Forcing Secure Protocols?
Dec 25, 2008
how customers feel about being forced to use secure protocols?
For example on a cPanel server this would mean:
FTP: requires authentication over TLS
SMTP: relay requires SMTP authentication over TLS.
POP3: requires SSL
IMAP: requires SSL
cPanel: only https port enabled.
WHM: only https port enabled.
Webmail: only https port enabled.
Honestly, I don't think most customers would notice the difference so long as they were initially configured using secure protocols.
Combined with forcing reasonably strong passwords this should prevent a lot of iframe injection issues and SPAM related issues.
View 10 Replies
ADVERTISEMENT
Jul 16, 2015
how to use Plesk through “Customer's Guide, Plesk 12.0” manual from Odin website. I have a VPS Cloud plan at OVH with Plesk 12 Web Admin + CentOS 6.6
I wish to know how to enable POP3, IMAP, SMTP, FTP protocols with a cryptid connections using native Plesk/CentOS certificate (not purchasing one but self-made by the server). Moreover, I wish to know if it uses SSL or TLS.
View 2 Replies
View Related
Oct 16, 2014
Trying to turning off SSLv2 and SSLv3 protocols on all domains on a Plesk 12 CentOS 6 virtual server.
View 7 Replies
View Related
Sep 3, 2008
I've come across an issue where our users are not logging out of their terminal services session properly. Whether via TSWeb or MSTSC (remote desktop), if they close the browser or RDP window using the x it keeps the session alive for upto 1 minute.
The problem with this is that we use terminal services to host an application for users who can't install it, so other users that login (using a generic username and password) are adopting/hijacking the original session and seeing someone elses data.
Does anyone know of a way to force a new session each time a user connects to RDP? Whether via TSWeb or MSTSC (remote desktop)?
View 7 Replies
View Related
Mar 29, 2009
Could you guys look and see if what I am seeing is right? They offer Global Crossing and Cogent officially. So if I use GLBX looking glass, I get this.
Trying trace from node 'Miami, FL, US' to '96.31.73.xxx'
1 64.214.16.65 (64.214.16.65) 0.761 ms 0.608 ms
2 so0-0-0-2488M.ar2.TPA1.gblx.net (67.17.66.165) 5.690 ms 5.695 ms
3 WBS-CONNECT-LLC.ae0.409.ar2.TPA1.gblx.net (64.214.147.222) 5.731 ms 5.880 ms
4 69.46.31.106 (69.46.31.106) 7.442 ms 6.667 ms
5 node1.sarorahosting.com (96.31.73.2) 15.734 ms 15.993 ms
6 96.31.73.xxx (96.31.73.xxx) 15.861 ms 15.795 ms
Now if I tracert from the VPS to the GLBX router, I get this.
traceroute to 64.214.16.65 (64.214.16.65), 30 hops max, 40 byte packets
1 node1.sarorahosting.com (96.31.73.2) 0.072 ms 0.035 ms 0.008 ms
2 69.46.31.105 (69.46.31.105) 0.731 ms 0.863 ms 1.003 ms
3 gi0-6.na21.b001841-0.tpa01.atlas.cogentco.com (38.99.204.33) 1.147 ms 1.142 ms 1.428 ms
4 gi4-1.core01.tpa01.atlas.cogentco.com (38.20.33.89) 0.818 ms 0.814 ms 0.807 ms
5 po2-0.core01.mco01.atlas.cogentco.com (154.54.27.90) 148.004 ms * *
6 po5-0.core01.jax01.atlas.cogentco.com (66.28.4.146) 5.847 ms 5.839 ms 5.872 ms
7 po5-0.core01.atl01.atlas.cogentco.com (154.54.3.197) 11.953 ms 23.819 ms 23.870 ms
8 te3-3.ccr01.atl01.atlas.cogentco.com (154.54.5.38) 11.721 ms 11.752 ms 11.787 ms
9 te8-2.mpd01.atl04.atlas.cogentco.com (154.54.3.174) 11.962 ms 11.921 ms 11.987 ms
10 ge4-1-0-390-1000M.ar4.ATL1.gblx.net (64.208.110.97) 12.252 ms 12.359 ms 12.444 ms
11 64.214.16.65 (64.214.16.65) 16.026 ms 16.061 ms 16.594 ms
Now what would be causing this to happen?
View 1 Replies
View Related
May 1, 2008
one.com (aka the worst webhost ever) are holding my domain to ransom they refuse to unlock it. Is there anyway i can go over their heads and get control of it? the address is mine, so is the phone number and email. The admin contacts are not.
View 13 Replies
View Related
Apr 9, 2008
Jaguarpc lock up all the VPS forcing us to upgrade. could anyone please report to Police or other authority in concern, It 's hijacking and blackmailing.
View 14 Replies
View Related
Nov 22, 2007
using somewhat clever techniques, I've managed to put together a script that will check various rbls, honeypots, and the like, ie: to keep the bad guys out, and the good guys in.
I've managed to put this into play on a per site basis, using simple
PHP Code:
<?require_once("/home/user/httpbl/script.php");?>
so that I don't have to change 500 scripts every time I want to modify it, I just change it once per server. Pretty simple there.
The problem is that I'd like to use this on a more global basis, as in putting it in apache configurations, so I don't have to load it on a per-site basis, and can catch more of what needs to be caught.
View 4 Replies
View Related
Sep 29, 2008
I've been a layeredtech customer since early 2005, and until this last insane price-hike fiasco, I've never had a major complaint.
But now it keeps getting worse.
I wound up keeping this particular server around after the price hike (for several reasons, one of which was misinformation from a LT sales person regarding the prepay option) and several days ago received an email stating that my server would have to be moved, and that due to the chassis type of my old server, they could not move my server, I would need to migrate to a new server.
The email was less than forthcoming with details, so I tried to phone the person who sent me the email. The call went straight to his voicemail, where I left a couple messages asking him to return my calls, which he never did.
Finally I called their Sales department to figure out what was going on, and finally spoke with a nice & friendly guy (in a different department), who he stated that he felt like he was in the middle, and he just wanted to help us (the affected customers) out.
Okay, I figure I can handle moving all my custom software to a new server figuring that they would find some comparable piece of hardware to move me to at the same cost.
No.
I was told I would have to pay around 10% more per month for a server with only a slightly faster CPU, only 1GB of ram and only 1 hard-drive (current server has 1.5GB of ram & 2 hard-drives mirrored)
Oh, and I have to have everything moved by the 18th of October.
And I'll have to pay for 2 servers while I move.
Or, I might be able to have the server moved to a different space at Savvis, but that would likely only be a short-term solution, and this situation would come up again.
I find this really appalling--they really must hate their customers who helped them through the early years!
View 14 Replies
View Related
May 16, 2015
I've been fiddling with Plesk to get HTTPS to work for [URL] .... Unfortunately I haven't had any successes at forcing HTTPS, all result in a 'to many redirects' message.
The certificate is already activated and can be verified trough; [URL] ....
Code:
proxy_error_log:2015/05/16 16:35:00 [crit] 21266#0: *2336 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: 64.41.200.106, server: 151.80.117.38:443
proxy_error_log:2015/05/16 16:36:37 [crit] 21266#0: *2616 SSL_do_handshake() failed (SSL: error:14094085:SSL
[Code] .....
View 11 Replies
View Related
Jul 27, 2006
I was looking at my qmail queue using qmHandle and noticed that one of the emails sitting in the queue was simply there because of a blatant typo in the email address.
Therefore, I went to the appropriate file in
/var/qmail/queue/mess/*/*
and edited the file to reflect the new email address.
Does this work at all, or should the user resend the email? I naturally don't want to look at email that isn't intended for me (which is why qmHandle is a useful tool -- because only headers are available) nor do I want someone to know that I know their email is sitting in the queue (because they might assume that I *am* reading their email even though I'm not!)
I tried qmHandle -a to no avail; the email address has been edited as per my changes, but the email is still just sitting there.
View 3 Replies
View Related
Jul 26, 2009
how can i secure my tmp on vps?
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
it isnt work on vps and i have this error:
[root@ dev]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: could not find any device /dev/loop#
View 4 Replies
View Related
May 5, 2009
i want to secure my /tmp and do this:
so i try this link
[url]
so:
cd /dev
dd if=/dev/zero of=tmpMnt bs=1024 count=150000
/sbin/mke2fs /dev/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
but i have this error:
root@server [/]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: no permission to look at /dev/loop#
View 4 Replies
View Related
May 13, 2009
when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.
View 14 Replies
View Related
Aug 7, 2008
vbulletin.com/forum/showthread.php?t=281011
How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?
Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?
View 3 Replies
View Related
Sep 8, 2008
i'v been Installed all these In my VPS server
1)Disable Functions:
system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg, escapeshellcmd,proc_close,proc_open,ini_alter,dl, popen,parse_ini_file,show_source
and Enable The Safe_Mode.
---------------------------------------
2)Hide_your_apache_Version
---------------------------------------
3)Install LogWatch in a Server
---------------------------------------
4)Mod-Security-Install
---------------------------------------
5)Root-Login (IP Sent).
---------------------------------------
6)Disable Login Root and Change SSH Port .
---------------------------------------
7)Installing eAccelerator .
---------------------------------------
8)Install Nobody Check
---------------------------------------
9)Updateing All of
/scripts/upcp
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/scripts/easyapache
/scripts/securetmp
----------------------------------------
but doesnt know yet what the better to secure my vps ..
and about Firewall two .. wich firewall better
CSF or APF+BFD ..
View 4 Replies
View Related
Mar 27, 2008
I have an application that requires a Secure FTP connection to a server to work. I am having trouble connecting to one server, a windows based server, while the CentOS Linux server is working fine.
Does anyone know where I can find test Secure FTP locations so I can determine if the issue is with misconfiguration or with an incompatibility of the program with windows Secure FTP sites?
I am able to connect to both sites using WinSCP and choosing Secure FTP.
View 1 Replies
View Related
Aug 30, 2007
Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.
[url]
View 2 Replies
View Related
Nov 11, 2007
Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.
In particular this bit make Dreamhost a bit of a no go due to them being in California:
"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."
Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:
Secure UK Datacenter, eg Easynet, Blue Square etc
128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer
LAMP Environment
Support within Business Hours
Control Panel
View 6 Replies
View Related
Feb 4, 2007
So I just got SVN installed on my server, and now I'm wondering about the best way to go about securing it. This is what I've had done so far
the executables were installed to /usr/bin as ROOT
Then I created a directory in /usr/local/svn as ROOT to hold the svn repositories (the conf folders, etc).
I've decided that I'd like to use the SVNSERVE tool rather than have to run Apache2 which my current VPS provider does not provide any support for.
So I've run SVNSERVE like so:
svnserve -d -r /usr/local/svn --listen-port=7126
Then for each repository within the /usr/local/svn folder I've gone into the conf folder and added:
anon-access = none
auth-access = write
password-db = passfile
realm = myrealm
The passfile is located in the same directory (ie. /usr/local/svn/test) and contains my users in the format:
[users]
harry = harryssecret
sally = sallyssecret
I then run my checkouts like so:
svn checkout svn://mysite.com:7126/test
Now my question is how secure is this. I was tempted to use svn+ssh but I couldn't seem to figure out how to get it configured. Is the protection I have adequate? How easily can this be compromised? What steps should I take to lock it down further. Can I limit the connection to SVNSERVE to only come from certain specific IP's... similar to how apache does:
Order deny,allow
deny from all
allow from 192.153.123.12
View 10 Replies
View Related
Feb 22, 2007
What would be the most secure free CMS at the moment? I ask this because im looking to setup a website, and i dont have enough money to invest in a custom coded website, so to start out with ill use a free CMS, but i dont want to be hacked.
Now i know that because the CMS's are open source, they can still be hacked, what im looking for is something that is the most secure, preferably with sql injection protection.s?
View 11 Replies
View Related
Apr 15, 2007
Secure FTP?
Entirely dependent on Client Software or do we need to buy an SSL certificate and install it on our server as well?
How it works?
View 1 Replies
View Related
Jun 25, 2007
[url]
i followed the guide, after done I reboot the server then it gives me these errors:
Quote:
mounting local filesystems: Failed
mounting other filesystems: /dev/tmpMnt: No such file or directory
View 5 Replies
View Related
Nov 3, 2009
What is best method to secure the tmp?
1. /tmp mounted as noexec,nosuid?
2. creating /usr/tmp directory?
View 1 Replies
View Related
Mar 25, 2009
i have question about securety of our DNS Server.
View 8 Replies
View Related
Jun 13, 2007
I am looking for antivirus under linux like f-secure scanning php shell files scripts but free
i am facing many problems here from these shell files ....
View 0 Replies
View Related
Mar 15, 2007
recently I got a VPS from cheapvps.co.uk and so far so good. Im getting used to the VPS enviroment. I tried to follow several guides about how to secure with noexec and nosuid the /tmp and /var/tmp and it did not work.
in http : / / www . webhostingtalk .com/showthread.php?t=474681&highlight=tmp points it must be done from the hosting. Same is said in http : // kb . swsoft . com/article_130_648_en.html.
I asked the hosting to do it and they told me as I got an Unmanaged VPS they cant do it for me.
Do anyone know how can be done ? I dont want to use tmpfs as it uses main memory.
View 1 Replies
View Related
Jan 16, 2009
In terms of the secure domain, if I had a secure site and wished to access some information on a web page that was from a NON-SECURE domain or at least duplicate the non secure information on to the secure page, does the user need to click acknowledge buttons to go in and out of the secure areas? Can I copy or transfer information [eg goggle search results] onto the secure page without this necessity?
View 6 Replies
View Related
Jun 8, 2009
My requirements are 500MB, 5GB bandwidth, rails and postgres, $5-6 per month. It looks like there are many providers out there that are offer that.
However the only uploading method shared hosters seem to offer - or at least the only method they advertise - is FTP. Coming from a university and sysadmin background, I thought that anything that sends passwords over the wire unencrypted had died long ago (except HTML forms and legacy systems).
Are there any shared hosting services that allow a more secure upload method (e.g. scp, rsync-over-ssh, even webdav-over-ssl)?
View 4 Replies
View Related
