473,236 Members | 1,477 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,236 software developers and data experts.

Apache security question?


I have 3 computers with Ethernet connection to a local router
box(SMC7008ABR) and on the wan side to Verizion DSL.
I was able to install Apache and PHP on one of the PC with
XP Home edition. How much risk from being attacked?
I set up SMC7008ABR to allow only public port 80. The reason
I am sking becuase Verizon is no longer give me a fix IP
address anymore since I saw the LED lights of the DSL box
and SMC keep flashing non-stop.

Thanks.
Jul 17 '05 #1
3 1778
New to PHP wrote:

I have 3 computers with Ethernet connection to a local router
box(SMC7008ABR) and on the wan side to Verizion DSL.
I was able to install Apache and PHP on one of the PC with
XP Home edition. How much risk from being attacked?
I set up SMC7008ABR to allow only public port 80. The reason
I am sking becuase Verizon is no longer give me a fix IP
address anymore since I saw the LED lights of the DSL box
and SMC keep flashing non-stop.

Thanks.


Hi,

WHole books, sorry, whole libraries, have been filled with setupd/advises
about security.

You cannot expect we can answer your question within any reasonable time.

I have a few general remarks:
Since you only opened port 80 on your router/firewall, you should be
reasonably safe from other kinds of attacks.
I take it you route the requests to your XPHome/PHP/Apache machine, right?

So that is your primary point of concern for attacks. (Since everybody who
wants to pay you a visit will surely try port 80)

XPHome edition = M$ = often unsafe.

I have zero experience with Apache on M$ boxes, but I can tell you Apache is
a very solid piece of software (on GNU/Nix at least), so that is probably
ok.
Maybe somebody else can help you more on that matter.

And maybe you better visit a security oriented newsgroup.
PHP, however, is involved (probably) in a lot more on your system, like
opening database connections, opening/writing local filesystem, etc. etc.

So you have to be sure your PHP-code is solid enough to withstand standard
fun like SQL-injection, naughty characters, etc.

This is nothing special, all your PHP code should be robust enough to
survive such attacks.

As far as I can see, this is the route for a naughty visitor into your
machine:

Your external IP-num (Port 80)
--> Apache on your local machine (XP) will handle the request
--> some PHP script gets executed.

I expect the weakest point is the PHP script, if you write it yourself and
are new to PHP.

The fact that only open port80, and keep all others closed sounds good.
By the way, how can you host a game of Starcraft, with all those ports
closed? :P
So far. Sorry I cannot be more to the point, but your question is VERY broad
and spans too much to cover for me (if I could anyway)..

Regards,
Erwin Moller
Jul 17 '05 #2
"New to PHP" <da************@yahoo.com> wrote in message
news:uh***********@yahoo.com...

I have 3 computers with Ethernet connection to a local router
box(SMC7008ABR) and on the wan side to Verizion DSL.
I was able to install Apache and PHP on one of the PC with
XP Home edition. How much risk from being attacked?
I set up SMC7008ABR to allow only public port 80. The reason
I am sking becuase Verizon is no longer give me a fix IP
address anymore since I saw the LED lights of the DSL box
and SMC keep flashing non-stop.

Thanks.


At work we have a Windows 2000/Apache 2 set up and it has been trouble free
thus far. As Erwin said, Apache is a very solid software and it's unlikely
that it'll be exploited as an avenue of attack.

Be sure to change the login used by Apache to a more restricted account.
Apache installs itself to run as a privileged user. If an attacker finds a
hole in your PHP scripts, he could do very serious damage. It's also a good
idea to change the location of the log files from "C:\Program files\Apache
Group\Apache 2\log" to something else, so that there isn't a well known
place for potential attackers to deposit PHP code.
Jul 17 '05 #3
New to PHP wrote:
I have 3 computers with Ethernet connection to a local router
box(SMC7008ABR) and on the wan side to Verizion DSL.
I was able to install Apache and PHP on one of the PC with
XP Home edition. How much risk from being attacked?
I set up SMC7008ABR to allow only public port 80. The reason
I am sking becuase Verizon is no longer give me a fix IP
address anymore since I saw the LED lights of the DSL box
and SMC keep flashing non-stop.

Thanks.


One little hint that might help tie things down a little tigher for you
is to configure Apache to listen to a port >1024 instead of port 80,
then change your router to route WAN port 80 to the new LAN port. I
know on a Unix box (whatever about windoze) that this offers additional
security in what a user can do to your server if they could gain access
to it.... I don't know about windoze though.

Lastly - Have you got a firewall on your windoze box? And what about
your router? My Linksys router provides in and outbound logs... Examine
them - in theory you should not have much inbound traffic that CONNECTed
- Any inbound attempts should be few (since they are stopped at a
correctly configured router/firewall) and if somehow someone does get
it, hopefully windoze would have put up a fight and DROPed the attempts.

I hope that helps... I suggest having a word with someone in a WinXP
group, and/or comp.infosystems.www.servers.win32...

Hope that helps...

randelld
Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Mike | last post by:
Hello I'm hoping someone can help me with the following. My son is learning PHP and wants to install an apache test server on our XP pro home computer so he can test his code before uploading...
2
by: Mike | last post by:
I am sure that I am making a simple boneheaded mistake and I would appreciate your help in spotting in. I have just installed apache_2.0.53-win32-x86-no_ssl.exe php-5.0.3-Win32.zip...
1
by: Daniel Gélinas | last post by:
Hi, Directly from command line on the server, I execute a bash script, that is called from a Php script, with no problem. But when the Php script is called from Apache, I have some...
0
by: Kevin Sagon | last post by:
I am running a J2EE Web App under Tomcat 4.1 with Apache 2.0 proxying requests. Everything is configured and working appropriately however I ran into a problem after configuring J2EE Form...
7
by: Steevo | last post by:
I am hoping to run a small website from a server in my house. Many people have suggested I use Apache web server and pointed me to: http://www.apache.org/dist/httpd/binaries/win32/ to download...
1
by: Peter Lundbäck | last post by:
Hi, Maybe this ain't the correct group for this question but i'll give it a try. We have a Apache machine acting as a front-end server to a IIS 6.0 server for security reasons. On the IIS...
3
by: Joseph S. | last post by:
Hi, I am trying to install PHP 5.0.4 on Apache 2.0.54 on WinXP Pro SP2 as a cgi binary. Apache2 directory is c:/Apache2 htdocs is c:/Apache2/htdocs php is installed in c:/php This contains...
1
by: pittendrigh | last post by:
I recently (this morning) had a university sever hacked. This was a root compromise. The box is now disconnected. This Suse10.1 linux box runs apache2, php5 and tomcat_4_something. We haven't...
6
by: MaiyaHolliday | last post by:
Hello, I've recently installed apache on a new computer, and cannot figure out why my site will not process any includes. (it was working on my old one) There are no errors on the page such as...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.