Preventing http access by IP address

Discussion in 'Installation/Configuration' started by trigar, Jun 4, 2006.

  1. trigar

    trigar New Member

    I notice that our sites are accessible via the server IP address followed by web1,2,3 etc. This enables hackers to browse all webs folders, including cgi-bin, ftp, log, phptmp, ssl, user, and web.

    Worse the perl scripts open as plain/text in the browser, enabling hackers to work out precisely how to abuse my code.

    We haven't yet gone live on this server, and the only modification I have made from the perfect setup was to set-up suexec, which in turn made me chmod the scripts and folder to 755.

    I clearly have gone adrift somewhere, probably related to these mods, and would appreciate any advice!


  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Which ISPConfig version do you use?

    Is the IP address that you can use to browse the websites assigned to a website in ISPConfig?
  3. trigar

    trigar New Member

    Thanks for the prompt reply!

    Version: 2.2.2

    No. Only the internal LAN address of the server is assigned to the sites, not the WAN address.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you forward port 80 and 443 from your router to your internal IP address that you assigned to the website?

    If you enter your internal IP address that you assigned to the website in the browser, you get the behaviour that you can browse the websites?
  5. trigar

    trigar New Member

    No we don't use NAT forwarding, the server WAN interface has its own static IP, using the standard ISPConfig Bastille firewall.

    Interestingly not, I assumed it would, but in fact typing "http://lan ip address/" returns:

    And entering "http://lan ip address/web1/" returns:

    This is very much the behaviour I would have liked to see when using the WAN IP.

    (Just in case you have not gathered this from my early posts, entering the domain name for each site works perfectly.)
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you just used the wrong IP. Add your WAN IP in ISPConfig, change the IP in the websites to your WAN IP and hit save.
  7. trigar

    trigar New Member

    Feeling somewhat red-faced over here; but yes you're absolutely right I had indeed been that daft. All updated as you suggested and the server is now not accessible by IP.

    I cannot thank you enough.

  8. byteme

    byteme New Member

    Shared IP Address

    Why am I getting "This IP address is shared. For access to the web site which you look for, enter its address instead of its IP." when going to http://domainname but not when going to http://www.domainname?
    I have an A record pointing to my ip for ftp,www, and @?
  9. falko

    falko Super Moderator Howtoforge Staff

    Please add domainname to the Co-Domains tab of that web site. Technically domainname and www.domainname are two different things.
  10. byteme

    byteme New Member

    Thanks falco. If I could just figure out why ftp through a browser does not work I think with the help of this forum I have most other issues fixed or a least know where to find the information on how to fix them.

    You guys to a great job!
  11. falko

    falko Super Moderator Howtoforge Staff

    To be honest I never use a browser for FTP. I'm using a normal FTP client (WS_FTP).

Share This Page