hi all, i'm intending setting up a webserver to run from my computer. i was wondering if there would be any security issues with opening up the server as it is (i have documentation server installed, although only port 80 will be open, and have all the help packages and ht://dig, etc running on the suse html help system). are there holes in ht://dig that will let outsiders search my hard drive? is there any special way i should set this up to stop this happening? basically, if i open the server up now, with all help docs, etc, installed, will i be safe? thanks in advance, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\
Chris Reeves wrote...
i'm intending setting up a webserver to run from my computer. i was wondering if there would be any security issues with opening up the server as it is (i have documentation server installed, although only port 80 will be open, and have all the help packages and ht://dig, etc running on the suse html help system). are there holes in ht://dig that will let outsiders search my hard drive? is there any special way i should set this up to stop this happening?
Make sure you're running the latest version of the web server (1.3.9 is the latest Apache version) and disable all CGI scripts, unless you really really need them for some reason. josh
hi, thanks for the reply josh wrote:
Chris Reeves wrote...
i'm intending setting up a webserver to run from my computer. i was wondering if there would be any security issues with opening up the server as it is (i have documentation server installed, although only port 80 will be open, and have all the help packages and ht://dig, etc running on the suse html help system). are there holes in ht://dig that will let outsiders search my hard drive? is there any special way i should set this up to stop this happening?
Make sure you're running the latest version of the web server (1.3.9 is the latest Apache version) and disable all CGI scripts, unless you really really need them for some reason.
does that mean i should not give people access to the suse database on the computer, and should only put my own static pages up? i would prefer to keep the searchable database online. thanks for your help, Chris -- __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\
On Mon, Oct 18, 1999 at 17:23 +0000, Chris Reeves wrote:
basically, if i open the server up now, with all help docs, etc, installed, will i be safe?
Providing the online docs and man pages to the outside world gives hints about what's installed (and maybe which version is running). That could be a starting point for attackers. It's often more social engineering than technical issues ... virtually yours - Gerhard Sittig -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
participants (3)
-
Chris Reeves -
Gerhard Sittig -
josh