April 10, 2021

Securing Apache WebServer


Hi Folks,

​

I’m running an apache webserver open on port 80 for experimental purposes.

​

As a current project, I’m using the server for one-way file sharing. For instance, if I’m playing a computer game, I clip something, I get the server to convert it to an MP4 file below 10MB (so discord can genereate a video thumbnail). After this tt then generates a string of random X characters and renames the filename then it puts it on the webserver. Eg, an example link would look like “http://MYDDNS/JBVFIDSBGILSDEOIJNBADSIKD.MP4”

​

I know opening a server to the internet is a risk regardless. For this reason:

* I’m running apache alone, no mods, no PHP, no scripts, nothing has been activated in the conf file.
* I’ve got directory listing turned off
* I’ve got fail2ban running (custom filter so multiple 404/403 attacks within 10 mins get banned)
* The files on the server are random names which are not possible to guess (by humans anyways)

There isn’t any sensitive material on the web server because at the end of the day, anyone can access it.

​

And now to my point of this post; I recently found a Google bot going through some random old MP4 videos. I’ve included an example of the logs:

​

My questions:

* How else can I secure my webserver further?
* Do I have any major security issues here that I’m missing?
* How did that bot stumble upon this link?

Cheers

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.