View Single Post
  #4   (View Single Post)  
Old 15th January 2013
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,503

My first advice would be to get rid of ftp. Just like telnet, ftp should not be used on a web or application server. ftp sends passwords as well data unencrypted over the Internet. Use ftp over ssh2, as supported by Filezilla and WinSCP.

My second advice is to run a tight packet filter on the server to protect itself and disable all unused services.

A higher level defence against your website or application would be to use a web application firewall like mod_security.

If you want to be sure your server has not been cracked, tools like Tripwire or Aide will help.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote