Has anyone used Attacker.net for server admin work, especially on FreeBSD? My other Admin team bailed on me, so I am looking for a new team to Secure and Harden my box. I have searched the boards, and have not found a review on them yet.
I am considering hiring an administrator for a couple servers. I have Plesk and Cpanel on Linux Redhat. My question is one of security. Does hiring a server admin mean submission of my root passwords? Or is there some other way to allow them the access to some lower admin level without having root access?
Sep 29 12:30:30 SP116328292A suhosin[15988]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:30:53 SP116328292A suhosin[15876]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:31:21 SP116328292A suhosin[15989]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '203.200.143.20', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:31:24 SP116328292A suhosin[15955]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:31:32 SP116328292A suhosin[15955]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:31:46 SP116328292A suhosin[15989]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '203.200.143.20', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:31:57 SP116328292A suhosin[15989]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '203.200.143.20', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:36:59 SP116328292A suhosin[16103]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8) Sep 29 12:37:28 SP116328292A suhosin[15396]: ALERT - script tried to increase memory_limit to 1073741824 bytes which is above the allowed value (attacker '121.108.187.170', file '/srv/www/vhosts/fullsoftvn.com/httpdocs/ShopCart/index.php', line 8)
i have VPS CentOs5 running 2.6.9-023stab044.11-entnosplit with Plesk 8.3 Panel ..
last nigth when i was talking with the support center and i past my root passwd ..
after 10-15 mnts some attacker has change my page (index.html)
the server is new .. i just take VPS server before 3 days .. so there is no way to upload or run any php script ( worm ) in my server kz i didn't install anything there else (.html) pages ..
so i stop my VPS tell today and now i change my password and run the command to find any php files in my Vhosts folder wich content my sites directory...
i didn't find anything there and everything looking as a Defualt..
now the question is there anyway for the attacker to hack NixCore V1.5.0 Support Center ...?
and if there any way to check my server if there any uploading new files? whatever is .php ; .pl ; .rar ; .gif ; etc ...
and what command to show what the user group have the root permission?
I have to deal with a lot of dictionary attacks. One evening, I got fed up with them and decided to do something about it. So, I wrote a service in VB.NET that monitors the Windows event log. I check for too many incorrect login attempts to MS SQL.
If I find someone attempting to dictionary attack, Windows shows the IP address of the invalid login attempt in the event log. So, I parse the event message, grab the IP address, and use IPSec to block the would-be intruder. Excellent!
Ok. That takes care of SQL attackers. But, what about RDC (Remote Desktops or Terminal Services) attackers? I started using 2x's SecureRDP. It works great, but the logging feature is broken. It doesn't accurately log the attackers' IP addresses. So, how can I get the IP address of those attempting to login via RDC? Anyone know? There has to be a way.
Let's say my site was getting DDOS'd. Let's say I suspected I knew the attacker's home IP address. Would there be anything I could do with this information to either end the attacks or penalize the attacker?
I am using putty to get SSH access to my server. What I need to do is create a backup of a directory on my server and then get that file on my computer somehow.
I do not have FTP access and don't know how to set this up.
I do have HTTP on the server but i get a 403 forbidden error when I try to access the file via my browser. I need help ASAP. If you can help I may be able to reward you.
Name your price if you can't do it for free or want some incentive
The faster the better. If you can get on AIM or MSN right now please get a hold of me. My aim is bikerjeg and MSN is bikerjeg -at- sbcglobal.net
Just been thinking and currently i host all my services with other hosting companies like my web hosting accounts etc...but was thinking of buying a DA licence and installing it onto one of my linux servers.
On DA's website it says one licence per IP or something along them lines...does this mean if i was to install a licence on say 99.99.99.999 and it was working ok etc but then if i changed my IP range to 99.99.99.998 would that mean the DA licence would no longer be valid?
Which free server admin tool do you prefer? As far as I can tell Webmin and DirectAdmin are the major players (correct me if I am wrong). I am the only one with access, so their is no need for other accounts or hosting sites from others.
we have a server that was breeched and is being used to send ddos attacks to another website and we need to stop it permanently and secure our server to avoid it from happening again.
My tech has already been able to track down the bot/script that was sending it and seemed to stop it for about a week, but they have gained access to the server again.
He is not an expert at security issues so I'm looking to hire someone for a one time job to correct this issue.
Can someone offer me some referrals of someone to take care of this. Please do not recommend Rack911 as I waited nearly a week for their assistance and had no luck.
I have experiencing strange behaviour of Plesk admin panel. Actually there were a lot of issues similar with 500 Internal Server error but mine is a bit different..
This is the log came from the '/var/log/sw-cp-server/error_log'
As you can see there is a line starts with /bin/sh: /usr/share/sw-cp-server/applications-conf.sh: Permission denied and i tried to change this one for permission like 0755 or alternatives for a run but nothings changed. Btw i have plenty of disk space, it wasn't also the case.
I cannot even login with my domain name without 'https' and with the port 8880. It's again giving me the same issue.
BTW i want to give a little extra information; it was a long time that Plesk admin panel working but after today it's stuck in 500 Internal server error. What i tried today that to follow 'How to generate custom self-signed SSL certificates and apply it to Postfix: [URL] ....' , but after 6th step i was decied to stop because i couldnt find the root.pem file a minute and than i wanted to try on plesk and i saw the bad news I don't know it was related but i wanted to share.
Health Monitor Module is installed and running on server, but not visible under Server Administration Panel > Home > Server Health on Plesk Panel 11.0.9 update #7. Is there a trick to configuring home to show it and/or a direct way to launch view of server health?
One one of our (linux) servers spammers are king. they apparently can control anything and place spam links throughout the files.
For example spammer inserts Iframes either above or below HTML tags. (some step57 related type of virus/trojan as it seems)
Our programmer did not find where the problem is in our applications, yet he is not a security expert.
Our server admin company made us install phpuexec, we apparently have been checked on the server end and have mod_security, but we still don't know what's going on...spam continues.
Trying to determine what I want to put on my server for security. I have secured my /tmp, /var/tmp, and /dev/shm. I am now contemplating mod_evasive, mod_security, and/or APF Firewall.
1.) Should I install all three, or will APF Firewall, provide the same or similar security as mod_security, or vice versa?
2.) Will they all work together without conflicts?
3.) Does installing these services have any affect on overall server performance?
4.) Any other services you might recommend installing and why?
I have a dedicated server which I access via remote desktop.
The firewall is not enabled. What kind of security should I have on my server? Ive read that if I enable Windows Firewall my remote desktop connection will be blocked & this will mean me having to contact the server company via phone etc.
Currently working on securing my server and i think I'm doing quite well until I asked myself the question, have I done it right? Is there anyway to actually test how secure my server actually is? I'd rather not just wait and see if someone can hack me to bring to light what I did wrong...I was also thinking of hiring someone to secure my server but then how do I know that they've done anything different to me?
Are there any scripts or programs I can run to test server security?
after following the perfect server setup - centos5.2 guide I have setup a home server on my dsl connection and installed openfire with relative ease. I have a paid hosting server which runs my website but I want to have it access the userservice plugin of openfire to add/remove users (which is installed on my new home webserver).
After trying fopen and CURL to post GET data to my home server without any luck I did some reading and came accross the snoopy php class. The snoopy class now allows me to get the default apache test page on my home server but when i try to point snoopy to my openfire admin on port 9090 it throws up a timeout error (but i think this may be an error in the snoopy class?).
CURL and fopen allowed me to get data from google and some other sites but not from my home server.
I'm in an environment where we have hundreds of users uploading content to a web site.
With the current system, someone could potentially run a command that would wipe out hundreds of files (and it has recently happened). We are currently looking at ways to improve security and prevent "accidents" by separating the public server into to parts.
A public server and a quality assurance server. Everyone would have access to the QA server, and the QA server would upload all changes to production.
I personally see the benefit, but don't see the problem being completely solved. Does anyone have any advice on this or link to articles or books that might help to set up a secure web server structure?
i have a dedicated server , some one else made the security for me, how could to be sure of its security? how could to be sure of all php functions contain risk are closed or disabled? how could to be sure of there are not any security gap?