WebServer and Firewall Help


I run a web-server based on ubuntu server and the LAMP stack.
I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports.
Namely port 80 and port 22 only.

Unfortunately once a while some guys get to inject some content onto our web

Now managements are looking at getting a well proven infrastructure to
counter that.
But I also think i can fall on this community to help me get the right stuff
done. Where
i can protect the server from such attack.

I want to know what measure i can do on the server to get it protected which
mysql protection
I should implement. since i can see that it might be a php or mysql
injection that is been used.

Currently I run these security measures on it.
Ubuntu UFW
PHP model security
Apache security


the problem may not be your operating system but the web application running. what web application/s are on that box?

Might also take a look at



It is a LAMP. Stack


I agree, you've got other problems. I would look at defending against sql injection attacks and I would look to making sure that all the passwords get changed.