Hi Kieran,
On a shared environment, you can look forward to getting hacked simply because someone else on the box got hacked. To make that less likely, you should set permissions to limit the amount of damage that someone else's scripts can do to your site. If your code runs as your own user, then setting "private" file permissions to 0600 (user:www), and directory permissions to 0710 (user:www) can frustrate a lot of automated hacks. If you're sharing the www user with everyone else on the sytem, then you're pretty much sunk. For a shared environment, it will help a little to obfuscate your drupal configuration file - or rename it (but not much). (To make getting hacked less damaging, you need backups.)
If you control the machine you should set up a firewall to prohibit unprivileged traffic, and to prohibit traffic on ports you have not configured. Many attackers perfer to make their own network connections, rather than thread them through the web server, so you can catch the problem that way. A lot of linux privilege escalation exploits rely on loading modules on the fly, so you should disable the loading of modules. In older kernels, you can do this by blacklisting every single unloaded module on the system.
&:-)
On Wed, 4 Jan 2012 22:13:52 +0100
AJ McKee <aj.mckee at druid-dns.com> wrote:
> Hi Kieran,
>> Best list for such questions is the php users groups, php.ie
>> But here are a few tips;
>> 1. Set max exception time to a low setting
> 2. Change the post_max_size and max_input_time
> 3. If you control the servers, consider putting mod_security on
> either an upstream reverse proxy or on the hosts themselves 4.
> Always, always, always mount /tmp /var/tmp with no exec 5. Download
> your logs or better remote log 6. Filesystems mount with ACL options
> in stab are a must 7. BACKUPS
>> In short there are a lot of things you can be doing here. If you have
> been hacked, get all the open net connections, get all logging
> information, get as much info as you can from the host. Take it
> offline, as you don't want to be used as a bounce host towards
> someone else.
>>>>> On Wednesday 4 January 2012 at 21:50, Kieran O'Sullivan wrote:
>> > Hi
> > I running two drupal 5.5 (yes I know its old but it works) web
> > sites on linux and so far I haven't been hacked. I have followed
> > all of the drupal guidelines for security.
> >
> > I am looking for anyone one who has experience with
> > linux/apache/drupal to give me more advice especially if you have
> > been hacked.
> >
> > Thanks.
> >
> >
> >
> >
> > --
> > Irish Linux Users' Group mailing list
> > About this list : http://mail.linux.ie/mailman/listinfo/ilug> > Who we are : http://www.linux.ie/> > Where we are : http://www.linux.ie/map/> >
> >
>>> --
> Irish Linux Users' Group mailing list
> About this list : http://mail.linux.ie/mailman/listinfo/ilug> Who we are : http://www.linux.ie/> Where we are : http://www.linux.ie/map/
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
