How secure

y4m4

I just had an intruder in my linux box that has only been a webserver for one day. I have a small script to upload files and some little turd comes along and tries installing Eggdrop, some IRC bot on my server. This is just after I setup some IP logging scripts and I was looking at them and noticed an IP that wasn't mine that got logged a few times so I looked around and sure enough he uploaded eggdrop along with a copy of that phpShell script. Now I would like to know, how secure is this code?

<?php 

// File Name: auth02.php 

// Check to see if $PHP_AUTH_USER already contains info 

if (!isset($PHP_AUTH_USER)) { 

// If empty, send header causing dialog box to appear 

header('WWW-Authenticate: Basic realm="Da Proxy"'); 
header('HTTP/1.0 401 Unauthorized'); 
echo 'Authorization Required.'; 
exit; 

} else if (isset($PHP_AUTH_USER)) { 

if (($PHP_AUTH_USER != "user") || ($PHP_AUTH_PW != "pass")) { 

header('WWW-Authenticate: Basic realm="Da Proxy"'); 
header('HTTP/1.0 401 Unauthorized'); 
echo 'Authorization Required.'; 
exit; 

} else { 
echo " 
<P>You're authorized!</p> 
"; 
} 
}

How easy is it to access the files that I protect with this? Assuming I use much more secure usernames and passwords?

bastien

Protecting your scripts is not gonna be much use if you don't secure the server first. Firewalls, access rights, etc should all be addressed first before even worrying about the scripts.

The last thing you need is your machine being used to send spam or virus'.

Linux has great capabilties in securing the server via all sorts of features. There are also others to turn off, like finger, FTP, telnet (if they are not being used. Disable ports not being used etc...

That is the best place to start

swr

And keep your software up to date. If you installed from just any old Red Hat CD you had laying around or something, then it might be an old version with known vulnerabilities.

Your script looks okay, though I have no idea how it's being applied. From what you've posted it looks as if you're only using it to protect the "You're authorized!" message, which is rather pointless..?

y4m4

Its protecting more that that stupid message. I'm running Mandrake 10.0 and Theres no updates availible for it so its reasonably secure. I'm running Shorewall. I also have it on the second highest security setting which is supposed to be good for running servers. I have to be in root to cd to most of the directories. If I chmod -x the uploads folder will the new files added have execution disabled on them?

AliasZero

Originally posted by y4m4
If I chmod -x the uploads folder will the new files added have execution disabled on them?

yes, they should do (test it and see).

you can always use the chmod() php function too to chmod stuff.