I want to setup a Windows 2003 security policy to filter traffic.
I want to let most of the world through to port 80 so maybe just ban a few nuicance IP's.
But then I have a POP / IMAP server, VPN, SMTP, etc that I want to block all but UK IP addresses.
I know I can do this through the MMC snap in but this is 1000's of IP's.
Is there a way I can import a list/range of IP's that I want to block from a country IP database?
Is it possible to use IP Security policies in Windows Server 2003 to help prevent types of DoS attacks? Today my server was attacked by a single attacker who merely connected and disconnected on open ports at an incredibly fast rate. This was enough to eat the cycles of the server processes effectively creating a DoS attack. I was hoping IPSec could help prevent this, but I'm open to use any other software as well.
View 4 Replies View RelatedI'm working on a php app that will be publicly released at a later point, that includes uploading functionality, but on my testing account, I get acces to /temp denied for permission reasons.
How normal is it for this type of obstruction to occur with webspaceproviders in general? If this is a fairly common policy, I need a solution of somekind. Perhaps uploadig the file temporarily to a folder on the users own webspace, instead of the location on the hosting server, being used by PHP by default (/tmp)
So I get this email today from SpamCop complaining about my server sending unsolicited bounce messages.
Well yea... thanks to spammers domain spoofing and sending spam to my server, my server finds that there's no address - so it replies to the spoofed address.
My question is.... what do I do about it? The spamcop site has this to say... Though if I setup the server to do something odd like not sending a bounce because it's "filed internally", how will legit people get the proper bounce response??
Problem: Misdirected bounces
Description: When a mail server accepts a message and later decides that it can't deliver the message, it is required to send back a bounce email to the sender of the original message. These bounce emails are often misdirected.
Solution: Upgrade and/or configure your mail server software so that this situation is never encountered. Configure your software to either reject messages during delivery or accept them permanently. Do not let your software make choices about delivery after it has accepted a message. If you must accept delivery before you know the status of a message, then file it internally - do not send, forward or bounce it outside your organization. The errant message can be placed in a special folder or routed to your postmaster.
I don't have too much experience with different providers, so I need to ask this:
I'm creating a set-up/installation script for an application I will be releasing to the public at some point where I would like to autogenerate it's set-up (tables, users etc.) to the largest extent possible. I just tried out my script on a testing account and the automated creation of a limited MySQL user with GRANT failed, due to lack of permissions for doing that with this particular provider. My question is this:
What can I safely - on average - automate through a set-up script for a webapplication running in a shared envrionment and what will usually be disallowed by the average provider? Plesk allows me to create a new user through it's web interface, but it doesn't (as far as I can see anyway) allow the individual setting of permisssions for that user, making it very hard to follow the security policy of "least priviledge"...
Stuff that I'm thinking of is: Table creation, folder, file- and user creation.
Has anyone wrote custom SELinux policies for their cpanel server?
View 1 Replies View RelatedSameerHosting has been the biggest mistake I have ever made as far as purchasing a service online is concerned. This fake company and more importantly their Owner/Employee/[Insert Job Title Here] Jordan has been the most nasty, hard to work with, and distasteful person I have ever dealt with in my life. I recommend anyone to stay as far away from this company and child as possible. Below are parts of an initial post of mine at DP Forums. There are so many posts, threads, reviews and this kid and his fake company out there that you shouldn't have any trouble finding out everything that has occurred in the past 1-2 months. Thanks for your time:
I had purchased a dedicated server with this guy not realizing he was a 14 year old kid with a bad temper and poor spelling. I paid for the server and he managed to get into an argument with my tech about something (its in that thread). He then got mad at me and took out his anger on me even though I had no idea anything had happened until after the fact. He involved me in something I had no part in.
I have discussed this guy so many times that I am tired of talking about it but will give you a summary of what recently happened. Jordan pmed me through this forum through one of his other (now banned) accounts. This kid knows he will be banned from most forums and makes a handful of accounts to fall back on. He offered to give me a refund if I tell my tech to stop posting about him. Of course I did what he had asked me to do.
I have been honest and given him far to many chances to make right. Well, he ended up telling me I am no longer getting a refund from him because my tech keeps messing with his servers (which I doubt is actually happening). I am being punished again for something that does not have anything to do with my actions. He has now block me from yahoo messenger,msn messenger, his live chat.
Since I posted this on DP I have been in contact with his legal guardians and they have been no help.
Jordan has messaged my Personal Billing details to many of his customers and others along with edited defamatory pictures of someone that is supposed to be myself. That is totally illegal and childish. He did this because I spoke against his scam company and illegal wrongdoings.
If anyone has had bad dealings with this company please post everything that has happened in this thread and also PM me and I can give you the e-mail of the people who take care of him and you can tell them what he has done. He needs to be stopped.
Again, it is very important to post in this thread with information about what he has done to you, the more info the better as these people will possibly listen to me and others.
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.
My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.
Is there any problems with having duplicate rules in different files as I have downloaded some rules and am going to make them all into one file to give me the best protection, but this is going to take time and I really need some sort of protection now
View 2 Replies View Relatedafter install ConfigServer Firewall i get the following ...
ConfigServer Security & Firewall - csf v2.89 >>
PHP Check >>
Check php for register_globals >>
WARNING >> You should modify the PHP configuration (usually in /usr/local/lib/php.ini) and set:
register_globals = Off
unless it is absolutely necessary as it is seen as a significant security risk
must i modify it?or not? put in ur consideration i tried to download it to modify an error occured!
I am on a shared server account with Lunar Pages basic hosting plan.
The only script file I have up running is db Masters FormM@iler. It runs on Cpanel. I deleted whatever other scripts I could find on my server. The site is just basic html pages with jpgs and a gif.
Is there much else I really need to do to secure the server or is that more in Lunar Pages' hands?
If there is still more I can do to secure the server, and is it a small amount that's easy to do or would it be wise to just hire someone else to put in a few hours making sure everything is truly set up securely?
I have a vps that has been exploited, and the hosting company is giving me advise on what to do to fix the security problems, but i need a good server administrator/company to help me with this. can anyone recommend a company that will go thru my server,
View 8 Replies View RelatedI'm inheriting a website that is currently a mess. It was designed in Joomla, but everything about the site by the original designer, is completely a mess. Files weren't placed in their proper directory hiearchy, the site has been hacked into a few times...basically a big headache.
I'm willing to learn and my first goal is the redesign the site. Currently, I'm looking at choosing a CMS or just rebuilding it in Joomla. The problem is that the site is a big part of the business, so any down time is not good.
I have some questions I hope you experienced folks can help me with...
Does CMS choice have any bearing on whether or not its a security vulnerability? If so, which one's are "less a target" of getting hit?
I just want to design the site from scratch and make it secure as possible from suggestions on various forums. I don't want to be a security admin, but is that what I'll end up having to do to run a site like this?
What are my options between "doing it myself" vs "hiring a third party"?
The company is right now in a tween stage. Fast growth but not enough to hire a security guy, based on my talks with the CEO. I disagree with this, but what can I do in the meantime to plug the site holes?
I'm almost wanting to go commercial so I don't have all the headaches, but the company wants to save money. What can be done in those situations?
Before I go out and spend money on books, what do you recommend I buy to start getting my feet wet in what may become a future in IT security?
This is from someone who's just inherited a dedicated server with a swiss cheese website. What is the first order of business for someone who is in the dark and will not get much support in regards to spending more money?
how do I secure my site "on my own"?
I noticed that my vps had utilized 250 gig of traffic in one day [i average 5 gig per MONTH] with cpu usage of close 100%; my hosting company pinpointed one php file which had allowed an outside varibale to be placed in "include" function so that the outside php code was being run;
Is there any program/scripts that can immediately email me if cpu usage stays high
the nic card is being utilized too much memory usage exceed certain levles this way, i would know i have been hijacked in time and try to find the culprit i use knownhost with cpanel/linux mysql and php.
i have an unix server [don't know what version i think it's FreeBSD ]
[url]
and i use WS_FTP to upload the files to my server.. but i have a big problem all my files are encrypted with some problems but when people use getrigh browser or some kind off program to acess my server instead of a normal browser it appears the list of files i have upload and they can download them and when i set password for images etc it's all safe, but people can't acess parts of the site without password... i want to know if there's some way of protect my file without interfering with the normal browser acess.
when we run server with shared hosting. we mostly facing issue os security like c9shell scripts.. as well as ppl hacked database or changed index.html. we do enable php open base dir as well as mo security firewall we do search which user is using find command who is uploading file... but is there any other way to secure server for such hacking issue..
View 5 Replies View RelatedI have run rkhunter and got message saying that /bin/dmesg [BAD]
# rpm -qf /bin/dmesg
util-linux-2.12a-16.EL4.20
# rpm -V util-linux-2.12a-16.EL4.20
.M...... /usr/bin/chsh
It looks like RPM damaged? How can I confirm it?
When securing a vps system, do things like Enable Shell Fork Bomb/Memory Protection use much memory or any other secuirty measure?
View 3 Replies View RelatedWe have a e-commerce web site that has the latest shopping cart software ( that is known to be secure) ssl cert, etc.
We got a call today from a guy who says that he used his brand new card on our web site and that the card was stolen and used on anothoer site within hours. We have checked every file on the web site, logging into serevr root and checking everything and cant find any evidence of a hack or security breach of any kind.
can someone recommend a reliable company that can go in and check things out for us to see if they can find anny security issues, or evidence of a breach? There must be a company out there that does this sort of thing
I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues?
View 6 Replies View RelatedFor security reason I have these php functiosn disabled:
show_source, system, shell_exec, exec, popen, proc_open, procopen, passthru
Can anyone please tell me whether if it will prevent shell scripts from working?
They can still upload the shells but cant read/write/execute commands in 777 directories?
I have a Linux server in which i have two NIC's one is for the LAN and other is for the Internet
[root@nebula etc]# ifconfig
eth0 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
eth1 inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
How can i test security between the Internet Nic and the LAN Nic to be sure no security leaks exist.
I can only access the server remotely no GUI but can install packages.
I am getting more into it and looking for the best way to harden it and secure it. Also some information about what processes to turn off and how to better setup my IP Tables.
View 8 Replies View RelatedSo I've been using WHMCS for a while, and there's something I'm a little concerned about with the whole keeping customers credit cards for recurring payments.
I've downloaded a backup copy of the database and I see that the passwords and credit card information is encrypted. That's all nice and handy but the CC hash is also stored right in the configuration file. That means that if someone gains access to the server and just grabs the database + config file they would then be able to view all that info correct? Maybe someone who knows a little more about WHMCS can tell me if this is correct or not?
I'm running CSF on a Cpanel server and have questions about new features in CSF
Apache Check
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Results
Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Can someone explain this in laymen terms? I know this is new in Cpanel. I'm already running Apache 2.2, PHP 5.2.9 with suPHP enabled and mod_security as well (these rules: [url]
Also, what exactly are these CSF checks?
Check csf PT_SKIP_HTTP option
This option disables checking of processes running under apache and can limit false-positives but may then miss running exploits
Check csf SAFECHAINUPDATE option
This option closes a window of opportunity that opens when dynamic chain updates occur
I am facing some major SPAM problems.
I am a web host from the city of Kolkata, India.
Almost 95% of my clients are from my city - others are also known to me. I know many of them face to face - there are very little chances that any of them are SPAMMER.
Still my server IP is blacklisted - several times in last 1 year - I changed my datacenter - but the problem still persists.
I'm running CentOS 5.x and DirectAdmin and wondering how to do the following:
- Disable compilers and other known binaries. Should I chown WGET 550?
- Prevent Shell Fork Bombs
- Best way to create partitions for tmpfs, tmp since my host forgot them?
- Any other tips on securing a DA based server? (I already have taken care of the whole SSH side of things)
Is this the correct setup?
DNS Server 1:
allow-transfer { 127.0.0.1; Server2; };
allow-recursion { 127.0.0.1; Server2; };
recursion no;
DNS Server 2:
allow-transfer { 127.0.0.1; Server1; };
allow-recursion { 127.0.0.1; Server1; };
recursion no;
BOTH hosts file:
order bind,hosts
nospoof on
spoofalert on
multi on
I haven't really messed with FreeBSD very much, but I'm picking up a FreeBSD server and needed to know of a good free firewall for it.
On my CentOS/Debian servers I use CSF and have had good luck with it, so I would like something like that if there is one out there.
The VPN service owner can he track and know all his customers activity
I mean let's say am a customer and I bought VPN subscription and then logged in with my new vpn ip and I login to my email , in that case the VPN service owner can he read know my email password or other sensitive data like if If I login to myspace.com can he know what password I used using his vpn server logs?
