Re: [ossig] Apache2 Newb Q

[Imran William Smith <iwsmith@xxxxxxxx>]

Reign226 wrote:

>
>  BTW, do you guys have any suggestions on setting up a mail-server? 
> phpbb keeps bugging me for one. How would the mail-server work? Please 
> briefly walk me through the steps required. (Btw, running WinXP Pro 
> here). 

Ha ha XP Pro.

>
>
>  Thirdly, any tips on locking down my computer/server? I removed 
> Directory Indexing from Apache2 already and there's nothing sensitive 
> in my htdocs folder anyway. However, I noticed that Apache2 might have 
> opened port 21 and 23 on my system (it wasn't open before) and I tried 
> connecting anonymously to 21 but I am actively refused, so I left it 
> at that. Any suggestions on how to close em? 

No tips on WinXP, sorry, other than upgrade to a proper OS.

>
>
>  In an unrelated note, if somebody explicitly downloads a .php file 
> from my webserver, would it be a version parsed by PHP on my system or 
> would it be the complete with the original source-code and everything? 
> I'm worried about this because I have a .php doc that stores a MySQL 
> database password. 

If PHP is turned on correctly, the PHP will always be parsed.  But if 
your apache config is wrong, they get teh source
code.  It's recommended to store passwords in an include file outside of 
www root to reduce this risk.

>
>
>  Which leads me to the next question of securing MySQL. I've binded 
> MySQL to localhost so it will only listen on localhost. Since nobody 
> can remotely access my database now (i hope), is this enough to deter 
> most hackers? Also, I have a version of PHP running, but I haven't 
> done anything to secure it. 

Give mysql a good secure root password and set up permission to the minimum
necessary, i.e. don't connect to mysql from php as root, for a start.

Imran




---------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message