I have about 7 hosting accounts, am a member of over 60 forums and have many other services that require passwords. Generally, I use the same or similar password. However, recently I have been getting more and more hacking of my sites going on and I worry if it is due to my password "system" (or lack of).
How do you go about creating your passwords, and remembering them?
I am intending to setup a network as the following:
NOC1:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server1
Server2
Server3
Backup Data Bank Drive
NOC2:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server4
Server5
Server6
NOC2 are backup servers. I will need to have whatever in NOC1 to be written to NOC2, i think is call IP mirroring or RAID , not too sure
My [url]is going to have nameserver1/2 to zoneedit. Zoneedit hosts reliable DNS servers. It also support something call failover.
So if NOC1 is down, i will switch to IP to NOC2 IPs.
Now, if i face a DDOS attack, i am suppose to switch to a DDOS attack managment company (with big bandwidth and blocking), is it as simple as switching the [url]to the DDOS attack management company using zoneedit and the company will than link back to my noc1/2 ?
How does it works?
Is the way i setup the network correct?
Any security risks with setting up server on home network? I would like to set up a computer running linux or xp as a computer on our home network. We have about 3 other computers on the same network.
My network manager says that it would be a security risk to the other computers on the network if I were to have the server running on the network. The server would be connected to a netgear wireless router and I would have ports 80 and 21 opened just for the internal ip address of the server. (for example, the server is on 192.168.0.3, and I had just the two ports open for it, while there were computers on 192.168.0.2 and 192.168.0.4).
The netgear router has a firewall built into it. Each of the other computers on the network have software firewalls. I would not have a firewall on the server, and I really don't care if someone hacks it. So, what at worst could happen? Would the other computers be at risk?
If you are a professional, I want your opinion also.
way to set up a user in passwd/shaddow to use no passwords. Not looking for keypair authentication or any authentication. just the abulity to run ssh <host> and I'm in.
Why - you might ask would I want something with no security? Because the shell that they are going to run is going to lock their IP out. This is a trap for SSH hackers allowing them to log in with any password/no password and immediately drop into something that runs iptables to kill their IP instantly. So I'll create a number of dummy accounts with names hackers try and it's a trap.
I'm planning on buying my first domain in order to host various sites of mine in one place. I like the idea of subdomains to separate them, but I was wondering... Is it possible to access different subdomains using different passwords? I'm planning to let a friend of mine use a subdomain to host a site of hers that's related to mine, and I'd like it if she had the security of a different password. I just want to know if I can even do this, and if so, what hosts offer this option?
View 9 Replies View Relatedfor a one-time password system to help us secure some systems... we've looked at RSA SecurID but the software licenses are way too expensive.
Is there any reasonably priced one-time password system that we can use to secure SSH and access to internal systems? We'd like something with a keychain device that will generate the password.
I'm very frustated 'cause i found a "****.txt" into my root directoriy of my server with a lot of usernames and passwords (24Mb)
Example:
<<removed, as they might be active accounts>>
I just put here the first lines but I have yahoo, hotmail, facebook passwords etc ...
This is probably a long shot, but is there a workaround way to be able to edit passwords for addon domains in cPanel 11? Apparently you can only manage redirection or remove: ...
View 1 Replies View RelatedToday we received an email saying that the admin password for the server had been changed by them and that we should log in and change the password again ourselves.
49pence have provided no explanation as to why the password was changed and despite multiple requests have refused to give any kind of explanation. I've also asked to speak to a manager and this request was denied (well, more ignored and I was given the same line that they cannot disclose why they changed a customers' password).
And now after creating a Joomla! site for a school that will be moving to my server from a local small isp that doesn't have a control panel (just a screen to allow users to set-up their email name and pwd) I'm stuck with trying to figure out how to set up their email accounts with their current password.
There are about 40 accounts that I can add manually, but when I change the nameservers, these teachers and staff are going to be at a loss as what to do; like I am at the moment.
From time to time all the POP3 user mailboxes get their password reset and users can't access their mail. I have to go in and manually reset each users password.
Why is this happening and how can I stop it?
I got up today, went to check my emails and received invalid passwords on all my email accounts. I then went to check in the CPanels and get the same error when I try to login.
Then I try the root and same thing!
BUT all my linked FTP accounts work and the sites are online and working. One is giving a 500 error (cgi program) but besides that, they are all online w/ no changes.
My "host want to do a OS reinstall and let me try and restore my sites from a slave drive. I think thats stupid and shouldnt be needed.
They also automatically say I was hacked...Sure a hacker changed all the cpanel and email passwords but worked it so the linked FTP accounts would work and didnt take any sites offline.
I have setup a test server at home, Datacenter edition 2008.
Now, is there a way to allow only a certain username and password combination to access an FTP session/site?
to change all passwords for user account on cpanel server. Is it possible to do it automatically by using some cpanel script? Also I need this information stored in one file in order to know new passwords.
View 4 Replies View RelatedI'm getting a big problem on my server.
From 1 week until now I got 4 spam attacks. The attacker is the same, because the emails sent are iqual.
The technique is also the same, they use an email account (compromissed password) and send emails through smtp server.
When I detect the attack, i do:
1. identify the compromised account
2. Change password from the compromised account
3. Stop qmail
4. Clear queue with qmail-remove
5. Start qmail
The problem is that they already used 4 diferent domains since the first attack. So, here is my problem, how do they discover the passwords?! How can I solve this problem? I have hundreds of emails accounts and can't change it all.
CentOS release 5.10 (Final)
Plesk 11.0.9
Why can i login with two different passwords for the user admin in plesk control panel?
View 1 Replies View RelatedCame across an answer within google, but wanted to make sure I have an updated tutorial to prevent crashing the mysql and or server as others did.
How can we reset all customer account passwords at once, whether it be a preset one and or random?
I am having a Plesk server and when I scanned it with tools like OpenVas, It detected the following vulnerabilities with CVE acronym. As the corresponding ports and services are being controlled by Plesk, I require to patch it.URL....As you can see this vulnerability has been hit on port 106. I checked the Plesk server and found the port 106 being used by service "poppassd". This was nothing I installed and came along with the Plesk installation. Hence just wanted to make sure whether it has a patch from Parallels. As per my investigation this service is used for changing mailbox passwords and I am currently using Roundcube client. How to patch this vulnerability.
As per the solution in pic, the vulnerability "SMTP antivirus scanner DoS" can be resolved by upgrading or installing anti virus for Plesk mail server. I am ready to buy Dr.Web or Kaspersky from Parallels. But wanted to make sure whether any of the above antivirus can resolve the vulnerability.
cat /usr/local/psa/version
11.0.9 CentOS 6 110120608.16
I moved from a host to another and wanted to restore/use the email adresses that are already saved on my old host account.
I did a full backup by using Cpanel's wizard and saved it on my computer. Extracted everything and then by using FTP I have put all the files on my new server which is using Cpanel as well.
Although all email adresses are now visible in my Cpanel the old passwords will not work anymore......
We use our own backoffice for remote logins. Passwords for panel login are encrypted. Is it possible to remove the option for customers to change their password for panel login so they will stay in sync with our own backoffice?
If it's not possible, is there a way to decrypt the panel login passwords, like there is for the admin-password (/usr/local/psa/bin/admin --show-password)?
I need to be able to access email passwords in plain text (not encrypted). I'm running with updates so as to not force encryption, which I'm told is a one-way deal. I'm going to have to go to new hardware soon, as I'm finding the hardware starting to fail.
I understand the "mail_auth_view" utility shows the passwords, and was wondering if it will decrypt them for you?
If not, how can I keep the behavior of non-encrypted email passwords so that the customer administrators still have access to them for their users? I know a new install forces encryption, which is why I can't do that. How can I preserve the non-encrypted passwords and move to new hardware? This seems to be a deal breaker for my customers.
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.
My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.
Is there any problems with having duplicate rules in different files as I have downloaded some rules and am going to make them all into one file to give me the best protection, but this is going to take time and I really need some sort of protection now
View 2 Replies View Relatedafter install ConfigServer Firewall i get the following ...
ConfigServer Security & Firewall - csf v2.89 >>
PHP Check >>
Check php for register_globals >>
WARNING >> You should modify the PHP configuration (usually in /usr/local/lib/php.ini) and set:
register_globals = Off
unless it is absolutely necessary as it is seen as a significant security risk
must i modify it?or not? put in ur consideration i tried to download it to modify an error occured!
I am on a shared server account with Lunar Pages basic hosting plan.
The only script file I have up running is db Masters FormM@iler. It runs on Cpanel. I deleted whatever other scripts I could find on my server. The site is just basic html pages with jpgs and a gif.
Is there much else I really need to do to secure the server or is that more in Lunar Pages' hands?
If there is still more I can do to secure the server, and is it a small amount that's easy to do or would it be wise to just hire someone else to put in a few hours making sure everything is truly set up securely?
