://%{SERVER_NAME}/banwarning.htm

    # Execute the external script on filter match
    SecFilter yyy log,exec:/apache2triad/cgi-bin/trap.cgi

    # Simple filter
    SecFilter 111
   
    # Only check the QUERY_STRING variable
    SecFilterSelective QUERY_STRING 222

    # Only check the body of the POST request
    SecFilterSelective POST_PAYLOAD 333

    # Only check arguments (will work for GET and POST)
    SecFilterSelective ARGS 444

    # Test filter
    SecFilter "/cgi-bin/modsec-test.pl/keyword"

    # Another test filter, will be denied with 404 but not logged
    # action supplied as a parameter overrides the default action
    SecFilter 999 "deny,nolog,status:404"

    # Prevent OS specific keywords
    SecFilter /etc/passwd

    # Server masking
     SecServerSignature "JDM"

    # Prevent path traversal (..) attacks
    SecFilter "\.\./"

    # Weaker XSS protection but allows common HTML tags
    SecFilter "<[[:space:]]*script"

    # Prevent XSS atacks (HTML/Javascript injection)
    SecFilter "<(.|\n)+>"

    # Very crude filters to prevent SQL injection attacks
    SecFilter "delete[[:space:]]+from"
    SecFilter "insert[[:space:]]+into"
    SecFilter "select.+from"

    # Protect PHP versions prior to 4.3.2 They are vulnerable to XSS attacks
    SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
    SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

    # Require HTTP_USER_AGENT and HTTP_HOST headers
    SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"

    # Forbid file upload
    # SecFilterSelective "HTTP_CONTENT_TYPE" multipart/form-data

    # Only watch argument p1
    SecFilterSelective "ARG_p1" 555

    # Watch all arguments except p1
    SecFilterSelective "ARGS|!ARG_p2" 666

    # Only allow our own test utility to send requests (or Mozilla)
    SecFilterSelective HTTP_USER_AGENT "!(mod_security|mozilla)"

    # Do not allow variables with this name
    SecFilterSelective ARGS_NAMES 777

    # Do now allow this variable value (names are ok)
    SecFilterSelective ARGS_VALUES 888

    # Test for a POST variable parsing bug, see test #41
    SecFilterSelective ARG_p2 AAA

    # Stop spamming through FormMail
    # note the exclamation mark at the beginning
    # of the filter - only requests that match this regex will
    # be allowed
    <Location /cgi-bin/FormMail>
        SecFilterSelective "ARG_recipient" "!@YOURSITE.com$"
    </Location>

    # when allowing upload, only allow images
    # note that this is not foolproof, a determined attacker
    # could get around this
    #<Location /fileupload.php>
    #    SecFilterInheritance Off
    #    SecFilterSelective POST_PAYLOAD "!image/(jpeg|bmp|gif)"
    #</Location>

    #Output filtering can also be used to detect successful intrusions.
    #These rules will monitor output and detect typical keywords resulting from
    #a command execution on the server.
    SecFilterSelective OUTPUT "Volume Serial Number"
    SecFilterSelective OUTPUT "Command completed"
    SecFilterSelective OUTPUT "Bad command or filename"
    SecFilterSelective OUTPUT "file(s) copied"
    SecFilterSelective OUTPUT "Index of /cgi-bin/"
    SecFilterSelective OUTPUT ".*uid\=\("

    #Bind Usernames to IP address
    #SecFilterSelective ARG_username admin chain
    #SecFilterSelective REMOTE_ADDR "!^ADMIN_IP_ADDRESS_HERE$"
   
    #Prevent PHP information leak on errors
    SecFilterSelective OUTPUT "Fatal error:"

    #For more info http://www.gotroot.com/mod_security+rules
    Include C:/apache2triad/cgi-bin/mod_security_rules.conf
   
    #For more info http://prwdot.org/docs/blacklist_to_modsec.html#downloading
    Include C:/apache2triad/cgi-bin/blacklist_rules.txt

    #Another source used http://www.securityfocus.com/infocus/1739
</IfModule>
# End of mod_security.


Another thing that must be changed if you use the

Code:
    # Server masking
     SecServerSignature "NOYB"

statement in the mod_security is that you must open and change the file located at \apache2triad\error\include\bottom.html and either change or remove this line.
Code:
<a href="http://httpd.apache.org" target="_blank" alt="Powered by Apache2"><img src=/icons/apache_pb2.gif border="0"></a>


You'll also want to open \apache2triad\icons\readme.html and either change or remove these lines
Code:
    <div align="right">
    <a href="http://apache2triad.sourceforge.net" target="_blank" alt="Apache2Triad by Vlad Alexa Mancini">Apache2Triad</a> by <a href="http://alexamancini.com" target="_blank">Vlad Alexa Mancini</a><br>
<font color="#999999" size="1" face="Verdana, Arial, Helvetica, sans-serif">
    Programming by <a href="http://nextcode.org">NextCode</a> Graphics by <a href="http://nextdesign.eu.org">NextDesign</a>
</font>
    </div>


Doing this will strip the common visible advertisements of what server type you are running. If this isn't an issue for you then leave these unmodified and spread the word on A2T !


Last edited by Joshua Meadows (DemoRic) on Fri Dec 23, 2005 1:57 pm; edited 6 times in total
View user's profileSend private messageYahoo MessengerICQ Number
door33
tester
tester


Joined: 28 May 2004
Posts: 67
Location: US

PostPosted: Sat Mar 19, 2005 7:35 am Reply with quoteBack to top

nice very nice
i myself havnet got around to mod_seucrity but i should get to it this week since i have a week off. Heres an old guide i made http://apache2triad.net/forums/viewtopic.php?t=742

oh and is it just me, but the mail part of the script only sends me a message with a subject and no body it has no content at all.
View user's profileSend private messageAIM AddressMSN Messenger
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sat Mar 19, 2005 1:44 pm Reply with quoteBack to top

That's a good resource. I use that coupled with making certain directories ssl, by changing their http requests to https.

Code:
## ---------- Change HTTP to HTTPS by Directory ------------
#RewriteCond %{HTTPS} !=on

RewriteCond %{REQUEST_URI} ^/phpsftpd.*$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]

#RewriteCond %{REQUEST_URI} ^/phpmyadmin.*$
#RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]

RewriteCond %{REQUEST_URI} ^/awstats.*$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]

RewriteCond %{REQUEST_URI} ^/apache2triadcp.*$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R,NC]

#RewriteCond %{REQUEST_URI} ^/mail.*$
#RewriteRule ^/(.*) http://%{SERVER_NAME}/squirrelmail.*$  [L,R,NC]

RewriteCond %{REQUEST_URI} ^/uebimiau.*$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$l [L,R,NC]
## ---------------------------------------------------------

Code:
## ---------- Change Requests By File Extension -------------
#make sure playlists are http since media players don't use https
RewriteCond %{REQUEST_URI} ^/.*$/!\.(m3u|pls|mp3)
RewriteRule !\.(m3u|pls|mp3)$ http://%{SERVER_NAME}/$1 [L,R,NC]

#Deny file requests by file extension
RewriteCond %{REQUEST_URI} ^/.*$/!\.(exe|dll|so|bak|lnk)
RewriteRule !\.(exe|dll|so|bak|lnk)$ http://%{SERVER_NAME}//error/HTTP_METHOD_NOT_ALLOWED.html.var [L,R,NC]
## ---------------------------------------------------------


I'm still researching packet sniffing.


Last edited by Joshua Meadows (DemoRic) on Mon Sep 05, 2005 2:41 pm; edited 7 times in total
View user's profileSend private messageYahoo MessengerICQ Number
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Sat Mar 19, 2005 2:23 pm Reply with quoteBack to top

just to keep it technicall packet sniffers work at the "network" layer 3 , you can not filter them by rules at the higher "application" layer 7


Last edited by Vlad Alexa Mancini on Wed Mar 23, 2005 6:38 am; edited 1 time in total
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sun Mar 20, 2005 12:37 am Reply with quoteBack to top

Well there is one solution to keeping passwords encrypted is by using mod_digest to have the passwords sent in MD5 encryption instead of using apache's own basic authentication.
http://www.apachefreaks.com/apache/howto/auth.html (for apache 1.3)
Oh, and as a bonus further in the article it talks about mod_auth_db
and using salted hash for user files with a perl script.

http://www.apachefreaks.com/apache2/mod/mod_auth_digest.html (for apache 2.0)

Quote:
oh and is it just me, but the mail part of the script only sends me a message with a subject and no body it has no content at all.

Your asking about the trap.cgi. Yeah it is the same for me, the script is a work in progress. It does however let you know that there has been a block (you can check your .htaccess file for details) I'll keep working on it.

Also do you have some recommendations on man-in-the middle attacks?


Last edited by Joshua Meadows (DemoRic) on Mon Sep 05, 2005 2:44 pm; edited 4 times in total
View user's profileSend private messageYahoo MessengerICQ Number
alf149
 
 


Joined: 22 Mar 2005
Posts: 2
Location: Denmark

PostPosted: Tue Mar 22, 2005 1:11 pm Reply with quoteBack to top

More on security

What about file premisions in XP or win2003 server. Can you in any way make direct access to files not posipale like on a linux server.

my problem is that i actuly want a lunux server, but im not capeble to set i up myself. And I have been using A2T for a long time, så i tourght that i just could set up at live A2T but then what about Security ????

I have to set up my one server because i need to make several changes in httpd.conf and php.ini.

/rolf

Sory about my english.....
View user's profileSend private messageSend e-mail
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Tue Mar 22, 2005 8:38 pm Reply with quoteBack to top

Quote:
Also do you have some recommendations on man-in-the middle attacks?


Man in the middle attacks are done at the ethernet level using arp poisoning ,ethernet alone implies that specific ports can not be used , can not be done over the internet (only on local netblock) etc

Snort is a good IDS , so is Argus but does not work on windows

Anyways all of this is quite unrelated to securing at the apache level , this is all at the system level. Demoric, you should document yourself on OSI, and packet sniffers since they have nothing to do with apache directly.

Quote:
What about file premisions in XP or win2003 server.


they are generally just like file permissions on any other multiuser os out there

the level of access and the user to have access to any file/directory can be set up for any specific file/directory

proceses have the permissions of the user that started them , services have the permissions of the account/user set up for the user

it is alll in the operating system , document yourself on it

by default all servers in apache2triad run under ther system user/account besides postgres and slimftp that run under the apache2triad user.
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Wed Mar 23, 2005 3:03 am Reply with quoteBack to top

I was under the impression that packet sniffers could be used externally in a man-in-the middle attack on the outgoing connection of a server to view each ip packet for content such as passwords, and usernames sent in the clear. I wondered if the change of http to https status took place after apache's request for its basic security. However I was looking in the wrong place for such solutions. I'll search around for documentation on packet sniffing. (I've been looking into http://www.snort.org/ as a possible solution) Do you have any good documentation (or programs) that you'd recommend? Are there any other little security tricks you know at the apache level (doesn't have to be on packets)?

Quote:
Demoric, you should document yourself on OSI, and packet sniffers since they have nothing to do with apache directly.


What I've found so far:
Definition Of Packet Sniffing: http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Packet_sniffing/default.htm
OSI layers: http://www.webopedia.com/quick_ref/OSI_Layers.asp
Arp Poisoning: http://www.watchguard.com/infocenter/editorial/135324.asp

Also, here's a little deal to help block some spammers from searching your site (and help protect emails)
Code:
RewriteCond %{HTTP_USER_AGENT} Wget [OR]
RewriteCond %{HTTP_USER_AGENT} CherryPickerSE [OR]
RewriteCond %{HTTP_USER_AGENT} CherryPickerElite [OR]
RewriteCond %{HTTP_USER_AGENT} EmailCollector [OR]
RewriteCond %{HTTP_USER_AGENT} EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ExtractorPro
RewriteRule ^.*$ X.html [L]

This isn't 100% since not all email harvesters identify themselves.


Last edited by Joshua Meadows (DemoRic) on Mon Sep 05, 2005 2:47 pm; edited 10 times in total
View user's profileSend private messageYahoo MessengerICQ Number
Vlad Alexa Mancini
lead developer
lead developer


Joined: 07 Jul 2003
Posts: 1539

PostPosted: Thu Apr 21, 2005 7:26 pm Reply with quoteBack to top

here is unclassified apache security guide from uncle sam with love

related : file:///C:/apache2triad/manual/misc/security_tips.html
View user's profileSend private message
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Fri Apr 22, 2005 7:23 pm Reply with quoteBack to top

File Mirror:
'Prepared by the Space and Naval Warfare Systems Center, San Diego for the Technical Support Working Group' at
http://prdownloads.sourceforge.net/fortknox/apache_20041028.pdf?download
***************
Vulnerability Scanners:
Nessus an open source vulnerability scanner for both *nix and win32 is available at http://www.nessus.org/download/

Also since A2T is on a windows system you should of course use MS' Baseline Security Analyzer.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
***************
Other Good References:
SANS top 20 vulnerabilites http://www.sans.org/top20/

The World Wide Web Security FAQ http://www.w3.org/Security/FAQ /www-security-FAQ .html
***************

You can add some proxy checking to your php scripts by modifying and using:

Code:
<?php

   /*
    Proxy Detection  v2.0
     Jonathan Anders
     geminii@citcom.net
     http://www.unixcon.net/~datalogik/scripts/
 
   Usage:
     Just include this page in any webpage you want protected.
   */

   /* Modify these next few lines to whatever you like. */
   
   $Ports = array('1080', '8080', '8000', '3128', '8888', '23', '80', '8081');    // To hold the list of ports.
   $AllowedHosts = array('localhost', 'allowedhost.com');             // To hold the list of allowed hosts.
   $DisallowedHosts = array('127.0.0.1.poo.com', 'something.msn.com');       // To hold the list of disallowed hosts.
   $Redirect = "http://www.unixcon.net/~datalogik/scripts/";         // Redirect page
   $SocketTimeout = 1;                        // Higher the number, the longer it takes.

   /* End of modification. */

   if ((!in_array ($REMOTE_ADDR, $AllowedHosts)) && (!in_array ($REMOTE_ADDR, $DisallowedHosts)))
   {
   
      $x = 1;
   
      while ($Ports[$x])
      {
         $fSockPointer = fsockopen($REMOTE_ADDR, $Ports[$x], $errno, $errstr, $SocketTimeout);
         if ($fSockPointer)
         {
            header ("Location: $Redirect");
            fclose($fSockPointer);
         }
         $x++;
      }
   } else {
      if (in_array ($REMOTE_ADDR, $AllowedHosts))
      {
         die();
      } else {
         header ("Location: $Redirect");
         die();
      }
   }

?>
View user's profileSend private messageYahoo MessengerICQ Number
war59312
 
 


Joined: 22 Oct 2005
Posts: 1
Location: U.S.A

PostPosted: Sat Oct 22, 2005 5:43 am Reply with quoteBack to top

Hey Demoric,

Please see:

http://www.willsdownloads.com/proxy.php

Can I hide the warnings so most users won't even know it happened?

Also, if user is running web server like myself it's not going to google.com like it should be. Instead I get this nice little error. Sad

Code:

Warning: Cannot modify header information - headers already sent by (output started at /proxy.php:30) in /proxy.php on line 33


Well thanks for any help,
Will
View user's profileSend private messageAIM AddressYahoo MessengerMSN MessengerICQ Number
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Sat Oct 22, 2005 10:42 am Reply with quoteBack to top

My suggestions:
edit your php.ini in the Error handling and logging section to set how much information you want to display. Making certain that you have

display_errors = Off
log_errors = On
View user's profileSend private messageYahoo MessengerICQ Number
dale
 
 


Joined: 11 Jun 2006
Posts: 51
Location: las vegas, nv

PostPosted: Mon Jul 03, 2006 9:43 pm Reply with quoteBack to top

Is this against the rules of the internet world? On my test server I made sure that it works and all of the error returned by the server were fixed. I then made an error.php script that would return the url requested back to whoever sent it. The error.php script also wrote to a mysql data base with the ip, date, time and url requested so that I could request a private page to see who was wanting what.

The changes that I made in my httpd.conf was to copy all 4xx and paste them a little bit lower in the conf file. Then I commented out all of the apache ones and replaced the instruction with

ErrorDocument 400 /error/error.php

and so on. From my study of the bad url requests they were either from a virus or some hacker to look for holes because the requests would run in groups most of the time with the same url type requests in a row.

I guess the main question is, does the error return page have to have a 4xx code on it? My page just says

Hi there

It seems like you are looking in the wrong place for whatever you are trying to do. The url you are looking for is listed below:

/badurl
View user's profileSend private message
linux-don
 
 


Joined: 12 Jan 2006
Posts: 30
Location: New York

PostPosted: Fri Aug 11, 2006 5:56 am Reply with quoteBack to top

I'm wanting to set up a way to hender or stop image thieves that either try to save images to their PC by way of right clicking or using the IE toolbar or by linking it on another site.

Is there a way that if either of these methods are used that they would get an alternate image? If so, how would I set this up?

As an example: Let's say I linked an image from one site to another.. the alternate image could be one that says "Don't steal or link this image"... or something to that effect.

EDIT: I've tried more recommendations from other sites as well as this one... and still can't seem to get it to work.

Server Profile
Windows XP Pro
A2T Extreme v1.5.4

I've tried several variations of the recommendations within the server config file, which turned no results. I've also used .htaccess page to try and see if that worked.. and it sorta did.. but sorta not. If I placed it in the htdocs directory.. it would prevent hotlinking, but generated an error 500 when trying to access any of my sites (I have 4 vhosts including the default one). If I placed it in the apache2triad folder.. I could access my sites.. but it didn't stop the hotlinking.

Am I missing something or have I misconfigured something? Any assistance would be greatly appreciated.
View user's profileSend private messageYahoo MessengerMSN Messenger
Joshua Meadows (DemoRic)
support
support


Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas

PostPosted: Fri Aug 11, 2006 6:08 pm Reply with quoteBack to top

The methods listed earlier prevent other sites from using your bandwidth to have their site display the image as if it were there own. (hotlinking)
Quote:
Is there a way that if either of these methods are used that they would get an alternate image? If so, how would I set this up?

Just add to each virtual host.
Code:
   ## ---------- Prevent Bandwidth Thieves -------------------
      # Method 1: Block anything not linked from your site.
      RewriteCond %{HTTP_REFERER}!^https?://(www\.)?%{SERVER_NAME}/ [NC]
      
      # Serve Alternate Item:
      #RewriteRule [^/]+.(gif|jpg|mp3|swf|png|jpeg)$ https://%{SERVER_NAME}/denied.gif [R,L]

      # Block Altogether
      RewriteRule [^/]+.(gif|jpg|mp3|swf|png|jpeg)$ - [NC,F]

      # Method 2: Block only linked items from a specific site.
      #RewriteCond %{HTTP_REFERER} ^http://(www\.)?BlockedSiteName\.com/ [NC]
      #RewriteRule \.(gif¦jpg)$ - [NC,F]
   ## --------------------------------------------------------

*Note: if you're like me there is a whole mess of things I routinely add to virtual hosts, you can put them all in an protect.conf and then just add one line to each virtual host
Include C:/apache2triad/conf/protect.conf

You can prevent right-click using javascript, but the user could always veiw the page's source. http://www.dynamicdrive.com/dynamicindex9/noright2.htm
http://www.dynamicdrive.com/dynamicindex9/imagebar.htm

You could also slice images or create watermarks (diagnal ones work best)

Ultimately though you can only make things difficult, but you can't prevent image theft.
View user's profileSend private messageYahoo MessengerICQ Number
Display posts from previous:      
Post new topic Reply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
Powered by phpBB © 2001, 2002 phpBB Group :: FI Theme
All times are GMT