[ASK] saran dari configserver firewall

Discussion in 'Masalah Teknik dan Keamanan' started by am3n, 4 Feb 2009.

Thread Status:
Not open for further replies.
  1. am3n

    am3n Apprentice 1.0

    Messages:
    384
    Likes Received:
    2
    Trophy Points:
    18
    waktu jalanin "Check server security" nya configserver firewall saya masih ada bbrp konfigurasi yang merah. yaitu:

    Code:
    - pake apache 2.2: You are running a legacy version of apache (v2.0.63) and should consider upgrading to v2.2.* as recommended by apache
    - pasang module su-php: 	To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable suPHP when you build apache/php
    - module mod_security: You should install the mod_security apache module during the easyapache build process to help prevent exploitation of vulnerable web scripts
    - disable_functions php: disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
    - ini_set disabled: ini_set to the disable_functions in the PHP
    - suhosin; recompile PHP with Suhosin
    nah apakah saran dari configserver perlu saya ikuti? dan apakah script2x yang ada di fantastico bisa berjalan normal bisa semua saran tsb dilakukan?
     
  2. am3n

    am3n Apprentice 1.0

    Messages:
    384
    Likes Received:
    2
    Trophy Points:
    18
    hiks..... sepi.... :(
     
  3. jahja

    jahja Beginner 2.0

    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    - pake apache 2.2: upgrade ke 2.2 menguntungkan, saya sih tidak menemukan kerugian.
    - pasang module su-php: saya pribadi setuju dengan su-php. Keuntungannya adalah tambahan security karena setiap domain diisolasi dari mengakses server wide. Kerugiannya lebih lambat.
    - module mod_security: mod_security sudah merupakan keharusan saat ini.
    - disable_functions php: memang ada yang harus di-disable, tetapi ada yg bagi saya merupakan pilihan, kadang memang ada org yg men-disable semua menurut anjuran tsb, tetapi bagi saya itu sudah paranoid.
    - ini_set disabled: bagusnya memang di-disabled, tetapi banyak user yang minta enable. Mau hilang customer apa mau aman? Ya, kalau saya buka aja, tapi rajin-rajin patroli.
    - suhosin; recompile PHP with Suhosin: memang recommended.
     
  4. nicosoftmedia

    nicosoftmedia (RIP) Community Guide

    Messages:
    2,025
    Likes Received:
    34
    Trophy Points:
    48
    Server gw pernah pake Suhosin, bos, tapi sepertinya kurang cocok di pake kalo resource memorynya rendah ya :D, tapi memang lebih aman kalo pake itu soalnya pernah ada client yang coba pasang rootkit nggak bisa jalan di cegah sama suhosin :D
     
  5. rendy

    rendy Hosting Guru DWH Guardian Web Hosting (Company)

    Messages:
    2,792
    Likes Received:
    240
    Trophy Points:
    63
    klien yang pasang rootkit di publish saja di thread ini
     
  6. am3n

    am3n Apprentice 1.0

    Messages:
    384
    Likes Received:
    2
    Trophy Points:
    18
    makasih kk semua atas sarannya, mo bilang bos dulu, izin maintenance.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page

Loading...