[olug] Also touching on apache configs

Jay Bendon jaybocc2 at gmail.com
Tue Sep 20 16:22:22 CDT 2016

Regular pen/vulnerability testing, up-to-date software.  Disable broken
ciphersuites for SSL.

If you're getting compromised or defaced by a script kiddie it most likely
means you're exposing a known vulnerability to the internet.

There is no real easy answer to keeping web applications secure.

A good step is to monitor all the software you deploy for CVE's and roll
out updates when necessary.


On Tue, Sep 20, 2016 at 1:25 PM, Justin Reiners <justin at hotlinesinc.com>

> We have had an issue with our web servers getting injected, and the page
> code messed up. Nobody logs in, but apache just almost locks up on page
> load.
> What are you guys using to prevent this c rap?
> Cloud flair or is there a better choice? The only ports open to the world
> are 80 and 443.
> We are completely cloud now. I just want to make sure I can cut down on
> some of this pain, it always seems to happen late, the last injection we
> had was mfcclub.net mfcclub.com stuff, previously it was some script
> kiddy.
> --
> Justin Reiners / System Administrator
> 800.308.9712/ justin at hotlinesinc.com <Justin at HotlinesInc.com>
> Hotlines Inc Office: 800.807.2867 / Fax: *712-388-0258*
> 427 E. Kanesville Blvd. Suite 403, Council Bluffs, IA 51503
> http://www.partshotlines.com
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list