
Apache can leave huge holes if you do it wrong. This is why I got someone else to do it all for me.
we're smiling but we're close to tears, even after all these years
The holes in apache only really apply if you're a webhost and/or allow users to upload files. Assuming it's just him with access to upload files etc it's fine.
A lot of securing things on Linux is actually about limiting/securing things that people who have some sort of access can do. If there's just one administrator with nobody having any access other than browsing and interfacing with the website then the default setup is fine. However running a website like his, no securing of things like apache is going to help if his codebase and usersystem aren't secure.
I'd have to agree here, you're handling other people's money and in that sense I'd be getting someone in to secure it for me. It's just small things, as Nick says, the more people you allow access to the server with and the more software you install, the less secure it becomes. Literally less than a day after most of my VPS's go online, without telling people, there are randomers from the far east trying to get into various accounts on things like FTP and SSH, let alone people who will possibly be looking for vulnerabilities when the site has launched.
Block port 22 with a firewall and move SSH to an obscure port, disable SSH v1 (I think, it's something v1 in the SSH config) and if you really wanted to, you could disable password based authentication and stick to keys.
Yeah, you get automated SSH login attempts from servers trying to find vulnerable ones to access. But if you actually look at the attempts they're for things like username: John Password: John Username: root Password: password. Not that big of an issue unless your password is as insecure as that lol. And the way to deal with it is moving SSH to a port other than 22 and/or disable password authentication.
Hi,
I can have one of my sysadmins install desired software packages, harden software platforms such as PHP, secure SSH and configure a firewall for a one-time fee.
Feel free to message me.
Thanks.
I'll harden the server for you for a small fee.
[email protected]
Want to hide these adverts? Register an account for free!