Welcome! Log In Create A New Profile

Advanced

Re: Nginx securiy problem

December 05, 2009 02:01PM
Steve Wrote:
-------------------------------------------------------
> Fix your application (vbulletin). If you can't do
> that then go back to your Apache setup and use
> something like mod_security
> (http://www.modsecurity.org/) with it or any other
> WAF. Harden your PHP since it seems that all your
> attacks where introduced by something tunneled
> over vbulletin (which is PHP) into your system and
> then executed/triggered from/by within PHP. I
> would say that one of your users has uploaded some
> kind of scanning toolkit on your server and then
> misusing your server to scan other systems. Don't
> allow the user that is running PHP to execute
> tools that a normal PHP setup does not need. Nail
> down your file system (for example: mount your
> temporary directories with "noexec" and do the
> same for your upload directory, etc). Use
> something like SELinux / RBAC / grsecurity / etc
> to prevent your PHP interpreter to go wild. Add an
> IDS / NIDS / PIDS / etc and act as soon as
> possible if something strange is going on. Use
> something like Fail2Ban to parse logs and act on
> significant issues. Use something like PSAD to
> prevent idiots scanning your system. Use a
> firewall / IPtables / etc to prevent your system
> making strange connections to the outside world.
> If you are not familiar with IPtables then use
> something like Shorewall and install it on your
> system and don't just check inbound but do check
> outbound as well. Close every not needed port or
> application on your system. Double secure your
> logins from external (don't allow root to log into
> ssh, use AllowGroups/AllowUsers to limit who can
> log in, use unprivileged user to log into ssh and
> su to root, etc). If you are still staying on
> Apache then use something like mod_evasive to
> prevent one single system from outside to bring
> your Apache down. If you are still staying on
> Apache then use something recent that is not such
> a big security issue as the older Apache versions
> (look up the therm "Slowloris" if you need a good
> example what I mean). etc, etc, etc... Just do the
> normal things every good sysadmin/hoster would do.
> I am pretty sure that nginx is not your problem.
> But I understand if you say that with Apache you
> don't have those issues. It's normal human
> behavior to think in pictures (I have problems
> with my page. Hmmm.... I use nginx. Hmmm. Format
> system, install fresh OS, install Apache. Hmm...
> No problem so far. Okay! I got it! It's nginx.)
> instead of taking the time to understand what the
> problem is and THINK on the problem and solution.
> But hey! It's your install. If you think that it
> is nginx then it MUST be nginx. I would not be
> surprised if in some days you would come back here
> and tell us the same story has happened with
> Apache as HTTPD.
Thanks very much for you advise.
I have switched back to last stable version nginx 0.7.64.
Do you suggest me to use 0.8.** version?

I am not the system specialist. I will do your advises step bu step.
But fisrtly I have to check them because I am not sure is it possible to install these applicaiton for my side.

Thanks you again for your suggestion.

> Oh! And one last advice: Do not trust anybody! If
> a security company is telling you that YOUR system
> is secure then fine and dandy but it's you that
> need to guarantee and understand the security of
> your system. Not any one else. You need to
> UNDERSTAND what is going on with your system and
> YOU need to KNOW that and why your system is
> secure. Some one telling you that is secure is not
> going to take away that responsibility from you. A
> drug dealer will always ensure that what you buy
> from him is 100% risk free and and and... but it's
> you that is going to consume that stuff and it's
> you that is risking to die. Not him. So don't just
> blindly trust. Turn on the gears in your head and
> THINK and ACT but don't just follow blindly. You
> are not a sheep!

Sure I am not
Softlayer has forced me to apply one of the 6 servermanagment company these are trusted and certified from Sofltlayer, or close my network.
They said me "If they report that your server is clean it is ok" So I had have to go one of them.

Nevermind, I close my relation with Server Managemnt Comp. and reinstall nginx. And I look ahead

Best regards


> Sarah Kreuz, die DSDS-Siegerin der Herzen, mit
> ihrem eindrucksvollen
> Debütalbum "One Moment in Time".
> http://portal.gmx.net/de/go/musik
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Nginx securiy problem

egerci December 03, 2009 04:22AM

Re: Nginx securiy problem

Sergej Kandyla December 03, 2009 05:46AM

Re: Nginx securiy problem

egerci December 03, 2009 07:41AM

Re: Nginx securiy problem

Piotr Sikora December 03, 2009 09:08AM

Re: Nginx securiy problem

egerci December 03, 2009 12:31PM

Re: Nginx securiy problem

Cliff Wells December 03, 2009 01:02PM

Re: Nginx securiy problem

egerci December 03, 2009 01:22PM

Re: Nginx securiy problem

Cliff Wells December 03, 2009 02:04PM

Re: Nginx securiy problem

George December 03, 2009 02:06PM

Re: Nginx securiy problem

egerci December 03, 2009 02:55PM

Re: Nginx securiy problem

mike December 03, 2009 03:42PM

Re: Nginx securiy problem

Igor Sysoev December 03, 2009 04:16PM

Re: Nginx securiy problem

mike December 03, 2009 05:06PM

Re: Nginx securiy problem

mike December 04, 2009 01:00AM

Re: Nginx securiy problem

Igor Sysoev December 04, 2009 01:00AM

Re: Nginx securiy problem

Jean-Baptiste Quenot December 05, 2009 05:02AM

Re: Nginx securiy problem

mike December 05, 2009 05:24AM

Re: Nginx securiy problem

Steve December 05, 2009 06:26AM

Re: Nginx securiy problem

mike December 05, 2009 01:32PM

Re: Nginx securiy problem

Igor Sysoev December 05, 2009 02:00PM

Re: Nginx securiy problem

Steve December 05, 2009 04:36PM

Re: Nginx securiy problem

mike December 05, 2009 05:32PM

Re: Nginx securiy problem

Steve December 05, 2009 06:46PM

Re: Nginx securiy problem

Jérôme Loyet December 05, 2009 07:12AM

Re: Nginx securiy problem

Steve December 03, 2009 06:08PM

Re: Nginx securiy problem

mike December 03, 2009 07:26PM

Re: Nginx securiy problem

Steve December 03, 2009 07:42PM

Re: Nginx securiy problem

Steve December 03, 2009 07:14PM

Re: Nginx securiy problem

egerci December 05, 2009 02:01PM

Re: Nginx securiy problem

Steve December 05, 2009 05:04PM

Re: Nginx securiy problem

mike December 05, 2009 05:16PM

Re: Nginx securiy problem

Jim Ohlstein December 05, 2009 05:34PM

Re: Nginx securiy problem

egerci December 05, 2009 07:30PM

Re: Nginx securiy problem

Steve December 05, 2009 09:12PM

Re: Nginx securiy problem

mike December 05, 2009 09:30PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready