Debian Security For Hosting
Apr 26, 2009
From some weeks I try to have a secure install for my Debian. THis server will be a shared hosting host so need special security but I don't know how to do this.
My requirement are :
- Apache
- PHP (mod, not cgi)
Actually, users can navigate into my server by using phpshell script. And someone put lots of file into /tmp directory so I tri to secure all of that but don't find good tuto for that; do you know where can i have some?
And what about php using cron so execute with php-cli how to secure it?
View 3 Replies
ADVERTISEMENT
Oct 9, 2008
I just ordered a server which has that setup:
AMD Athlon 64 X2 6000+ Dual Core
8MB RAM
2x750GB RAID 1 HD
Now I wanna run it with DirectAdmin, but obviously DirectAdmin doesn´t support the Debian 64 which is installed but only 32 bit Debian.
Now I wonder wether I could setup a Debian 32 as well on that system and if yes, wether it would give me a deficit in Performance?
Or would you rather go with CentOS 64 which Directadmin supports?
View 6 Replies
View Related
Apr 8, 2008
I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues?
View 6 Replies
View Related
Mar 24, 2007
I have hosting - php/apache - with Orchard Hosting, and I've been with them for many years and there's never been a problem.
Then, a couple of days ago I realised from my logs a text file had been put in a directory in my webspace without me knowing anything about it. I emailed my host and they said it could have happened by either:
1. someone using ftp and getting into my account
2. someone injecting PHP through a form on the site.
I've added some code to my validation to look for <? and fwrite keywords but I think it's secure! But in the logs, there's no visits to the pages where the forms are (one of which is AJAX powered) - so I'm not sure it's injection.
Is someone using some kind of anonymous connection to my FTP (which shoudn't work!) the most viable reason why this has happened?
View 3 Replies
View Related
Jun 11, 2007
I have a server is running windows 2003 enterpirse as WEB HOSTING. It don'nt configure to become Domain Controller. Anyone advise me that Should I do if this server will attached by hacker, virus or OS error,damage?
View 4 Replies
View Related
Jan 20, 2008
About next week, I'll put a Linux box on the web.
Could anyone suggest what kind of security measures I could implement?
Iptables:
- Protect against DDos?
- Protect against certain worms?
- Protect against flooding?
Services:
- Protect against constant dictionary attacks based on ports?
Pretty much any experience you could put down in this thread would be invaluable.
Also mod, if this shouldnt be here. Feel free to move, Im not sure where it should go!
View 9 Replies
View Related
Nov 18, 2008
I'm a web designer trying to find a web host for a client. I've set up several clients, including the one in question, at IX and haven't had a problem until the other day, when my client's site was hacked. A redirect code was inserted, taking the user to a false site that installed a virus. The offending code was removed by IX but the client's experience with their tech support was less than satisfactory. I've seen similar stories on this forum and others.
I'm looking to find another host and have some questions about security on shared hosting plans. I understand that they're not completely secure but I'm wondering if certain hosts or certain servers are more susceptible to hacks than others? I see very little, if any, mention of security on sites of hosts offering low-cost, shared hosting plans.
Fewer low-cost hosts seem to be offering dedicated IP addresses. Is a shared IP address going to be less secure than a dedicated one?
My client's site is info only -- no ecommerce or user login -- so it doesn't have to be Fort Knox, but they shouldn't have to worry about it being hijacked either.
Lots of questions, I know. It's my first time posting on this forum, so be gentle.
View 9 Replies
View Related
Dec 15, 2008
I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:
Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10
View 10 Replies
View Related
Jul 19, 2007
Which methods is need to protect a hosting server?
View 10 Replies
View Related
May 26, 2009
I am in a shared hosting environment. Their php's setting does not have open_basedir set and safe_mode is off.
I was poking around their server and noticed that using some simple system() calls within a php script, I was able to access /etc/passwd and therefore access all their client's public_html.
I am currently calling them to let them know of the vulnerability. But out of curiosity, is it normal that I can read all the other site hosted? They do have config files with mysql pasword in it.
View 3 Replies
View Related
May 10, 2008
I've been reading these forums for a while now... a lot of very interesting and useful stuff. However, I've always been happy with the hosting of my site until recently, and have never had a pressing reason for wanting to change.
However, I recently had a four day outage to my site. The hosting company (which shall remain nameless, for now) put this down to a security problem which meant they had to take down the shared Windows server and go through all the sites on the server looking for the site that had bad code which caused the security outage. I also has problems with malicious javascript being injected into my pages prior to this.
I quote from the hosting company "Unfortunately this is a shared hosting solution and by its very nature, it means that poor code affects all sites on that web server. .... The vulnerabilities of ASP, MS-SQL and .Net are well documented." They then proceeded to try to sell me a dedicated server (which I believe will likely be too expensive for my needs).
I'm no expert on hosting, but this doesn't sound right to me. Is all Windows shared hosting afflicted with these kinds of security problems? or only when it's not set up right? I need reliability, but not absolute 100% bulletproof uptime if it comes with a dedicated server pricetag. I do need to avoid outages of a number of hours/days (!!) however
Hopefully one of the experts here can put me right I can't believe that Windows hosting security is that bad that no company can have a shared hosting product that avoids the aforementioned problems. What do you think?
View 12 Replies
View Related
Sep 10, 2007
MySQL 5.0 supports stored procedures -- but is it safe to allow shared hosting customers to have privileges to create them? If the procedures are global, does that mean that:
a) one customer could write a procedure which accessed another customer's data?
b) any customer could call a procedure created by a different customer?
c) any customer could override an existing mysql function in a way that would affect other customers?
d) any customer could write a function that bound to a system library and crash the entire server instance?
View 8 Replies
View Related
May 8, 2007
I normally hang out in the web design area, so it there is a related thread, please point me there.
I have been hosting a very small site with, what I thought, was a respectable local company. This morning I went to my home page and guess what - my friendly neighbourhood hacker paid me a visit. Gone (commented out) is my home page content, replaced with the following text:
I would like to report that your site is highly compromisable. Please review your hosts security settings. I would recommend changing though, they are a piece of ****.
(I have not deleted anything. the original page is commented out but is still located in this file.)
This security message has been brought to you by Scorpian & AV.
How do I deal with this? If I get no response from my current hosting company on how someone got hold of my ftp password, I want to move my site, but how do I know the next company has better security measures? And what should these security measures include? Any tick lists out there for testing domain host's security?
View 7 Replies
View Related
Feb 27, 2009
My information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.
My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.
So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"
How can I:
1) ...set their specific FTP to open to their directory only?
2) ...ensure that they cannot navigate to other folders on my server?
3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?
View 7 Replies
View Related
Mar 23, 2008
I am a web designer, and have been doing this for about 5 years now and have never encountered such a problem. I had a problem come up a few days ago where one of my clients got into an argument with the Mavrick Team web hosting and computer services company's owner regarding services. She has reported to me that he went into her email account, and has emailed her clients false information about her services after their heated discussion. She told him that she was going to press charges. He told her that he had harvested all of her clients email addresses and will email them to her competitors if she does not back down. What can she do? I feel awkward as I am in the middle of it now. I was the one who referred her to Mavrick Team (aka as I host them) for web hosting services, and moved her site to their servers. This man has created such a big problem for this women now. Her clients are doubting her services and he is blackmailing her. She does not owe him any monies. She has forwarded two of the emails that her clients forwarded to her, so I know she is not making this thing up. I advised her to move all of her emails to a personal email account, contact all of her clients to let them know that someone has access to their info, and I am helping her move her site. Who can she report them to?
View 12 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
May 31, 2009
I want to backup a entire folder thats in / not in any other folders.
I've tried this command but I get the error described below..
tar cvpzf opensim.tgz
tar: Cowardly refusing to create an empty archive
Try `tar --help' or `tar --usage' for more information.
The folder is called opensim. I was logged into SSH with root access and tried the command directly, not going into other folders because well I dont want to, I wanna backup that 1st opensim folder that I can see on the FTP also.
View 8 Replies
View Related
Jan 9, 2009
I'm having some trouble finding a VPS host that offers Debian and Plesk. I've searched the forum but nothing's really panned out. I'm currently with Geekstorage but the server has been slow (same problem reported by others).
Anyone have recommendations for Debian + Plesk VPS host?
View 4 Replies
View Related
Jul 28, 2007
i can't get java installed correctly on my debian server.
i downloaded the .bin file from java sun's website and run it says "done."
but when i type :
Code:
whereis java
the terminal shows
Code:
host:/# whereis java
java:
View 4 Replies
View Related
Dec 8, 2008
i just installed debian but when i try to start it, it just give me "error 2 " when i try to boot it
What is error 2 google gave me nothing
View 4 Replies
View Related
Dec 13, 2007
Install Required software
NX server needs ssh and some libraries to run. These packages are normally not installed during the basic installation process.Use the following comamnd to install
#aptitude libstdc++2.10-glibc2.2 ssh
Install Free NX Server in Debian Etch
First you need to download the .deb packages using the follwoing commands
i did the three steps..
Now you need to install .deb packages in the following order this is very important
#dpkg -i nxclient_2.1.0-17_i386.deb
#dpkg -i nxnode_2.1.0-22_i386.deb
#dpkg -i nxserver_2.1.0-22_i386.deb
If you get any errors use the following comamnd to fix
#apt-get -f install
Now you need to make sure ssh and nx servers are running if not start with the following commands
#/etc/init.d/ssh start
#/etc/init.d/nxserver start
--------------------
but the problem is i cannot connect to the nx .
i installed the program on windows but what is the username and password should i use? i tried to use the root but it said that the user root cannot be used.
View 1 Replies
View Related
Jan 30, 2007
i have the vps with debian 3.1
i digit on ssh /etc/init.d/mysql start and i see this error
Starting MySQL database server: mysqld.
Checking for crashed MySQL tables in the background.
/etc/mysql/debian-start: line 13: logger: command not found
View 1 Replies
View Related
Jun 24, 2009
I have just installed my vps with webmin on debian 5 and I need a guide to how to configure my system to use suphp, Ive googled it but not come back with any clear guide.
I better add Ive plunged in at the deepend and after the secuity breach at Vaserv, I can not take the easy option and install lxadmin any longer.
View 1 Replies
View Related
Oct 24, 2009
Which OS is better in security and easy to use for vps beginner:
CentOS™, Debian™, Ubuntu™, Fedora™, or Gentoo™.?
View 14 Replies
View Related
Jul 23, 2009
I'm leaning towards centos but am concerned that development priority in that distro will switch over from Xen to KVM as RHEL does. Which distro would you choose for dom0 and why?
View 3 Replies
View Related
Mar 19, 2009
where I can find a guide or how-to to hardening Debian Lenny web server (a xen vps one)?
View 0 Replies
View Related
Jul 3, 2009
installing Debian. I choose Standard package without anything, No DNS Server, No Web Server, No Mail Server.
But ssh is not working, how do I install sshd and get it work?
View 4 Replies
View Related
Jul 9, 2008
I've just ordered a dedicated server with Ubuntu server, but they've come back to me to say that they've had trouble installing Ubuntu server on these particular servers.
As an alternative, they're offering to install Debian. My concern is that I come from a windows background and have spent the last month reading and playing with Ubuntu Server in vmware. I'll be running a small handful of sites on the server and will rely on the apt-get and package installer in webmin to get things set up and for administration. I'll dabble in the shell a little, but only when needed.
Should I go with a different host that can offer Ubuntu, or will I be okay with Debian?
View 9 Replies
View Related
May 20, 2008
my os is debian
how can disable iptables on it?
part12:/# service iptables restart
-bash: service: command not found
View 3 Replies
View Related
Aug 11, 2008
I am on a vps server and want to install a GUI based control panel. ISPconfig being the most talked about however i am unable to find a tutorial which helps you with step by step installation on debian 4;
View 1 Replies
View Related
Jan 17, 2008
problem on one server with debian, the last month it have a 100% f uptime, but since yesterday automaticly it reboot every 1 hour exactly!
this is a game server , dont have service like httpd , mysql dns , nothing! , I uninstall cron jobs thinking that will solve the problem, but no .....
I install firewall, run rkhunter and chkrootkit, check whell gruop and nothing
logs:
Jan 17 05:20:00 debian -- MARK --
Jan 17 05:40:00 debian -- MARK --
Jan 17 06:00:18 debian syslogd 1.4.1#18: restart.
Jan 17 06:00:18 debian kernel: klogd 1.4.1#18, log source = /proc/kmsg started.
Jan 17 06:00:18 debian kernel: Bootdata ok (command line is root=/dev/sda1 ro )
I change root password and ssh port but nothing... I think that could be a issue on debian or some exploit cause it, this was happend Suddenly one day to another it is very Strange....
somebody know about this?
SERVER:
debian:~# uname -a
Linux debian 2.6.18-5-amd64
CORE 2 QUAD - 2GB ram - debian 64 bits
View 5 Replies
View Related
