Sunday, July 6, 2008

Defense your web server

Afraid of hackers, spammers, script kiddies will take over your Web-site? Want to be a bit safer? In Ubuntu there is an Apache module called mod_defensible who's aim is to block well know attacking sites to reach your web server. The module locks up every host that access your site and check if it is in a blocking database on the net. If thats the case the host will get Error 403 Forbidden, i.e. your server can not be reached. I have been using a similar tool for ssh for a while called deny host.

I did not know about mod_defensible until today when I saw a how to for Debian on the how to forge. There are some small differences installing it between Debian and Ubuntu 8.04 (Hardy Heron). The main difference is that it is included in universe. So here is a quick instruction how to install mod_defensible.

  1. Login to your webserver and become root using sudo -s
  2. Install mod_defensible: apt-get install libapache2-mod-defensible
  3. Activate the module: a2enmod defensible
  4. Create a configfile called /etc/apache2/mods-enabled/defensible.conf with the content:
    DnsblUse On
    DnsblServers httpbl.abuse.ch sbl-xbl.spamhaus.org
  5. Restart your apache: /etc/init.d/apache2 restart
  6. Verify that you can still reach your website.
  7. The command apache2ctl status will in the server status section print out that mod_defensible is loaded.
Not that this is not a replacement for security updates and good configurations.

2 comments:

Avion said...

While my web site was still accessible after I have done it on my 7.10 server all PHP programs stopped working and instead the browser tried to download the php files.

Magnus Runesson said...

Strange, it works fine for me.