I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues?
I have hosting - php/apache - with Orchard Hosting, and I've been with them for many years and there's never been a problem.
Then, a couple of days ago I realised from my logs a text file had been put in a directory in my webspace without me knowing anything about it. I emailed my host and they said it could have happened by either:
1. someone using ftp and getting into my account
2. someone injecting PHP through a form on the site.
I've added some code to my validation to look for <? and fwrite keywords but I think it's secure! But in the logs, there's no visits to the pages where the forms are (one of which is AJAX powered) - so I'm not sure it's injection.
Is someone using some kind of anonymous connection to my FTP (which shoudn't work!) the most viable reason why this has happened?
I have a server is running windows 2003 enterpirse as WEB HOSTING. It don'nt configure to become Domain Controller. Anyone advise me that Should I do if this server will attached by hacker, virus or OS error,damage?
From some weeks I try to have a secure install for my Debian. THis server will be a shared hosting host so need special security but I don't know how to do this.
My requirement are :
- Apache
- PHP (mod, not cgi)
Actually, users can navigate into my server by using phpshell script. And someone put lots of file into /tmp directory so I tri to secure all of that but don't find good tuto for that; do you know where can i have some?
And what about php using cron so execute with php-cli how to secure it?
I'm a web designer trying to find a web host for a client. I've set up several clients, including the one in question, at IX and haven't had a problem until the other day, when my client's site was hacked. A redirect code was inserted, taking the user to a false site that installed a virus. The offending code was removed by IX but the client's experience with their tech support was less than satisfactory. I've seen similar stories on this forum and others.
I'm looking to find another host and have some questions about security on shared hosting plans. I understand that they're not completely secure but I'm wondering if certain hosts or certain servers are more susceptible to hacks than others? I see very little, if any, mention of security on sites of hosts offering low-cost, shared hosting plans.
Fewer low-cost hosts seem to be offering dedicated IP addresses. Is a shared IP address going to be less secure than a dedicated one?
My client's site is info only -- no ecommerce or user login -- so it doesn't have to be Fort Knox, but they shouldn't have to worry about it being hijacked either.
Lots of questions, I know. It's my first time posting on this forum, so be gentle.
I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:
Security 9/10 Bandwidth 7.5/10 Disk space 6/10 E-mails, backups, etc: 8/10 Cost: 7/10
I am in a shared hosting environment. Their php's setting does not have open_basedir set and safe_mode is off.
I was poking around their server and noticed that using some simple system() calls within a php script, I was able to access /etc/passwd and therefore access all their client's public_html.
I am currently calling them to let them know of the vulnerability. But out of curiosity, is it normal that I can read all the other site hosted? They do have config files with mysql pasword in it.
I've been reading these forums for a while now... a lot of very interesting and useful stuff. However, I've always been happy with the hosting of my site until recently, and have never had a pressing reason for wanting to change.
However, I recently had a four day outage to my site. The hosting company (which shall remain nameless, for now) put this down to a security problem which meant they had to take down the shared Windows server and go through all the sites on the server looking for the site that had bad code which caused the security outage. I also has problems with malicious javascript being injected into my pages prior to this.
I quote from the hosting company "Unfortunately this is a shared hosting solution and by its very nature, it means that poor code affects all sites on that web server. .... The vulnerabilities of ASP, MS-SQL and .Net are well documented." They then proceeded to try to sell me a dedicated server (which I believe will likely be too expensive for my needs).
I'm no expert on hosting, but this doesn't sound right to me. Is all Windows shared hosting afflicted with these kinds of security problems? or only when it's not set up right? I need reliability, but not absolute 100% bulletproof uptime if it comes with a dedicated server pricetag. I do need to avoid outages of a number of hours/days (!!) however
Hopefully one of the experts here can put me right I can't believe that Windows hosting security is that bad that no company can have a shared hosting product that avoids the aforementioned problems. What do you think?
MySQL 5.0 supports stored procedures -- but is it safe to allow shared hosting customers to have privileges to create them? If the procedures are global, does that mean that:
a) one customer could write a procedure which accessed another customer's data?
b) any customer could call a procedure created by a different customer?
c) any customer could override an existing mysql function in a way that would affect other customers?
d) any customer could write a function that bound to a system library and crash the entire server instance?
I normally hang out in the web design area, so it there is a related thread, please point me there.
I have been hosting a very small site with, what I thought, was a respectable local company. This morning I went to my home page and guess what - my friendly neighbourhood hacker paid me a visit. Gone (commented out) is my home page content, replaced with the following text:
I would like to report that your site is highly compromisable. Please review your hosts security settings. I would recommend changing though, they are a piece of ****. (I have not deleted anything. the original page is commented out but is still located in this file.)
This security message has been brought to you by Scorpian & AV.
How do I deal with this? If I get no response from my current hosting company on how someone got hold of my ftp password, I want to move my site, but how do I know the next company has better security measures? And what should these security measures include? Any tick lists out there for testing domain host's security?
My information: I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.
My Dilemma: For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.
So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"
How can I: 1) ...set their specific FTP to open to their directory only?
2) ...ensure that they cannot navigate to other folders on my server?
3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?
I have Parallels Plesk 12.0.18 with CentOS 6.5 (Final)
WAF is On, with Atomic Basic ModSecurity rule set.
I was wondering if my sites were protected and I went to the Atomic wiki.
When I run a test from a non-whitelisted system following these instructions (STEP 10) [URL].... I always receive 404 error with all of my sites.
I also tested with:
[URL]...
Results: The sites load normally. (the call not even appears in the logs)
I've unistalled and reinstalled mod_security several times with the same results.
Is there any "official" way to check if WAF is protecting Plesk 12?
I asked same question in Atomic forum and they said:
you'd need to ask parallels about this, we made the ruleset available to them, but they implemented it using their own design. They might not be using 403 error codes like we do.
I am a web designer, and have been doing this for about 5 years now and have never encountered such a problem. I had a problem come up a few days ago where one of my clients got into an argument with the Mavrick Team web hosting and computer services company's owner regarding services. She has reported to me that he went into her email account, and has emailed her clients false information about her services after their heated discussion. She told him that she was going to press charges. He told her that he had harvested all of her clients email addresses and will email them to her competitors if she does not back down. What can she do? I feel awkward as I am in the middle of it now. I was the one who referred her to Mavrick Team (aka as I host them) for web hosting services, and moved her site to their servers. This man has created such a big problem for this women now. Her clients are doubting her services and he is blackmailing her. She does not owe him any monies. She has forwarded two of the emails that her clients forwarded to her, so I know she is not making this thing up. I advised her to move all of her emails to a personal email account, contact all of her clients to let them know that someone has access to their info, and I am helping her move her site. Who can she report them to?
Now, before you say it, the real flaw is the compiler. But, that too comes from the usual holier-than-thou culprits. They can't fix it unless they fix the compiler.
And of course, there is the usual see no evil-hear no evil head in the sand approach to defending the honour of their little pet.
I'm not exactly sure if the above is the correct syntax, but the result was that two days later my current modsec_audit.log was Gzipped and a new modsec_audit.log was created.
The problem is that nothing was logged to this new file.
From the Plesk 12 control panel I turned off mod security and then turned it back on again and hey presto, the new logfile started to log events.
This leaves the problem of why nothing was recorded when the file was created.
After upgrading to Plesk 12 the FTP connection has become very slow. Mode Security, Fail2Ban and Plesk Firewall have been enabled, the security is set to force sFTP and maximum security and in /etc/proftpd.d/ a conf file has been added to set the passive ports that have been opened in the Plesk Firewall (60000 to 62000)
Turning off the Mod Security does not solve the slow connection.
What can we do to detect the cause of the problem?
I thought this problem was fixed in Plesk 11.5 but I'm still getting the following backup warnings in Plesk 12..."For security reason backup is performed on behalf of subscription system user...."
My phpbb forum creates cache files which have apache ownership and Plesk backup manager gives warnings that it cannot backup the files due to ownership errors.
I have searched for days for a solution without success. If I change the permissions to owner instead of apache the forums don't function correctly.
Is this a Plesk bug that is still evident in Plesk 12?
I'm switching to a new host, and their servers are Linux. What are some of the difference from a windows host that I should be looking for and adapting too?
