How to secure server from Shell scripts like c100,c99,locus and so on.
Please provide me clear instructions if possible.
and let me know what we can do if a server is already infected with these shell scripts.
Do you guys have any idea what is the best way to enable SFTP for a cPanel account?
I could give it Shell access, but isn't it possible without it?
For hosting irc and shells i heard that the best choice for OS is the FreeBSD..
I would like to know if there are any toturials or if someone can write one.. (or give some tips) of how can i secure a machine running FreeBSD and used for irc + shells!
For example how can i install a firewall, a rootkit etc etc..
Also what about putting users at jail? (not allowing them see other dirs except theirs) how can i do that?
Also what about dont allow users use some commands like dmesg, ping, traceroute, and also how can i make them when they do ps -aux to only see their processes (to not be able see the other processes from other users..)
When I try to change a domain name preference from www to non-www i am getting the error
"Error: No secure shell available"
I am using plesk 12 ....
I have several question for make shell hosting company:
1. Most of shell hosting company using FreeBSD, why?
2. Is it possible to use linux as OS for shell hosting company?
3. How to secure linux OS for shell hosting company?
Anyone know where i can find shell hosting in Atlanta?
View 0 Replies View RelatedDoes anyone know if the popular shared hosting like Host Gator or Dream Host allow shell access?
View 14 Replies View RelatedI know there are so many similar threads related to this issue in this forum, I know but my situation is a bit different from other guys, please read the following lines,
I've got a forum with approximately 100 users concurrently, now I'm looking for a shared hosting with relatively high simultaneous MySQL connections number at least 50 and also allows Shell access to dump or restore the MySQL database. but the main problem is lots of US hostings do not host Iranian I dunno US government has problem with Iran's government but I can't understand what's my guilt in this debate?
A friend is looking for shared hosting with secure ftp, or pgp encryption or both. Do you know of any host that offers them? Would a vps have these features?
View 5 Replies View RelatedI'm looking to set up some custom monitoring stuff that ties into my existing systems, so that's why I'm not looking for established monitoring services.
I'm looking for a shared environment where I could ping and trace to my equipment, either from cron or a background daemon which I'd write in perl, python, etc.
I'd also want it located somewhere on the left coast or Texas.
Does anyone know any hosts that would meet the above?
We have several VPS's reselling shared hosting, and as we grow our shared hosting operations, I've realized how its almost impossible to have every user, developer or who ever is accessing our shared accounts to properly lock down their scripts eg set proper permissions... But what I don't get is how larger shared hosting providers (which we plan on becoming) fully lock out homedir/User A from being able to access, view or write to homedir/User B's files no matter if User A's executed scripts, processes, protocols is requesting User B's files...
In a shared environment you can't rely on your customers to lock down their stuff and they are trusting you to take reasonable precautions to protect their stuff at the same time... This should be basic security but its almost impossible it seems to achieve in a shared env.
Obviously there are VPS's with completely isolated layers but in a shared env it shouldn't be too big of a request to have one persons stuff not easily visible by another person no matter if SSH is being used or a script of any kind.. bottomline... think of a hotel ... a "shared environment"... one guest can't just go in someone else's room easily. The hotel owner ensures that guests rooms are not available for other guests to access, this is a reasonable policy and the hotel owner would be in deep s**t if other guests had access to other guests rooms....
Here are the reasons why I think "secure shared hosting" is essentially a paradox...
1. False sense of security - SuPHP, Suexec, open_basedir..
Problem is even if you're using SuPHP or open_basedir or other security practices, someone on that server could still possibly "view" other users files which could include database config files and other files that you wouldn't want someone to read/access. These files could include xml, dat, txt etc any other file that a user might not want another user in another homedir to access that isn't protected by SuPHP or SuExec...
2. People often say.. well its your users responsibility "Rely on your end users to choose proper permissions for their files"... This is like relying on your hotel guests to deadbolt their door instead of having an autolock on their door when they close it.
I'm sure your clients would expect you to "section off" their account reasonably from another user however these doesn't seem possible at least with Apache that requires "nobody" to have to access files... And the problem is you can't rely on your users.. Besides, most open source scripts (WP, Joomla, Magento) and people here in this forum recommend 644/755 permissions as being the ideal permissions for most files/folders however if a user makes all of their files 644/755 other users can still possibly access those files.. You still would be giving world-readable access... Many people still use PHP as an Apache DSO, so under normal circumstances where scripts are installed in pub_html a user is FORCED to use world-readable permissions on their config files for their apps to run. For instance with our cPanel install, when we provision accounts in WHM, it creates .htaccess files with 644 permissions .. well why would it do this if .htaccess shouldnt be read by other users .. same goes with xml files, or other non-php/cgi files outside or inside the pub_html directories of a users homedir/ that shouldnt be viewable by world users...
Bottomline, until "world" readable/writable/executable permissions completely are ignored in a users homedir/ for not just PHP/CGI but for any file I think shared hosting security no matter what patches you have added to Apache or your system (Suhosin ,SuPHP etc) ... is a paradox... It shouldn't even be possible in any home dir no matter how responsible/irresponsible a user is for one user to be able to view another users stuff. The whole point and reason panels such as WHM or any panel uses the /home dir is to separate that users files/mail/etc from another users.. So, logically, there's no reason why a script would need access to anothers home dir/ knowing its a shared environment and on a shared hosting env it shouldn't be allowed to go outside of that users /home/ dir ...
POSSIBLE SOLUTION:
So I think a server admin should be able to enable a "mod_shared host" lets say in WHM or something that will get rid of global permissions eg there will only be 64 not 644 for any file in /home/<user>/... If someone chmods something to anything in Y ... XXY ... Y is completely ignored and set to 0...
If the server admin wants to override such settings, there could be an override feature but by default, just as PHP open_basedir restrictions settings in WHM work for PHP, the same should go for all files/scripts part of a home dir (any extension), under normal shared hosting shouldn't be accessible by any method (FTP, SSH, any apache module/process - CGI, Java etc) regardless of DSO, SuPHP...
Until then... How could large shared hosting providers sleep at night knowing that they are not protecting everything in their users home directories? This should be a simple and reasonable request that a user would expect when signing up for Shared hosting... Obviously there are other possible security leaks, breaches can occur but this should be basic security...
Shared hosting shouldn't be like open kindergarten cubbies with a curtain protecting the contents, instead, anyone signing up for shared hosting would expect their host to at least have a high school locker with a pad lock ....
Or am I missing something? Is there a solution already for this reasonable security practice of protecting users from each other user without referring them to a VPS or a dedicated? How do the big shared hosting operations have a large shared environments with hundreds of users on a box NOT allowing others to view/access other peoples stuff?
I've asked people on cPanel forums as well as our hosting provider, everyone has mixed responses and no real "answer" so I wanted to get your thoughts...
I don't know where to ask this question so hopefully I'm in the right forum. I have a friend that owns his own company and travels alot. He needs a place where he can store his work files (mostly document like word, excel, pdf, drawings, etc...) which contains very sensitive information. He need a place where he or the people in his team can transfer files and that he can setup access levels for his users. He need access to his files with a secure tool such as sftp or something else that you guys can recommend.
Also, since some files can be very large he requires a good transfer speed from everywhere in the world. He's looking at around 100GB of storage space and a very high transfer allowance. He will probably need to host his website also. Do you guys think it's better to host the files and website separately?
how to secure a windows and a linux server used for shared hosting?
View 0 Replies View RelatedDo any1 know how to change jail shell to normal shell?
View 14 Replies View RelatedI'm running a shared hosting environment and I'd like to know if it's even possible to secure the Apache while it's running mod_php. I know I could go suPHP with PHP-CGI, but that'd increase drastically the server load.
So what should I do to best secure the server?
So far now I did:
- Apache:
Installed mod_security and mod_evasive.
- PHP:
Set register_globals=OFF
Set disable_functions = ini_restore, popen, exec, shell_exec, system, passthru, proc_open, proc_close
Set safemode=ON
Set open_basedir to user's directory on virtualhost
Is that would be a secure environment for my users?
I work for a small web design firm with about 100 clients/domains and we are starting the search for a new hosting provider. We need a managed dedicated server with an offsite backup. We are also looking for a company that knows what they are talking about. If we have a Linux or server question they need to be able to give us a quick straight answer. Also, if they could help us transfer all our hosting accounts from our current server over to the new one that would be a BIG plus.
We have been thinking about Rackspace or 1and1.com but were wondering what the community thought. Any recommendations?
Who can recommend a secure/affordable video streaming hosting site to me?
Setting up a members video site.
Best if the web host can come with a ready members template and shopping cart/payment service where I can just upload my videos.
my server in under attack of shell
how can i find shell code in my server? (c99 ...)
is any anti virus or open source tools to find it
how can i disable shell function?
I have spare dedicated machine.
I want to allow user to run few processes on machine (debian etch).
I configurated limits at /etc/security/limits.conf for group "shell".
When I attached user to group shell, limits work well, but he still can look
everywhere on system. (he can do cat /home/somefile.txt, even owned by root).
Is there any method, software to limit user to acces only their home directories?
For security reason I have these php functiosn disabled:
show_source, system, shell_exec, exec, popen, proc_open, procopen, passthru
Can anyone please tell me whether if it will prevent shell scripts from working?
They can still upload the shells but cant read/write/execute commands in 777 directories?
I'm having a problem connecting to SSH/Shell on my server. I get the Login Prompt, but when i enter the User/Pass i just get "SSH-2.0-OpenSSH_3.6.1p2", everything under that is blank.
I've restarted the SSH Server and made sure the account i was using was set to use Normal Shell (not jailed). What could be the problem?
I was wondering if it were possible to chmod a directory that is set to a low number to 777 using a shell or command and if so can anyone point me in the right direction as to how to go about doing so ??? I am trying to learn a little and i pefer using my browser to edit files rather then a ftp client.
View 9 Replies View RelatedI was just wondering if anyone is aware of Linux VPS or shell account providers with servers that are physically located in Pennsylvania. The only two I've come across so far are Nocster and VPS Village.
View 2 Replies View RelatedI keep seeing web hosts where it says that there is/isn't shell access, etc. What's shell access and what do you do with it in/with a web host?
View 14 Replies View RelatedIs there a such thing? I use shell mainly for whois info, tracing, telnet for email issues, etc etc. Is there a 'toolkit' for such things?
View 6 Replies View RelatedI have a script that needs to be run from shell access, but I've never done this before. How do you access a script through shell? Is there software I need to download? Not even sure where to begin.
View 5 Replies View RelatedOne of our customers uploaded C99Shell script on my server, and he can access to another accounts,
I upgraded php to 5 but he can access with this script to another accounts yet, what should I do to disable this script or other one?
I'm trying to program a very simple shell script that does 2-3 things.
1) checks for the number of a script running say, "ps aux | grep php | wc -l" returns that number.
2) deletes temp files folders "cd /to/that/directory/; rm -fr *&" every 90 seconds IF that number in check #1 is below say 50....
and then have this shell script launched in shell every so often, not sure on the frequency but first is how to program in shell is a TIME DELAY....
We have customer who has account on our *nix box server and who wanna move to our h-sphere reseller platform because now he want to use asp and mssql.
If it`s .com domain, for example, I would be able to easy change NS1 and NS2, but since this is ccTLD (and we will wait 10-15 days) I need quick solution for DNS forwarding.
ns1.oldnameserver -> ns1.newnamerserver
ns2.oldnamesrever -> ns2.newnamerserver
se when I run ping for example, I have to have reply from new server.
I have shell access but I don`t know how to modify zone or named, since obviously I can not do this using whm.
I have never used SSH/Shell Access, but think I may want to. Can someone explain what it is, and maybe explain how to use it? My web hosting provider provides SSH, but I have no clue what to do.
View 10 Replies View Related