[olug] Also touching on apache configs
Jay Bendon
jaybocc2 at gmail.com
Tue Sep 20 16:22:22 CDT 2016
Regular pen/vulnerability testing, up-to-date software. Disable broken
ciphersuites for SSL.
If you're getting compromised or defaced by a script kiddie it most likely
means you're exposing a known vulnerability to the internet.
There is no real easy answer to keeping web applications secure.
A good step is to monitor all the software you deploy for CVE's and roll
out updates when necessary.
--Jay
On Tue, Sep 20, 2016 at 1:25 PM, Justin Reiners <justin at hotlinesinc.com>
wrote:
> We have had an issue with our web servers getting injected, and the page
> code messed up. Nobody logs in, but apache just almost locks up on page
> load.
>
> What are you guys using to prevent this c rap?
>
> Cloud flair or is there a better choice? The only ports open to the world
> are 80 and 443.
>
> We are completely cloud now. I just want to make sure I can cut down on
> some of this pain, it always seems to happen late, the last injection we
> had was mfcclub.net mfcclub.com stuff, previously it was some script
> kiddy.
>
> --
>
> Justin Reiners / System Administrator
>
> 800.308.9712/ justin at hotlinesinc.com <Justin at HotlinesInc.com>
>
> Hotlines Inc Office: 800.807.2867 / Fax: *712-388-0258*
> 427 E. Kanesville Blvd. Suite 403, Council Bluffs, IA 51503
> http://www.partshotlines.com
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>
More information about the OLUG
mailing list