(Self taught noob here!) I found a file in one of the subdomains I manage on my site, titled "the name of the site" containing the sites-available conf for my site! In hindisght, this could just be my folly, I may have forgotten to remove it after temporarily making it accessible to text editor on my other machine. But the scare begged the question for me "is there a way I could have accidentally exposed my conf file?" //lol, no shit, I did *rolls eyes*
I've moved away from a standard ssh port, disabled root and password login. Configured a stringent firewall policy.. but upon installing nginx, I took almost no precautions. What are some exploits to lookout for in the wild, specifically regarding nginx? I've already implemented fail2ban and configured it appropriately for nginx, as far as I believe.. (I stuck with the stock standards) tweaked a few params. I've also locked down the filesystem with tripwire and I have reports that come to me.
Apologies if the question is too broad, its just, I had to ask it somewhere.. securing a site is more than just the tool that interfaces, but i thought there may be exploits that I missed nevertheless!
Thanks in advance :-)!
Edit: sorry, one thing may have turned into two things!
If the file was in your document root but there were no resources in your site anywhere that point to it, it’s pretty difficult to find randomly. However, you should be able to see if the file was accessed in your web server’s access logs.
As for exploits, nginx by itself is rarely an issue since it primarily serves most websites as a proxy server. There are some things out there, but overall it’s the backend servers nginx proxies to that are the weak link. You can see all the currently known CVEs for nginx here:
[https://www.cvedetails.com/vulnerability-list/vendor\_id-10048/product\_id-17956/Nginx-Nginx.html](https://www.cvedetails.com/vulnerability-list/vendor_id-10048/product_id-17956/Nginx-Nginx.html)
The topic of securing a website is complex and time consuming, but you’re heading in the right direction by noticing this is something you need to learn. There are a lot of blogs and tutorial articles that go over the topic of hardening an nginx server, do a google search and you can start your journey down the rabbit hole.
9 times out of 10 that I think I’ve (or a system I’m working on) has been compromised, I eventually find out that it hasn’t and there is an explanation (usually a mistake). That said, you’re definitely on the right track.