{"id":961,"date":"2009-05-04T02:16:45","date_gmt":"2009-05-04T02:16:45","guid":{"rendered":"http:\/\/www.bodhost.com\/web-hosting\/?p=961"},"modified":"2026-02-26T14:04:55","modified_gmt":"2026-02-26T14:04:55","slug":"debian-dedicated-web-hosting-and-security","status":"publish","type":"post","link":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/","title":{"rendered":"Debian Dedicated Web Server Hosting and Security"},"content":{"rendered":"

Debian Dedicated Web Server Hosting Security<\/strong><\/p>\n

Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network. When we speak of security, the first thing that comes into our mind is the storage of confidential data such as Credit Card nos. etc.<\/p>\n

Also, Virus such as Worms or Trojans and prevention of any intrusions are part in Web Server security. Banking security, prevention of hacking attempts are all included in security provisioning. Any Web server that is connected to the internet has a direct threat.<\/p>\n

In case of server breach, it can be used for spams, hacking other servers and running illlegal activities on the server. Infact, many illegal activities include DOS attacks to other web servers. A hacker can seriously damage a server without even the server owner knowing about it.<\/p>\n

We will learn more on Debian Server Security in this post. We can also set “honey pot” when we speak of server security. In this case, hackers are directly attracted to a honey pot. However, prior to setup a honey pot, make sure you have remote backup space in case to start from the basic. The first is to prevent unauthorized access to the server. Following are some of the security practices on servers :<\/p>\n

– Operating System Security ardening
\n– Application configuration
\n– Perimeter security
\n– Physical security<\/p>\n

Operating System Security Hardening :<\/strong><\/p>\n

– Disable all default accounts
\n– File system security configurations
\n– Strong and long accounts password
\n– In order to disable accounts, change default shell to \/bin\/false
\n– Change startup configuration
\n– Disable TCP\/IP ports that are run to scan ports.
\n– File system security
\n– No usage of common names for groups to reduce the risk of hacks
\n– TCP wrappers to run Internet-related daemons
\n– Appropriate hosts.allow Configuration
\n– Not running GUI
\n– Log off from Server consoles when not required<\/p>\n

Configurations of Applications :<\/strong><\/p>\n

Applications installation and configurations must be done with great care as they can be the source to server hack. Insecure applications can cause harm to your Debian dedicated web server. Applications may have vulnerability to buffer overflow attacks which provides access to hackers and security threats.<\/p>\n

It’s advisable that you should notice the following points :<\/strong><\/p>\n

– Securing insecure applications
\n– Check for Application updates
\n– Application Port Opening – Only which is required
\n– Secure CGI Scripts
\n– SSI Security management
\n– Secure FTP Access for Uploads
\n– Blocking IPs
\n– Latest Security Measures.<\/p>\n

With DebianOS, disable open ports which are not required through by renaming their S symlinks in runlevel directory. Debian boots into runlevel 2 default by command : cd \/etc\/rc2.d<\/p>\n

Search for symlink S20ssh which opens port for remote console and enhnaces security. Rename symlinks with command : mv S20ssh _S20ssh and this can be done for S20exim4, S20lpd, and S21nfs-common. Run netstat -ap command for \/sbin\/portmap is the applications has sunrpc port 111 open. NFS requires RPC. We can disable portmap in this case. We can rename symlinks with the following command :<\/p>\n

mv \/etc\/rc2.d\/S18portmap \/etc\/rc2.d\/_S18portmap
\nmv \/etc\/rcS.d\/S43portmap \/etc\/rcS.d\/_S43portmap<\/p>\n

Once done, reboot your Debian Dedicated Web Server and then run netstat -a<\/p>\n

– Configurations of chroot jail will allow applications directory appear from root of file system. Access to only applications that will reduce the risk to access the entire file system. Apache web server running on DebianOS can easily setup jail as we can use Apache module to complete the task. We can add one line to the configuration file by the following command :<\/p>\n

apt-get install libapache-mod-chroot<\/p>\n

This will install Apache modules and in case to select from packages or existing modules.conf, add the following link to modules.conf file :<\/p>\n

\/etc\/apache\/modules.conf file:<\/p>\n

LoadModule choot_module \/usr\/lib\/apache\/1.3\/mod_chroot.so<\/p>\n

In this case, logs, CGI and directories are the same and we don’t need to create new directories or make any changes to the ownership of the directories.<\/p>\n

Chroot Apache applications, Apache IDS module which will search for any threats and will block them. You can simply add the following line to \/etc\/apt\/sources.list file :<\/p>\n

http:\/\/etc.inittab.org\/~agi\/debian\/libapache-mod-security\/etch\/<\/p>\n

Once added, you can run the following command :<\/strong><\/p>\n

apt-get update<\/p>\n

Apt will be aware of tge package at the website. In order to install and enable module, enter the following command :<\/p>\n

apt-get install libapache-mod-security<\/p>\n

Add the following line to \/etc\/apache\/modules.conf :<\/strong><\/p>\n

LoadModule security_module \/usr\/lib\/apache\/1.3\/mod_security.so<\/p>\n

It will search for any threats, http \/ PHP requests and block them. We can also add rules to httpd.conf file in order to let it know to as what needs to be checked.<\/p>\n

For starters, add the following lines to the bottom of your httpd.conf file:<\/strong><\/p>\n

# *** MODULE CONFIG
\n# Turn the filtering engine On or Off
\nSecFilterEngine On
\n# Make sure that URL encoding is valid
\nSecFilterCheckURLEncoding On
\n# Unicode encoding check
\nSecFilterCheckUnicodeEncoding Off
\n# Only allow bytes from this range
\nSecFilterForceByteRange 0 255
\n# Only log suspicious requests
\nSecAuditEngine RelevantOnly
\n# Server masking –
\n# Don’t tell them it’s an Apache installation
\nSecServerSignature “Lotus-Domino\/6.x”
\n# The name of the audit log file
\nSecAuditLog \/var\/log\/apache\/audit.log
\n# Debug level set to a minimum
\nSecFilterDebugLog \/var\/log\/apache\/modsec_debug.log
\nSecFilterDebugLevel 0
\n# Should mod_security inspect POST payloads
\nSecFilterScanPOST On
\n# By default log and deny suspicious requests
\n# with HTTP status 403
\nSecFilterDefaultAction “deny,log,status:403”<\/p>\n

Adding Fileter rules :<\/p>\n

SecFilter \/etc\/passwd
\nSecFilter \/bin\/ls
\nSecFilter \/bin\/uname
\nSecFilter \/usr\/bin\/whoami
\nSecFilter cd\\x20\/tmp
\nSecFilter wget\\x20
\n# Block Santy.A worm
\nSecFilterSelective ARG_highlight %27
\n# Block drop table SQL injection attack
\nSecFilter “drop[[:space:]]table”
\n# Only accept request encodings we know how to handle
\n# we exclude GET requests from this because some (automated)
\n# clients supply “text\/html” as Content-Type
\nSecFilterSelective REQUEST_METHOD “!^(GET|HEAD)$” chain
\nSecFilterSelective HTTP_Content-Type \\
\n“!(^application\/x-www-form-urlencoded$|^multipart\/form-data;)”
\n# Do not accept GET or HEAD requests with bodies
\nSecFilterSelective REQUEST_METHOD “^(GET|HEAD)$” chain
\nSecFilterSelective HTTP_Content-Length “!^$”
\n# Require browser headers from all user agents
\nSecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”
\n# Require Content-Length to be provided with every POST request
\nSecFilterSelective REQUEST_METHOD “^POST$” chain
\nSecFilterSelective HTTP_Content-Length “^$”
\n# Don’t accept transfer encodings we know we don’t handle
\nSecFilterSelective HTTP_Transfer-Encoding “!^$”<\/p>\n

Once done, please make sure you restart Apache with \/etc\/init.d\/apache restart<\/p>\n","protected":false},"excerpt":{"rendered":"

Debian Dedicated Web Server Hosting Security Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network. When…<\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,10],"tags":[152,142],"class_list":["post-961","post","type-post","status-publish","format-standard","hentry","category-dedicated-server-hosting","category-vps-hosting","tag-debian-dedicated-server","tag-dedicated-web-server-hosting"],"yoast_head":"\nDebian Dedicated Web Server Hosting and Security<\/title>\n<meta name=\"description\" content=\"Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Debian Dedicated Web Server Hosting and Security\" \/>\n<meta property=\"og:description\" content=\"Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Knowledge Base - bodHOST\" \/>\n<meta property=\"article:published_time\" content=\"2009-05-04T02:16:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-26T14:04:55+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/c48414ad1536cea20e85282b0737a9f9\"},\"headline\":\"Debian Dedicated Web Server Hosting and Security\",\"datePublished\":\"2009-05-04T02:16:45+00:00\",\"dateModified\":\"2026-02-26T14:04:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/\"},\"wordCount\":1084,\"publisher\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\"},\"keywords\":[\"Debian dedicated server\",\"Dedicated Web Server Hosting\"],\"articleSection\":[\"Dedicated Server Hosting\",\"vps hosting\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/\",\"name\":\"Debian Dedicated Web Server Hosting and Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#website\"},\"datePublished\":\"2009-05-04T02:16:45+00:00\",\"dateModified\":\"2026-02-26T14:04:55+00:00\",\"description\":\"Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/debian-dedicated-web-hosting-and-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Dedicated Server Hosting\",\"item\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/category\\\/dedicated-server-hosting\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Debian Dedicated Web Server Hosting and Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/\",\"name\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\"},\"alternateName\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#organization\",\"name\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Profile-Pic.png\",\"contentUrl\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/Profile-Pic.png\",\"width\":240,\"height\":240,\"caption\":\"Web Hosting Knowledge Base | bodHOST Hosting FAQ\"},\"image\":{\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/#\\\/schema\\\/person\\\/c48414ad1536cea20e85282b0737a9f9\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"url\":\"https:\\\/\\\/www.bodhost.com\\\/kb\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Debian Dedicated Web Server Hosting and Security","description":"Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/","og_locale":"en_US","og_type":"article","og_title":"Debian Dedicated Web Server Hosting and Security","og_description":"Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network.","og_url":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/","og_site_name":"Knowledge Base - bodHOST","article_published_time":"2009-05-04T02:16:45+00:00","article_modified_time":"2026-02-26T14:04:55+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/#article","isPartOf":{"@id":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/"},"author":{"name":"admin","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/person\/c48414ad1536cea20e85282b0737a9f9"},"headline":"Debian Dedicated Web Server Hosting and Security","datePublished":"2009-05-04T02:16:45+00:00","dateModified":"2026-02-26T14:04:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/"},"wordCount":1084,"publisher":{"@id":"https:\/\/www.bodhost.com\/kb\/#organization"},"keywords":["Debian dedicated server","Dedicated Web Server Hosting"],"articleSection":["Dedicated Server Hosting","vps hosting"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/","url":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/","name":"Debian Dedicated Web Server Hosting and Security","isPartOf":{"@id":"https:\/\/www.bodhost.com\/kb\/#website"},"datePublished":"2009-05-04T02:16:45+00:00","dateModified":"2026-02-26T14:04:55+00:00","description":"Internet gateways are known to have the most threats in terms of server security. Basically, the traffic that is allowed through the network.","breadcrumb":{"@id":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.bodhost.com\/kb\/debian-dedicated-web-hosting-and-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Dedicated Server Hosting","item":"https:\/\/www.bodhost.com\/kb\/category\/dedicated-server-hosting\/"},{"@type":"ListItem","position":2,"name":"Debian Dedicated Web Server Hosting and Security"}]},{"@type":"WebSite","@id":"https:\/\/www.bodhost.com\/kb\/#website","url":"https:\/\/www.bodhost.com\/kb\/","name":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","description":"","publisher":{"@id":"https:\/\/www.bodhost.com\/kb\/#organization"},"alternateName":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bodhost.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.bodhost.com\/kb\/#organization","name":"Web Hosting Knowledge Base | bodHOST Hosting FAQ","url":"https:\/\/www.bodhost.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/www.bodhost.com\/kb\/wp-content\/uploads\/2025\/10\/Profile-Pic.png","contentUrl":"https:\/\/www.bodhost.com\/kb\/wp-content\/uploads\/2025\/10\/Profile-Pic.png","width":240,"height":240,"caption":"Web Hosting Knowledge Base | bodHOST Hosting FAQ"},"image":{"@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.bodhost.com\/kb\/#\/schema\/person\/c48414ad1536cea20e85282b0737a9f9","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/51e53199212db3f59606920448d45a6ead224f904558e3ab9251d071a609b202?s=96&d=mm&r=g","caption":"admin"},"url":"https:\/\/www.bodhost.com\/kb\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/comments?post=961"}],"version-history":[{"count":2,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/961\/revisions"}],"predecessor-version":[{"id":12486,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/posts\/961\/revisions\/12486"}],"wp:attachment":[{"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/media?parent=961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/categories?post=961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bodhost.com\/kb\/wp-json\/wp\/v2\/tags?post=961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}