This site is some kind of personal database gathering notes about my day-to-day discoveries in the IT world basically about security.
While some are howtos and tips (we learn a new thing every day eh), hopefully you'll find some of them informative !

December 28, 2006

Securing Apache

You don't want your website to be like this do you?


It's been days at hangang ngayon ganito pa rin web site nila. Nagtataka lang ako kung talaga bang ganito un site nila o na-hack na to? Or malamang misconfigured? Napaisip tuloy ako sa web server ko... hmmm...

To help my fellow sysads. This is how I secure my apache.

Installation
OS = Fedora Core 4
Version = httpd-2.0.54-10.4
SSH as regular user to your server. Again, DO NOT use telnet!

Do the usual lame install.
Change to root:

$ su -
Do the yum:
# yum -y install httpd
Configuration
Edit httpd.conf:

Backup it first
# cd /etc/httpd/conf
# cp httpd.conf httpd.conf.bak
Now open httpd.conf:
# vi /etc/httpd/conf/httpd.conf 
Just edit this directives and leave everything default:
### Section 1: Global Environment
# This hide apache version info
ServerTokens Prod
# Listen: Allows you to bind Apache to specific IP address and ?or ports.
Listen 80
# Specify the name of the user/group to run httpd as.
User apache
Group apache

### Section 2: 'Main' Server Configuration
# First, we configure the "default" to be a very restrictive set of features.

Options FollosSynLinks
# This allow us to use .htaccess
AllowOverride All
# Add for security
Order Deny,Allow
Deny from all
Oprtions None
# Turn off directory browsing
Options -Indexes

# The Options directives
Options All

# AllowOverrride controls what directives may be placed in .htacess files.
AllowOverride All

# Controls who can get stuff from this server.
Order allow, deny
Allow from all

# AccessFileName: The names of the file to look for in each directory for additional configuration directives.
AccessFileName .htaccess

# ServerSignature: Optionally add a line containing the server version and virtual host name to server-generated pages.
ServerSignature off
.htaccess
Make the file:
# vi /var/www/html/.htaccess
Put this to the file:
#
# mod_rewrite in use
#
RewriteEngine On

# Rules
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^content/(.*) index3.php
RewriteRule ^component/(.*) index3.php
RewriteRule ^mos/(.*) index3.php

###########################################################################
# This prevents hot-linking of images from this website
# just to save the bandwith :)
###########################################################################
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com/.*$ [NC]
RewriteRule .(gif|jpg)$ - [F]

###########################################################################
# This deny directory browsing
###########################################################################
IndexIgnore */*
Options -Indexes

###########################################################################
# This prevent access to .htaccess file
###########################################################################
order allow,deny
deny from all

###########################################################################
# Deny Useragents
# Ban access to your site based on the user agent that is reported in the
# request header. If it is on this list then they will not have access to
# your site.
###########################################################################
RewriteCond %{HTTP_USER_AGENT} ^Alexibot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^asterias [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Black.Hole [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlowFish [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BotALot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BuiltBotTough [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bullseye [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BunnySlippers [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Cegbfeieh [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^cfetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^CheeseBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^CopyRightCheck [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^cosmos [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DA\ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DataCha0s.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^dcs [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DittoSpyder [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Download.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Email.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EroCrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FDM\ 2.x [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Foobot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FreshDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Googlebot-Image [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Harvest [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^hloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^httplib [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^humanlinks [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InfoNaviRobot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Java.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JennyBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Kenjin.Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Keyword.Density [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LexiBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libWeb/clsHTTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkextractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkScan/8.1a.Unix [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mata.Hari [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MIIxpc [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Missigua.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister.PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^moget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NG [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline.Explorer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Openfind [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PostFavorites [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ProPowerBot/2.14 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^QueryN.Metasearch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^RMA [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SlySearch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SpankBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^spanner [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^StarDownloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^suzuran [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Syntryx [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Szukacz/1.4 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Telesoft [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^The.Intraformant [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TheNomad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TightTwatBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Titan [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^True_Robot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^turingos [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot/1.5 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^URLy.Warning [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^VCI [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebBandit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEnhancer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web.Image.Collector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebmasterWorldForumBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website.Quester [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster.Pro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZip [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWW-Collector-E [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC]
RewriteRule ^.*$ - [F]

###########################################################################
# Spam Referrers
# Referrer spam is where someone forges the referer header and then
# accesses your site. The thought here is that hopefully you are someone
# that monitors your log files and you will see this link and visit there
# site. Or hopes that your report on activity are publicly viewable on the
# web and that a search engine will spider your reports and increase the
# number of sites linking to them therefore increasing there ranking in the
# search engine.
###########################################################################
RewriteCond %{HTTP_REFERER} hackerviet [NC,OR]
RewriteCond %{HTTP_REFERER} insurance [NC,OR]
RewriteCond %{HTTP_REFERER} poker [NC,OR]
RewriteCond %{HTTP_REFERER} 24hours-credit [NC,OR]
RewriteCond %{HTTP_REFERER} baby-casino [NC,OR]
RewriteCond %{HTTP_REFERER} texas-hold-em [NC,OR]
RewriteCond %{HTTP_REFERER} hold-em [NC,OR]
RewriteCond %{HTTP_REFERER} holdem [NC,OR]
RewriteCond %{HTTP_REFERER} doctor-pills [NC,OR]
RewriteCond %{HTTP_REFERER} thesmart-casino [NC,OR]
RewriteCond %{HTTP_REFERER} westvalleyhigh [NC,OR]
RewriteCond %{HTTP_REFERER} highest-credit [NC]
RewriteRule ^.*$ %{HTTP_REFERER} [R,L]

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)