Most web based attacks tend to occur by uploading malicious scripts into world writable directories such as cache, and then letting the web server execute those scripts. In apache, one of preventing such scripts from being executed is to add a “.htaccess” file in that directory and insert the following lines
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Monit is a nice tool, it lets you monitor daemons like apache and mysql, and not only sends you alerts when these services fail but also it automagically restarts those services. But I have always faced problem with having monit properly detect whether mysql is running or not. It would always say mysql is not running although it is running and it immediately stops monitoring mysql. The default monit config file /etc/monit/monitrc has this entry for mysql
check process mysql with pidfile /var/run/mysqld/mysqld.pid
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout
In order for this to work, first make sure that /var/run/mysqld/mysqld.pid is there, sometimes you have only mysqld.sock not .pid. In that case, go to your mysql config file /etc/mysql/my.cnf (or /etc/my.cnf) and add the following entry
pid-file = /var/run/mysqld/mysqld.pid
Secondly, comment out the line “group database” for monit in /etc/monit/monitrc. These two steps should do the trick.
Do not forget to restart mysql and monit for this to take effect.