Apache security question?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have 3 computers with Ethernet connection to a local router
box(SMC7008ABR) and on the wan side to Verizion DSL.
I was able to install Apache and PHP on one of the PC with
XP Home edition. How much risk from being attacked?
I set up SMC7008ABR to allow only public port 80. The reason
I am sking becuase Verizon is no longer give me a fix IP
address anymore since I saw the LED lights of the DSL box
and SMC keep flashing non-stop.


Re: Apache security question?

Quoted text here. Click to load it

At work we have a Windows 2000/Apache 2 set up and it has been trouble free
thus far. As Erwin said, Apache is a very solid software and it's unlikely
that it'll be exploited as an avenue of attack.

Be sure to change the login used by Apache to a more restricted account.
Apache installs itself to run as a privileged user. If an attacker finds a
hole in your PHP scripts, he could do very serious damage. It's also a good
idea to change the location of the log files from "C:\Program files\Apache
Group\Apache 2\log" to something else, so that there isn't a well known
place for potential attackers to deposit PHP code.

Re: Apache security question?

New to PHP wrote:

Quoted text here. Click to load it

One little hint that might help tie things down a little tigher for you
is to configure Apache to listen to a port >1024 instead of port 80,
then change your router to route WAN port 80 to the new LAN port.  I
know on a Unix box (whatever about windoze) that this offers additional
security in what a user can do to your server if they could gain access
to it.... I don't know about windoze though.

Lastly - Have you got a firewall on your  windoze box? And what about
your router?  My Linksys router provides in and outbound logs... Examine
them - in theory you should not have much inbound traffic that CONNECTed
- Any inbound attempts should be few (since they are stopped at a
correctly configured router/firewall) and  if somehow someone does get
it, hopefully windoze would have put up a fight and DROPed the attempts.

I hope that helps... I suggest having a word with someone in a WinXP
group, and/or comp.infosystems.www.servers.win32...

Hope that helps...


Site Timeline