Enterprise Web Server Security
Feb 13, 2007
I'm in an environment where we have hundreds of users uploading content to a web site.
With the current system, someone could potentially run a command that would wipe out hundreds of files (and it has recently happened). We are currently looking at ways to improve security and prevent "accidents" by separating the public server into to parts.
A public server and a quality assurance server. Everyone would have access to the QA server, and the QA server would upload all changes to production.
I personally see the benefit, but don't see the problem being completely solved. Does anyone have any advice on this or link to articles or books that might help to set up a secure web server structure?
View 5 Replies
ADVERTISEMENT
Feb 12, 2008
experienced people in Windows 2003 Server edition then me.
Now working for this client of mine seems they have much more problems then just a single hard drive issues as posted in another post.
Now they also have a Windows 2003 Server Enterprise Edition on their server, which is activated but their Product Key fails every time they try getting an update like SP1, etc...
Now, I'm guessing it's because their product key isn't the original or fake as they never purchased Windows 2003 but the tech they fired installed it any ways and got it working.
So I went out and purchased an Windows 2003 Server Enterprise Edition (OEM Version) as it's cheaper and I had to build a system recently so that worked out pretty well.
Anyways, using all of the tips on the internet to disable or deactivate windows worked well but when using the Activation Wizard and entering the new product key, it just comes back to the product key area again. So I've called Microsoft and the guy on the phone wasnt able to help me nor activate the windows.
Question:
Does anyone here have experience with Windows 2003 Server and would know why this is happening or know a fix?
Do I have to reinstall the OS?
If reinstalling, can I do it the same way as Windows XP that you select to install a new operating system, then select the partition, it detects the operating system on there and replaces the OS files only with the new ones but leaves everything in the same state, does something like this work or is available in Windows 2003 Server?
View 1 Replies
View Related
Jun 22, 2009
im scanning my site via Acunetix vulnerability scanner and see that it has high risk vulnerability "Mysql enterprise server 5.0"
It says upgrade to 5.1.How to do it in UBUNTU 8.04?
View 3 Replies
View Related
Jun 3, 2007
I have a somewhat unusual question for a hosting forum, but it seems to fit here reasonably well. I figure that anyone who does colo would know about buying and selling servers.
Right now, I have a very high-end system, basically a Sun V40z:
[url]
It is fully configured with processors, memory, but only has a single hard drive currently. The system comes with a built in management processor and OS; from the console you can boot/restart the server, check which DIMMs or processors are working (or failed), etc. It has been barely used, and is in mint condition.
I'm thinking about selling it, because I'd prefer a smaller, more compact server.
Where do you guys go to sell servers? Based on listings here, the server seems to sell in the range of 20K, with a warranty of sorts (30 days):
[url]
Obviously, I can provide no warranty, but I have pretty much the same configuration.
It's meant to be a pretty high-end database server, and I just don't need this many horsepower.
View 8 Replies
View Related
Aug 8, 2007
I found eurovps.com and I think it is very good regarding specs/price ratio.
I am interested on VPS 200W.
View 4 Replies
View Related
Oct 20, 2009
i am thinking to get a server with Brustnet. i do have my own windows 2003 enterprise edition license. i just want to know am i allowed to install my own cd iso with license.
View 13 Replies
View Related
Feb 9, 2007
i'm thinking of upgrading my server....
I really do not want to signup with 1&1 after the stories i have heard...
However they are offering:
* Dual Core AMD
Opteron 1218
* 4 GB DDR RAM
* 400 GB (2X SATA drives in RAID 1 configuration)
* 400 GB FTP backup
* 4,000 GB monthly
transfer volume
$299/month.. .seems decent.. I would be managing it myself and would not need to speak to support....
View 3 Replies
View Related
Jul 28, 2009
I'm about to purchase several Dell R610 and R710 servers. Has anyone experience with iDRAC6 Enterprise? Is it worth the extra $349/server or would you recommend another KVM IP solution?
View 6 Replies
View Related
Feb 24, 2007
Hi, I'm going to open a site (visitors outside US) using tons of space and data transfer.
It's something need lots of space like file hosting (but most file less than 10 mb each)
So i need an affordable dedicated (or semi-dedicate) with less than $100 a month to host my site. Until it grow and i can move site to local provider (better speed, more expensive)
Currently i aimed to netfirms enterprise 2. it's $69 a month, 100 GB Space/2000 Data Trans.
Do you recommend this to me ? Or other's are better.
View 2 Replies
View Related
May 11, 2009
I am running a server with Windows Enterprise 2003 installed, it has 32GB RAM installed but in control panel I can only see 15.5GB RAM, I understand graphics cards etc will take some of the RAM so I suspect Windows is only seeing 16GB, instead of the installed 32GB, anyone any idea as to why I do not see all 32GB.
View 9 Replies
View Related
May 3, 2009
How can I install it Asterisk on Red Hat Enterprise Linux - ES 4 (64 bit)?
View 2 Replies
View Related
May 3, 2008
It seems they have clustered hosting now... and its at a pretty good price. Is anyone with Netfirms?
View 8 Replies
View Related
Mar 3, 2008
15 days review .. litespeed enterprise web server
We have installed litespeed on our 4 servers ...
2 are cpanel
1 is Direct admin
1 is Plesk ..
All have websites running shopping carts, joomla cms, drupal cms, os commerce, etc....
None of our customers had any problem ... and all of them reported super fast loading ..
static websites load in a zoom ...
also cpanel loads 'like a bullet' with litespeed .. compared to apache on same server .. cpanel loads 2x times fast ...
we had problem of ddos on one of the servers .. now with litespeed its all history ..
also it seems now we can host double websites on same server with litespeed .. it reduces hardware costs ..no wonder wordpress.com uses litespeed ..
we have also tried lighthttpd .. but its too complicated ... litespeed is like plug and play usb ...
also there support is fast and have active forums ...
and they regularly come out with updates and its easy to upgrade ...and instructions in there wiki is simple and clear ..
View 4 Replies
View Related
Jan 26, 2007
we have a customer who has Red Hat Enterprise Linux 4 on there server and they have asked us to install GD-1.8 and perl-GD-1.33-1.i386 every time we try and install GD-1.8 it says 'GD-2.2 is newer blah blah' and we can not continue. Dose any one know how this can be done and if so could they please give us some information of how to do it.
we have been thinking about forcing 1.8 to install but we do not think this is a good solution as it will cause other problems.
View 1 Replies
View Related
Aug 14, 2007
for an enterprise wide deployment, what will you suggest and why among - Red Hat Linux, Suse Linux and Ubuntu Linux, also, do you think, we can negotiate the support pricing down?
View 4 Replies
View Related
Feb 14, 2007
I'm also curious as to some suggestions on forums really geared towards server hardware discussion. if you know any good ones, please let me know
anyway, here's the situation:
I currently lease my servers. I'm planning on switching to colocation. three primary functions need to be met:
1) web server
2) mysql server
3) mass storage
I'm contemplating the best way to do this. price is a concern but I'm willing to pay more if it's warranted.
would it be a bad idea to have the mass storage and the webserver on the same machine? ie, take the web server box and just throw in a SAS/SATA RAID card and put in the extra disks. it'd obviously save in overhead costs.
if I do put them on one box, should the OS be booting from seperate physical disks from the rest of the storage?
if I don't put them on one box, ie, the web server and the storage server are seperated, what would be the ideal way to connect them? just ethernet/LAN, through a fibre connection, etc?
and that brings me to another question... why does SAS have external adapters if it's not supposed to be used to directly attach the array to more than one box? can it be used this way? is there a reason it shouldn't be?
View 7 Replies
View Related
Aug 21, 2007
my clients with getting up some VPS's (around 16 - 24 to start) so he can consolidate some of his servers. Due to his need for windows as well, we'll be going with XEN.
His big thing is to consolidate 4 of his webservers into VM's over seperate boxes (like 1GB ram each) and maybe even VM his SQL box so he can get an MSSQL in there for later on.
My question is: How does the opensource XEN compare performance wise to XenSource ENT? At times he'll need to pull some good network transit (100Mbit+ over the LAN) and we want to make sure it isn't going to lag out or simply just not work.
Does anyone got any benchmarks from using both?
View 14 Replies
View Related
Jun 15, 2007
Which type of suse you recommend Professional or Enterprise Edition?
View 2 Replies
View Related
Jan 28, 2007
Some companies like comodo are providing serverwide/enterprise SSL, for multiple domains on a shared IP
View 4 Replies
View Related
May 21, 2009
I'm running CentOS 5.x and DirectAdmin and wondering how to do the following:
- Disable compilers and other known binaries. Should I chown WGET 550?
- Prevent Shell Fork Bombs
- Best way to create partitions for tmpfs, tmp since my host forgot them?
- Any other tips on securing a DA based server? (I already have taken care of the whole SSH side of things)
View 3 Replies
View Related
Feb 27, 2007
One one of our (linux) servers spammers are king. they apparently can control anything and place spam links throughout the files.
For example spammer inserts Iframes either above or below HTML tags. (some step57 related type of virus/trojan as it seems)
Our programmer did not find where the problem is in our applications, yet he is not a security expert.
Our server admin company made us install phpuexec, we apparently have been checked on the server end and have mod_security, but we still don't know what's going on...spam continues.
View 6 Replies
View Related
Oct 9, 2007
Trying to determine what I want to put on my server for security. I have secured my /tmp, /var/tmp, and /dev/shm. I am now contemplating mod_evasive, mod_security, and/or APF Firewall.
1.) Should I install all three, or will APF Firewall, provide the same or similar security as mod_security, or vice versa?
2.) Will they all work together without conflicts?
3.) Does installing these services have any affect on overall server performance?
4.) Any other services you might recommend installing and why?
View 7 Replies
View Related
Aug 26, 2007
I have recently installed and configured my webserver. Since I think security is very important I am curious for recommendations, tips, etc.
My server:
-CentOS 4.4 (installed by provider)
-Apache 2.0.52
-Php 4.3.9
-MySql 4.1.20
-No FTP
-Mod_security is running
The firewall that comes with CentOS is switched on and allows the following ports: http, ssh, smtp.
I have installed sendmail, but it is turned off by default. I need it approx. 3 times a week for 15 minutes or so and will turn it on then.
I have barely any budget so hardware firewalls etc. aren't an option.
Furthermore it's a basic server, just like my knowledge, so advanced things like IDS aren't an option.
View 14 Replies
View Related
May 8, 2007
i want to know how can they make the directory ( u--------- )
take a look on this php shell
[url]
what i mean is they make the directory secure against any phpshell with that trick and they hide the hard disk space
how can i make this
my apache is 1.3.37 and i using fc5 and i have mod_security and cfs
View 6 Replies
View Related
Aug 31, 2008
I am considering renting a server, but got one question first.
If I sign up for one unmanaged root server with a control panel, from a provider. And just put my website on the server, and let it run there.
Is that a security risk? Is it easy for people to hack into my server, or anything like that?
View 5 Replies
View Related
Oct 10, 2008
We have been using XenServer Enterprise v4.x, and are quite satisfied with it. The new version (v5) with High Availibility capability is quite a beast.
We are in need of several licenses (Standard/Enterprise) and just want to make sure we are getting the best price. For anybody that uses it, who are you getting your licenses from? And how much are you paying from these resellers?
View 1 Replies
View Related
Jul 18, 2007
I only know basic commands for SSH and have been trying for hours to get GD installed for PHP4. I have tried:
# apt-get install php-gd
bash: apt-get: command not found
apt-get install php4-gd
bash: apt-get: command not found
# up2date -i php-gd
Fetching Obsoletes list for channel: rhel-i386-es-4...
Fetching Obsoletes list for channel: rhel-i386-es-4-extras...
Fetching rpm headers...
Name Version Rel
----------------------------------------------------------
The following Packages were marked to be skipped by your configuration:
Name Version Rel Reason
-------------------------------------------------------------------------------
kernel 2.6.9 55.0.2.ELPkg name/pattern
kernel-devel 2.6.9 55.0.2.ELPkg name/pattern
kernel-hugemem-devel 2.6.9 55.0.2.ELPkg name/pattern
kernel-smp 2.6.9 55.0.2.ELPkg name/pattern
kernel-smp-devel 2.6.9 55.0.2.ELPkg name/pattern
php-gd 4.3.9 3.22.5Pkg name/pattern
The following packages you requested were marked to be skipped by your configuration:
php-gd
None of these things work and I was wondering if anyone knew how to get this to work without recompiling PHP.
View 14 Replies
View Related
Aug 1, 2007
1. Transferring the sites to JaguarPC
- Moving the sites to them was kinda rough, but with Veena's help
everything was fixed in the end.
I wouldn't say their tech support was not helpful, it's quite the
opposite, but sometimes though not too often, I've got the impression
I was communicating with some kind of auto reply machine.
2. Uptime
- I've had 100% uptime (measured by the third party service) for the last four-five months. It was 99.2-99.5% some months last year, including scheduled maintenance downtime, server move, etc.
3. Transfer speed, site speed
There had been problems in the past year with site speed and extremely low transfer rates in/out, but it was fixed. I can see all of my sites up and loading pretty quickly.
4. Server load
When I had a big vbulletin board and gallery hosted on my VPS, I should admit I was experiencing server load problems now and then especially when 100+ people tried to use Flash Chat.
I don't have this board anymore, and therefore no server load problems.
5. Tech Support
- In general quite solid and reliable, but a bit uneven.
While some of their tech staff is brilliant and replies within 30 min,
and makes sure the problem is fixed, there were a few that probably
didn't read the tickets properly and didn't understand the nature of the
problem right away.
But then again, their tech support managed to assist me every time I needed them last year.
Don't know much about current situation now, I haven't tried to contact JaguarPC Tech Support for quite a while, which actually is a very good sign, right?
6. Price
- Very reasonable, among the lowest in the market as far as I could see. And they also have Cpanel included in the price, lots of features, traffic, and pretty good storage space.
7. Conclusion
- So far I see no reason at all to change my hosting provider. I think I will continue a bit longer, a year (or two?).
View 3 Replies
View Related
Nov 6, 2009
My server has been hacked, I need you please to help learn about Unix server security to protect my server.
View 6 Replies
View Related
Jun 7, 2008
I have a dedicated server which I access via remote desktop.
The firewall is not enabled. What kind of security should I have on my server?
Ive read that if I enable Windows Firewall my remote desktop connection will be blocked & this will mean me having to contact the server company via phone etc.
View 9 Replies
View Related
