Setup a simple Bot Trap for your website or web application that can enhance the security of your server and prevent malicious bots or script kiddies from poking around by luring them into a trap and banning their a**es for x amount of minutes, or else.
Fail2ban with PF on OpenBSD 5.2
November 21, 2012 by 12 Comments
This explains how to quickly setup the amazing fail2ban, which monitors your log files for activity you specify and performs certain actions once a threshold is reached. Simplest case: Monitor authlog for failed ssh login attempts, and ban the originating IP after a few tries.
Chrooting Apache and PHP
June 1, 2005 by Leave a Comment
General Information
Chrooting has been around for a long time now. Chrooting makes a program believe that the root of the file system is higher up in the hierarchy. For example, if I wanted to create a chroot in /chroot/httpd, a program executed from within the chroot would believe that “/chroot/httpd” was actually “/”. There in lies the beauty as the program can’t reach any files outside “/chroot/httpd”. Security of the server as a whole is increased due to the fact that the system binaries are off limits. In addition, chroots usually only have the bare minimum files inside, so exploits have a harder time breaking in.
Secure Apache 1.3
December 5, 2004 by Leave a Comment
General Information
Apache is the most popular web server in use today. But, not everybody that sets up their Apache server takes the necessary steps to secure it properly from intruders. This guide will show you some good security changes to make to your Apache installation.
Protect Apache Directories
October 21, 2003 by 1 Comment
General Information
In order to password protect a website, or part of a website, we need to create a .htaccess file and a .htpasswd file. These are the files that Apache reads from to see who is allowed in the site. This guide will show you how to setup a website directory with password protection.