On Tue, Jan 25, 2011 at 11:55:57AM +0000, Brett Delle Grazie wrote: > Recommendation: > My recommendation would be Apache HTTPD in reverse proxy mode with > mod_security > installed and configured correctly. A properly hardened Apache HTTPD > server is very > difficult to hack and when placed in a DMZ gets the hacker hardly > anywhere. mod_security > compares requests against a series of rules. There are a general set > of rules provided > with mod_security (and kept up-to-date with known hacks, including > DoS, script-kiddies etc) but > you can add your own local rules as well.
100% agree with you Brett. When I suggested Sean to look at 1.5, it was because he was asking how that could be used to protect against brute force connection attempts. With the full description it appears clearly that mod_security is required to keep the site safe enough, especially if the code has never been updated nor audited ! The servers should be jailed as much as possible because I suspect Sean will regularly find gremlins on them... Regards, Willy
