I know this question is extremelly hard to answer without actually checking how I setup my server, but I wondered if anyone could give me a quick rundown and/or information as to how I could check and protect it further.
I am running a Web Hosting Server using old computer components, the server runs Ubuntu 11.10 Server Edition and automatically updates.
I am also running the Linux Firewall and a seperate firewall package. I only allow Ports 22 and 80 to be accessed.
The server is connected via ethernet to my router which also has it's own firewall and again, only allows ports 22 and 80 and when those ports are accessed it points it to the server.
I am running a MySQL database and I have placed various anti-SQL Injection lines into my site to prevent people from infecting the database.
Can anyone else suggest what I can do to further improve security, rate my security and/or tell me what sort of damage they can do if someone got in? When I say this, I primarily mean to other machines on the network as opposed to the server itself.
In my experience, your basic configuration at process is solid. However, you need to make sure that your web applications are not susceptible to SQL injection attacks. That is likely your most vulnerable point of system compromise.