Tuesday, October 1, 2013

LAMP and MySql Injection Protection

www.unixbabuforum.inI installed a LAMP server on Redhat Enterprise Linux 6.4 . I am using Joomla to build the website. Previous server is installed using WAMP on Windows 2008 R2. We haveSQL injection issue. Now my manager asked us to install it on Linux. Can you please help me with proper guidelines please. I thought of using split setup ie: separating PHP,Apache and SQL on different VMs and Installing a proxy to access the web page. I am new to this project. Can you please help me to tighten the security on webserver

www.unixbabuforum.inFirst method to prevent hackers is best practice coding... For instance joomla has many bugs. 

Another solution is WebApp Firewall (WAF) which you can install "mod_security" on your server to prevent usual hackers method. 

Mod_security or aqtronix are Opensource WAF.. There are many commercial WAF like denyall or citrix ... 

Here is the links of upper softwares: 
http://www.modsecurity.org/ 
http://www.aqtronix.com/?PageID=99 
http://www.denyall.com/ 
http://www.citrix.com/products/netscaler-application-delivery-controller/features/security.html 
www.unixbabuforum.inSQL Injection is not related to Windows or Linux.. In both OS there are many solution to prevent this method.. 

Install a CentOS on a session.. Install LAMP packages on it and to protect your websites from SQL Injection, XSS or another usual method ( See top ten OWASP :https://www.owasp.org/index.php/Top_10_2013-Top_10) use WAF. 

NOTE: There is new method to handle big websites which called LHNMPRR.. Seescalingphpbook.com 

0 comments:

Post a Comment

 
Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM