This site is some kind of personal database gathering notes about my day-to-day discoveries in the IT world basically about security.
While some are howtos and tips (we learn a new thing every day eh), hopefully you'll find some of them informative !

Showing posts with label Apache. Show all posts
Showing posts with label Apache. Show all posts

November 29, 2007

Secure your apache server from given info to hackers

By default, most pre-packaged apache installations come with full information leakage, so if you telnet to port 80 on your webserver you can check, just type in the GET / HTTP/1.1 line, then hit enter twice

#telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain.
Escape character is ‘^]’.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Fri, 30 Mar 2007 09:59:37 GMT
Server: Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-18
Content-Length: 337
Connection: close
Content-Type: text/html; charset=iso-8859-1
Here we see the Apache version, the distro, and the php version. If you had any extra apache modules installed, it would also show them as well as their versions. We can easily fix this by modifying the config file which will be distribution dependent. On Debian/Ubuntu its /etc/apache2/apache2.conf,We will need to modify the ServerSignature and ServerTokens lines, if you don’t have them, add them in. Here’s what they should be set to

ServerSignature Off
ServerTokens Prod
Now you need to Secure PHP version information

By default when php serves a page your header will show

X-Powered-By: PHP/4.X.X
You need to modify the php.ini and set the expose_php variable to Off. For Debian/Ubuntu, the file is /etc/php4/apache2/php.ini (If you are using php5 you need to edit this file /etc/php4/apache2/php.ini) . This will remove the X-Powered-By line.

expose_php = Off
Another problem in php could be display_errors, you want this turned off for a production web site because it might provide file paths or other informaiton.

display_errors = Off
Now you need to restart the apache web server using the following command

#/etc/init.d/apache2 restart
Test your Apache server

telnet to port 80 on your webserver just type in the GET / HTTP/1.1 line, then hit enter twice

# telnet localhost 80
Trying 127.0.0.1…
Connected to localhost.localdomain.
Escape character is ‘^]’.
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Fri, 30 Mar 2007 09:59:37 GMT
Server: Apache
Content-Length: 337
Connection: close
Content-Type: text/html; charset=iso-8859-1
Now you can see in the above information you don’t find any apache version details,Distro and php version details.

0 comments

December 28, 2006

Securing Apache

You don't want your website to be like this do you?


It's been days at hangang ngayon ganito pa rin web site nila. Nagtataka lang ako kung talaga bang ganito un site nila o na-hack na to? Or malamang misconfigured? Napaisip tuloy ako sa web server ko... hmmm...

To help my fellow sysads. This is how I secure my apache.

Installation
OS = Fedora Core 4
Version = httpd-2.0.54-10.4
SSH as regular user to your server. Again, DO NOT use telnet!

Do the usual lame install.
Change to root:

$ su -
Do the yum:
# yum -y install httpd
Configuration
Edit httpd.conf:

Backup it first
# cd /etc/httpd/conf
# cp httpd.conf httpd.conf.bak
Now open httpd.conf:
# vi /etc/httpd/conf/httpd.conf 
Just edit this directives and leave everything default:
### Section 1: Global Environment
# This hide apache version info
ServerTokens Prod
# Listen: Allows you to bind Apache to specific IP address and ?or ports.
Listen 80
# Specify the name of the user/group to run httpd as.
User apache
Group apache

### Section 2: 'Main' Server Configuration
# First, we configure the "default" to be a very restrictive set of features.

Options FollosSynLinks
# This allow us to use .htaccess
AllowOverride All
# Add for security
Order Deny,Allow
Deny from all
Oprtions None
# Turn off directory browsing
Options -Indexes

# The Options directives
Options All

# AllowOverrride controls what directives may be placed in .htacess files.
AllowOverride All

# Controls who can get stuff from this server.
Order allow, deny
Allow from all

# AccessFileName: The names of the file to look for in each directory for additional configuration directives.
AccessFileName .htaccess

# ServerSignature: Optionally add a line containing the server version and virtual host name to server-generated pages.
ServerSignature off
.htaccess
Make the file:
# vi /var/www/html/.htaccess
Put this to the file:
#
# mod_rewrite in use
#
RewriteEngine On

# Rules
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^content/(.*) index3.php
RewriteRule ^component/(.*) index3.php
RewriteRule ^mos/(.*) index3.php

###########################################################################
# This prevents hot-linking of images from this website
# just to save the bandwith :)
###########################################################################
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com/.*$ [NC]
RewriteRule .(gif|jpg)$ - [F]

###########################################################################
# This deny directory browsing
###########################################################################
IndexIgnore */*
Options -Indexes

###########################################################################
# This prevent access to .htaccess file
###########################################################################
order allow,deny
deny from all

###########################################################################
# Deny Useragents
# Ban access to your site based on the user agent that is reported in the
# request header. If it is on this list then they will not have access to
# your site.
###########################################################################
RewriteCond %{HTTP_USER_AGENT} ^Alexibot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^asterias [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Black.Hole [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlowFish [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BotALot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BuiltBotTough [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bullseye [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BunnySlippers [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Cegbfeieh [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^cfetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^CheeseBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^CopyRightCheck [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^cosmos [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Crescent [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DA\ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DataCha0s.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^dcs [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DittoSpyder [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Download.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Email.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EroCrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FDM\ 2.x [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Foobot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FreshDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Googlebot-Image [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Harvest [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^hloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^httplib [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^humanlinks [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InfoNaviRobot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Java.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JennyBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Kenjin.Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Keyword.Density [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LexiBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libWeb/clsHTTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkextractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkScan/8.1a.Unix [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mata.Hari [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MIIxpc [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Missigua.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister.PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^moget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NG [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NPBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline.Explorer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Openfind [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PostFavorites [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ProPowerBot/2.14 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ProWebWalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^QueryN.Metasearch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^RMA [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SlySearch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SpankBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^spanner [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^StarDownloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^suzuran [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Syntryx [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Szukacz/1.4 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Telesoft [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^The.Intraformant [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TheNomad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TightTwatBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Titan [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^toCrawl/UrlDispatcher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^True_Robot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^turingos [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^TurnitinBot/1.5 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Twiceler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^URLy.Warning [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^VCI [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebBandit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebEnhancer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web.Image.Collector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebmasterWorldForumBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website.Quester [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Webster.Pro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZip [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWW-Collector-E [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC]
RewriteRule ^.*$ - [F]

###########################################################################
# Spam Referrers
# Referrer spam is where someone forges the referer header and then
# accesses your site. The thought here is that hopefully you are someone
# that monitors your log files and you will see this link and visit there
# site. Or hopes that your report on activity are publicly viewable on the
# web and that a search engine will spider your reports and increase the
# number of sites linking to them therefore increasing there ranking in the
# search engine.
###########################################################################
RewriteCond %{HTTP_REFERER} hackerviet [NC,OR]
RewriteCond %{HTTP_REFERER} insurance [NC,OR]
RewriteCond %{HTTP_REFERER} poker [NC,OR]
RewriteCond %{HTTP_REFERER} 24hours-credit [NC,OR]
RewriteCond %{HTTP_REFERER} baby-casino [NC,OR]
RewriteCond %{HTTP_REFERER} texas-hold-em [NC,OR]
RewriteCond %{HTTP_REFERER} hold-em [NC,OR]
RewriteCond %{HTTP_REFERER} holdem [NC,OR]
RewriteCond %{HTTP_REFERER} doctor-pills [NC,OR]
RewriteCond %{HTTP_REFERER} thesmart-casino [NC,OR]
RewriteCond %{HTTP_REFERER} westvalleyhigh [NC,OR]
RewriteCond %{HTTP_REFERER} highest-credit [NC]
RewriteRule ^.*$ %{HTTP_REFERER} [R,L]

0 comments

Subscribe to: Posts (Atom)