Web server management.

I have a few years under the belt with web server management and as years go by i have increased my experience in securing web servers. I have also watched server logs and seen common attacks/sniffing if your a hobbist with web development you need to know how to make life difficult for others to cause issues with your sites. Common tools used such as webmin (GUI for linux servers) phpMyAdmin (mysql database management) are targets. if you have to have these tools external facing then a few tips need to be carried out, firstly change the default port to which you connect to the tools, webmin defaults on port 10000 but this can be changed within the tool, by selecting ‘webmin configuration’ then selecting ‘ports and addresses’ chose a port that is not common, you can check what the common use of a port is by going to http://www.iana.org/ while the port shouldn’t be common is shouldn’t be too obscure as to draw attention if a sniffer is ran on the IP. If you can enable SSL as well, it should add a bit more of a hurdle for someone who may be routing about.

Tools like phpMyAdmin tend to run as an folder off a domain example /phpMyAdmin this folder can be changed with the conf file on the server, leaving it as default increases the risk of a database server attack, check http://docs.phpmyadmin.net/en/latest/config.html out to see how you can make folder alias changes which will help.

Leave a Reply

Your email address will not be published. Required fields are marked *