Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Is this hackable?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Is this hackable?

DrukpaDrukpa Member
edited April 2013 in General

On a linux machine, I install a webserver (apache) with port 80. I block all other ports with iptables except for HTTP and ICMP. I only serve static html files through apache.

Is this machine still going to be vulnerable to hackers?

Comments

  • Yes. If they backdoor your home PC through which you login to this server for instance.

  • NickkNickk Member

    I assume you will have SSH running? Secure that well, keep all your packages up to date and you wouldn't really be able to get any safer (except not having a internet facing server at all)

  • @rds100 said: Yes. If they backdoor your home PC through which you login to this server for instance.

    @Nick said: I assume you will have SSH running? Secure that well, keep all your packages up to date and you wouldn't really be able to get any safer (except not having a internet facing server at all)

    What if the server was physically accessible, and only login by using physical keyboard attached to the server. That way, I dont need SSH or whatever.

    Say my packages are not the latest. Will hackers be able to exploit it by port 80?

  • @Drupka in a rush so quick answer...if you want to reduce your attack surface for serving static content, I'd say go with lighttpd, disable all modules you don't need. Personally I'd not use iptables if I was really paranoid (more code to exploit) - simply turn off all other services and use something like tcpwrappers for IP based ACLs on ssh

  • install CSF, for better protection.

  • TimTim Member

    Where there's an Internet connected server, there's a way I'm sure, but you would really have to piss off the wrong person or have some extremely valuable data in order for a n attacker to attempt exploiting you.

    With your proposed setup, you're not going to be a desirable target for any-old-random-attack compared to much more vulnerable setups. Mitigating the risk to as close to zero as possible by reducing your attack surface and following good security practices is about all you can do short of not connecting to the Internet at all (not taking physical security, which is still important, into consideration)!

  • There might be some zero-day or even unknown Apache exploit attacking your web server. Aside from that, you may also receive (D)DoS attacks.

  • Yes,

    All computers are hackable. It all depends on how difficult you want to make it.

  • If you are running SSH make sure:

    1- You run it on a non-standard high range port
    2- You disable root access in ssh (from inside sshd config file). So create another user with very limited access and after login do a su to switch to root user if needed.
    3- If possible disable password login totally and use SSH with authentication key.

  • bretonbreton Member
    edited April 2013

    @Drukpa said: Is this machine still going to be vulnerable to hackers?

    Yes. He can bribe the guards in the DC and steal the server physically.

    Do you really need that kind of protection?

    Also, not hackable - crackable.

    • DDoS
    • Rapid downloading your image content

    Still vulnerable.. :)

  • There is no such thing as a safe system.
    There is only webmasters trying to protect the system by taking steps to minimize the vulnerability. The techniques vary, depends on your knowledge, experience, and what system to protect.
    You won't spend $1,000 to secure a $100 worth of assets, would you?
    Basic steps:
    use secure access (ssh + keypairs)
    harden your box/container
    harden your apache (mod-security, mod-loris, etc)
    harden your software by sanitizing forms
    and so on.

    Please ask Uncle Google about it.

  • You can setup a software firewall, and some php to limit bandwidtg abuse, brute forcing, and spoofing. Give APF, BFD, AND DDOS deflate a try.

  • @debianLover said: If you are running SSH make sure:

    1- You run it on a non-standard high range port
    2- You disable root access in ssh (from inside sshd config file). So create another user with very limited access and after login do a su to switch to root user if needed.
    3- If possible disable password login totally and use SSH with authentication key.

    I agree

  • matthewvzmatthewvz Member, Host Rep

    If you're using SSH, Disable root login, Use private keys (with a password if you're paranoid), disable password authentication, a high SSH port number, Install fail2ban

  • MunMun Member

    Everything is hackable. Just takes a little out of the box thinking.

  • bdtechbdtech Member
    edited April 2013

    Make sure your panel password is secure (console access to your VPS). Most hosts don't take this seriously. I'm still waiting for google authenticator or at least an IP white list to log into solus.

  • natestammnatestamm Member
    edited April 2013

    @Drukpa said: Is this machine still going to be vulnerable to hackers?

    Comon man, don't do drugs man Buy some rims!
    image

Sign In or Register to comment.