1, HTTP denial of service attacks:
1), packet flood attacks. Usually by the ICMP or UDP packets to the realization of the target server hackers deceive, to believe that the attacks from their own
2), the disk attacks. User requests the use of forged written order of the target computer's hard drive.
3), routing is not up to the attack. The target machine first, concerning the amendment of routing tables on the router.
4), Distributed Denial of Service attack (DDOS). Worms such as SSL.
2, a buffer overflow.
3, the attacker access to ROOT permissions.
Second, configure a secure server APACHE
1, ground patching.
2, hidden and disguised version of APACHE.
The machine can httpd-v to see the version information.
You can also: telnet WEB server's IP 80, get access to WEB information.
WWW server of the analysis of response message: If WSockExpert.
File name to use to determine the difference, UNIX is case-sensitive file names, windows file names are case-sensitive.
In addition to Apache version number is to modify the configuration file / etc / httpd.conf, set it to:
ServerSignature OffServerTokens Prod
Setup recompilation, prompted to replace the contents inside.
To Apache 2.0.50 as an example, ap_release.h edit documents, modify "# define AP_SERVER_BASEPRODUCT \" Apache \ "" for "# define AP_SERVER_BASEPRODUCT \" Microsoft-IIS/5.0 \ "". Edit os / unix / os.h document, modify "# define PLATFORM \" Unix \ "" for "# define PLATFORM \" Win32 \ "". After modification, re-compile, install Apache.
Apache installation is complete, modify httpd.conf configuration file, the "ServerTokens Full" changed to "ServerTokens Prod"; to "ServerSignature On" changed to "ServerSignature Off", and then withdraw from the disk.
3, LINUX directory structure and security
serverROOT: configuration files, binary files and other server configuration files, only by the root user access.
documentroot: WEB site. WEB managers and APACHE users.
scripalias: preservation of CGI scripts. CGI can only be APACHE developers and users.
customlog and errorlog: save access logs and error log. Only root can access.
4, APACHE server password-protected. Htpasswd file.
vi. htaccess
authtype basic
authuserfile / usr / home /***/ htdocs/.abcname1
authuserfile / usr / home /***/ htdocs/.abcname2
authgroup / usr / home /***/ htdocs / .htgroup
authname information
require valid-user
htpassword-c / usr / home /***/ htdocs/.abcname2 wang
htpassword-c / usr / home /***/ htdocs/.abcname2 zhang
vi. htgroup
chen: a1 a2 a3
li: b1 b2 b3
order allow, deny
deny from all
order allow, deny
allow from all
deny from 111.222
5, in the "prison" run APACHE.
6, APACHE prevent DOS attacks.
Primarily for its software to prevent apache dos evasive maneuvers module to achieve, to replace the mod_access.
Automatic statistics of the number of TCP connections:
netstat-an | grep-i "Server IP: 80" | awk '(print $ 6)' | sort | uniq-c | sort-n
echo 1> / proc/sys/net/ipv4/tcp_syncookies
echo "1"> / proc/sys/net/ipv4/tcp_syn_retries
echo "1"> / proc/sys/net/ipv4/tcp_synack_retries
Increase the number of syn_backlog:
ech0 "2048"> / proc/sys/net/ipv4/tcp_max_syn_backlog
7, to reduce the risk of CGI and SSL.
8, APACHE log management.
9, the use of MYSQL certification of APACHE.
10, the use of LDAP for authentication APACHE.
11, the use of other security tools.
0 评论:
发表评论