Linux servers can now be infected - Or can they ?

Linux gurus have always vouched on the safety and security of Linux - especially Linux running as servers. However, now after a developer named Denis Sinegubko has published his findings, they may just have to ponder over their words.

According to Denis, the Linux servers can be infected to be used in a botnet used to distribute malware.  The modus operandi of attack is as follows :

1. The bots target a domain name and inject a hidden <iframe> code in one of the web pages on the website pointing to the domain. 
2. The hidden iframe will contain link(s) pointing to web sites that host malicious content. 
3. These bots also infiltrated Linux web servers (mostly running nginx) and set up sites by using 100s of domain names registered on free dynamic DNS hosting providers such as dynDNS.com and no-IP.com.
4. When they set up sites, they invariably used the less checked 8080 port instead of the default port 80. 

Read the details of Denis Sinegubko's finding here.

online htaccess editor

If you have ever configured the apache web server, then you will realize the important part played by the .htaccess file. This file is especially used by people who make use of a shared web host provider to host their sites.

Some of the uses of .htaccess file that I can think of are :

• Redirecting the visitor automatically to the new location of the web page.
• Providing a 301 redirect [moved permanently] to search engine spiders.
• Setting up a username and password to access a part of or whole of your website.
• Restricting access to your website for all visitors originating from a particular IP address or IP range.
  

... and so on and so forth.

I have always found editing the .htaccess file as bit of a black art. Mainly because mastering the regular expressions involved to accomplish tasks takes a bit of practice and some hits and misses before you get the desired results.

Fig: The online .htaccess editor

Now here is a very nice find. An online .htaccess editor which will hand hold you in creating your own custom made .htaccess file. All you have to do is click on your desired options such as whether to allow or deny access to all files, basic authentication, the redirect directives and so on.

Set up an Apache web server cluster in 5 easy steps

A server cluster is a group of independent servers that are managed as a single system for higher availability, easier manageability, and greater scalability.

In a Web server environment, server clusters can be defined in two basic ways:

Active/Active

• There are multiple independent, redundant servers
• The load is distributed through round-robin DNS
• The load is balanced by a load-balancing solution
  

Active/Passive

• Multiple servers are configured to provide a service
• Only a single server provides the service at any given time
• Other servers serve as hot-spares in case of a server (service) problem or a site hosted on the servers suddenly start getting load spikes such as when being slashdotted.
  

Now a days, many shared web hosting providers are turning to a web server cluster solution over managing individual web servers on independent machines. Clustering is said to provide some respite to the performance issues.

Eli M. Dow and Frank LeFevre, both, Software Engineers at IBM have written this insightful albeit rather technical article which explains how to setup an Apache web server cluster in 5 easy steps.

From the article ...

Spreading a workload across multiple processors, coupled with various software recovery techniques, provides a highly available environment and enhances overall RAS (Reliability, Availability, and Serviceability) of the environment. Benefits include faster recovery from unplanned outages, as well as minimal effects of planned outages on the end user.

To get the most out of this article, you should be familiar with Linux and basic networking, and you should have Apache servers already configured. Our examples are based on standard SUSE Linux Enterprise Server 10 (SLES10) installations, but savvy users of other distributions should be able to adapt the methods shown here.

Learn how to set up an Apache web server cluster in 5 easy steps.

20 ways to secure your Apache configuration

In an earlier post I had explained how to host websites on ones personal machine using apache webserver as well as password protecting the website using .htaccess and .htpasswd files.

But there is much more to apache than these configuration features I described. For instance, there is the mod_rewrite module which is heavily used by most content management systems to provide a easy to remember permanent link to individual web pages and an indepth introduction to mod_rewrite will take up larger part of a big chapter.

Pete Freitag has written a very good article which lists the steps one can take to secure running Apache webserver on ones machine. What I like most about his article is the simple manner in which he explains the various configuration parameters aided with bits of code. A very informative read indeed.

.htaccess File Generator

Apache is one of the most flexible web server around. And one of the features that aids it in being flexible is a hidden file which goes by the name '.htaccess'. This file is used by web site administrators to make configuration changes on a per-directory basis especially when the administrator does not have access to the main configuration file of the apache web server.

You can use this file (.htaccess) to password protect files in a particular directory in your website, give mod-rewrite rules, force HTTP requests to use secure socket layer and so on. In fact, one can write just about any rule that he/she can configure in the main configuration file of the apache webserver.

But if you find writing code to be a hassle, then this webpage will aid in creating a .htaccess file from scratch with the parameters of your choice.

A step-by-step guide to running your own Unix Web Server

What does it take to convert ones computer to work as a web server ? You need a stable and secure network operating system, a web server software, a database which scales well and your choice of scripting language.

The interesting thing is that it is quite easy to convert a computer to work as a web server using only free technologies. We have a plethora of free OSes like Linux, FreeBSD and Open Solaris which are a robust and secure alternative to the proprietary ones, a very popular web server software in Apache and a robust free database in MySQL. I need not tell that PHP is one of the most used dynamic scripting language on the web and is the preferred choice for building most websites. So is that all that is needed to set up a web server? Not quite... You also need to have the expertise in configuring the various parameters of the above mentioned software.

In a previous article, I had explained how to serve webpages from ones machine using Apache web server.

Dave Tufts has written a three part series on setting up ones machine as a web server. He has used FreeBSD as his choice of OS and Apache, MySQL and PHP as the web server, database and scripting language respectively. In the first part of the article, he lists the steps needed to install FreeBSD on ones machine which includes the ideal partitioning scheme for this purpose. In the next part, he takes the readers through installing Apache, MySQL and PHP and interestingly he does it by compiling from source. And in the last part, he plows into configuring apache webserver.