The searching I've done has uncovered numerous articles about securing a Web server...but I don't have control at that level. What I'm looking for is advice and tips on how to best secure an individual Web site to ward off hackers and the like.
More specifically, how to best do it using the tools available in cPanel, like Web Protect, HotLink protection, Leech Protect, Index Manager, etc., plus other things I should do if cPanel's tools aren't sufficient.
I've been a reseller for 7-8 years now. Just now getting out of the business.
I've "downsized" so that the only sites I have left are either my own little "experiments" or are sites belonging to local non-profits, where...because of a lack of expertise on their part, I'm basically the webmaster.
One of these sites belongs to my church. The site has been up-and-running for, oh, I think somewhere in the realm of 4-5 years now.
In the past two years, we've seen a large increase in the number of exploit attempts on this site. First, there's the never-ending flood of bots... creating user accounts in the forum software and image gallery software.
Then there are the actual hacks. Once, long ago, it was hacked by a pro-Muslim-extremist group. (But it wasn't alone. A ton of sites all over the net were hacked that day. Hacker through up the same pro-Muslim-extremist page on all of them.)
Then, more recently, somebody exploited a weakness in the image gallery software and uploaded their own little files onto the box. And one of those files was a script that apparently was designed to let them hack away at CPanel, trying to get in.
Anyways, I've been doing my best to keep the third-party software up-to-date. And I've customized some of that code according to recommendations on their websites in a way that "blocks" bots and certain functions that these people might like to use.
But staying viligant sure does take a lot of time and energy.
Tonight, I'm going to uninstall their forums permanently. Nobody's been using them in the past several months anyways. But I sure don't want to uninstall their image gallery software.
I guess I'm wondering if there's some hosting provider out there who maybe specializes in helping provide churches with extra security?
Attached is a (badly) drawn diagram of two sites, connected by a vpn.
The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.
The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.
Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.
now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.
I have the following route on the linux server: .....
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
I'm on a short assignment to inventory and manage the fixed assets of a small company, and we've just bought a web-based database for this purpose. While I'm pretty good at administering/running local databases, the web part has me stymied. Our company is between IT people, and there's no one on site with any more idea than I have about what's going on!!
Here's what I have so far:
--The company has a website which I'll call "ourwebsite.org" -- which I think, from searching the IP address the website points to, is hosted by HostMySite.com.
--There's also a record in DNS Management with the same name (ourwebsite.org), but pointing to our little server's local IP address.
--I need to find a way to get my database -- which I can access on the network at (server's IP address)/database (ie 0.0.00.0/database) -- online. I tried creating records in DNS Management (for ex., assets.ourwebsite.org) that point to our server's IP (the one that, if I type it in on the network, I can get to the site I'm looking for), but get generic "can't find the page" or "can't connect to the server" errors, even after 72 hours, when trying to access it from off the network.
--If I browse to assets.ourwebsite.org/database on the server itself, I get to the website! But if I go to that page from any other computer, on or off the network, it doesn't work.
--The Server is running Windows Server 2003
So, what are my options? Do I have to talk to the HostMySite.com people to add this page? Shouldn't I just be able to use my server's name (ourcompanyadc.ourcompany.org) and have that route to the server? What's going on here! Is there a simple way to get a tiny local-server-hosted website online outside of the network?
when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.
How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?
Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?
I have an application that requires a Secure FTP connection to a server to work. I am having trouble connecting to one server, a windows based server, while the CentOS Linux server is working fine.
Does anyone know where I can find test Secure FTP locations so I can determine if the issue is with misconfiguration or with an incompatibility of the program with windows Secure FTP sites?
I am able to connect to both sites using WinSCP and choosing Secure FTP.
Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.
Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.
In particular this bit make Dreamhost a bit of a no go due to them being in California:
"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."
Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:
Secure UK Datacenter, eg Easynet, Blue Square etc 128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer LAMP Environment Support within Business Hours Control Panel
The passfile is located in the same directory (ie. /usr/local/svn/test) and contains my users in the format:
[users] harry = harryssecret sally = sallyssecret
I then run my checkouts like so: svn checkout svn://mysite.com:7126/test
Now my question is how secure is this. I was tempted to use svn+ssh but I couldn't seem to figure out how to get it configured. Is the protection I have adequate? How easily can this be compromised? What steps should I take to lock it down further. Can I limit the connection to SVNSERVE to only come from certain specific IP's... similar to how apache does:
Order deny,allow deny from all allow from 192.153.123.12
What would be the most secure free CMS at the moment? I ask this because im looking to setup a website, and i dont have enough money to invest in a custom coded website, so to start out with ill use a free CMS, but i dont want to be hacked.
Now i know that because the CMS's are open source, they can still be hacked, what im looking for is something that is the most secure, preferably with sql injection protection.s?
I am looking for antivirus under linux like f-secure scanning php shell files scripts but free i am facing many problems here from these shell files ....
recently I got a VPS from cheapvps.co.uk and so far so good. Im getting used to the VPS enviroment. I tried to follow several guides about how to secure with noexec and nosuid the /tmp and /var/tmp and it did not work.
in http : / / www . webhostingtalk .com/showthread.php?t=474681&highlight=tmp points it must be done from the hosting. Same is said in http : // kb . swsoft . com/article_130_648_en.html.
I asked the hosting to do it and they told me as I got an Unmanaged VPS they cant do it for me.
Do anyone know how can be done ? I dont want to use tmpfs as it uses main memory.
In terms of the secure domain, if I had a secure site and wished to access some information on a web page that was from a NON-SECURE domain or at least duplicate the non secure information on to the secure page, does the user need to click acknowledge buttons to go in and out of the secure areas? Can I copy or transfer information [eg goggle search results] onto the secure page without this necessity?
My requirements are 500MB, 5GB bandwidth, rails and postgres, $5-6 per month. It looks like there are many providers out there that are offer that.
However the only uploading method shared hosters seem to offer - or at least the only method they advertise - is FTP. Coming from a university and sysadmin background, I thought that anything that sends passwords over the wire unencrypted had died long ago (except HTML forms and legacy systems).
Are there any shared hosting services that allow a more secure upload method (e.g. scp, rsync-over-ssh, even webdav-over-ssl)?
am getting this repeated error line in in log/secure
Quote:
Jun 7 18:19:38 host sshd[15751]: warning: /etc/hosts.allow, line 7: can't verify hostname: getaddrinfo(ev1s-209-85-4-32.ev1servers.net, AF_INET) failed Jun 7 18:19:38 host sshd[15752]: Connection closed by 209.85.4.32
here is my host.allow:
Quote:
# # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. #
all we know that perl language its using in alot of scripts and alot of system admins stop it why this why u dont try stopp the problems from it and make ur client have perl to used it in scripts lets try this if some one need to see passwd he will do cat /etc/passwd what about make this chmod 700 /bin/cat and he will used wget to get files what about this chmod 700 /usr/bin/wget and lynx what about chmod 700 /usr/bin/lynx in this case we make root only can using this commands any system admin sure know now the idea and he can use it as he want ,, this secured method not only in perl its in another programing language put i give this as a clear exampel.