How To Security For A Hosting Server
Jul 19, 2007Which methods is need to protect a hosting server?
View 10 RepliesWhich methods is need to protect a hosting server?
View 10 RepliesI am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues?
View 6 Replies View RelatedI have hosting - php/apache - with Orchard Hosting, and I've been with them for many years and there's never been a problem.
Then, a couple of days ago I realised from my logs a text file had been put in a directory in my webspace without me knowing anything about it. I emailed my host and they said it could have happened by either:
1. someone using ftp and getting into my account
2. someone injecting PHP through a form on the site.
I've added some code to my validation to look for <? and fwrite keywords but I think it's secure! But in the logs, there's no visits to the pages where the forms are (one of which is AJAX powered) - so I'm not sure it's injection.
Is someone using some kind of anonymous connection to my FTP (which shoudn't work!) the most viable reason why this has happened?
I have a server is running windows 2003 enterpirse as WEB HOSTING. It don'nt configure to become Domain Controller. Anyone advise me that Should I do if this server will attached by hacker, virus or OS error,damage?
View 4 Replies View RelatedFrom some weeks I try to have a secure install for my Debian. THis server will be a shared hosting host so need special security but I don't know how to do this.
My requirement are :
- Apache
- PHP (mod, not cgi)
Actually, users can navigate into my server by using phpshell script. And someone put lots of file into /tmp directory so I tri to secure all of that but don't find good tuto for that; do you know where can i have some?
And what about php using cron so execute with php-cli how to secure it?
About next week, I'll put a Linux box on the web.
Could anyone suggest what kind of security measures I could implement?
Iptables:
- Protect against DDos?
- Protect against certain worms?
- Protect against flooding?
Services:
- Protect against constant dictionary attacks based on ports?
Pretty much any experience you could put down in this thread would be invaluable.
Also mod, if this shouldnt be here. Feel free to move, Im not sure where it should go!
I'm a web designer trying to find a web host for a client. I've set up several clients, including the one in question, at IX and haven't had a problem until the other day, when my client's site was hacked. A redirect code was inserted, taking the user to a false site that installed a virus. The offending code was removed by IX but the client's experience with their tech support was less than satisfactory. I've seen similar stories on this forum and others.
I'm looking to find another host and have some questions about security on shared hosting plans. I understand that they're not completely secure but I'm wondering if certain hosts or certain servers are more susceptible to hacks than others? I see very little, if any, mention of security on sites of hosts offering low-cost, shared hosting plans.
Fewer low-cost hosts seem to be offering dedicated IP addresses. Is a shared IP address going to be less secure than a dedicated one?
My client's site is info only -- no ecommerce or user login -- so it doesn't have to be Fort Knox, but they shouldn't have to worry about it being hijacked either.
Lots of questions, I know. It's my first time posting on this forum, so be gentle.
I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:
Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10
I am in a shared hosting environment. Their php's setting does not have open_basedir set and safe_mode is off.
I was poking around their server and noticed that using some simple system() calls within a php script, I was able to access /etc/passwd and therefore access all their client's public_html.
I am currently calling them to let them know of the vulnerability. But out of curiosity, is it normal that I can read all the other site hosted? They do have config files with mysql pasword in it.
I've been reading these forums for a while now... a lot of very interesting and useful stuff. However, I've always been happy with the hosting of my site until recently, and have never had a pressing reason for wanting to change.
However, I recently had a four day outage to my site. The hosting company (which shall remain nameless, for now) put this down to a security problem which meant they had to take down the shared Windows server and go through all the sites on the server looking for the site that had bad code which caused the security outage. I also has problems with malicious javascript being injected into my pages prior to this.
I quote from the hosting company "Unfortunately this is a shared hosting solution and by its very nature, it means that poor code affects all sites on that web server. .... The vulnerabilities of ASP, MS-SQL and .Net are well documented." They then proceeded to try to sell me a dedicated server (which I believe will likely be too expensive for my needs).
I'm no expert on hosting, but this doesn't sound right to me. Is all Windows shared hosting afflicted with these kinds of security problems? or only when it's not set up right? I need reliability, but not absolute 100% bulletproof uptime if it comes with a dedicated server pricetag. I do need to avoid outages of a number of hours/days (!!) however
Hopefully one of the experts here can put me right I can't believe that Windows hosting security is that bad that no company can have a shared hosting product that avoids the aforementioned problems. What do you think?
MySQL 5.0 supports stored procedures -- but is it safe to allow shared hosting customers to have privileges to create them? If the procedures are global, does that mean that:
a) one customer could write a procedure which accessed another customer's data?
b) any customer could call a procedure created by a different customer?
c) any customer could override an existing mysql function in a way that would affect other customers?
d) any customer could write a function that bound to a system library and crash the entire server instance?
I normally hang out in the web design area, so it there is a related thread, please point me there.
I have been hosting a very small site with, what I thought, was a respectable local company. This morning I went to my home page and guess what - my friendly neighbourhood hacker paid me a visit. Gone (commented out) is my home page content, replaced with the following text:
I would like to report that your site is highly compromisable. Please review your hosts security settings. I would recommend changing though, they are a piece of ****.
(I have not deleted anything. the original page is commented out but is still located in this file.)
This security message has been brought to you by Scorpian & AV.
How do I deal with this? If I get no response from my current hosting company on how someone got hold of my ftp password, I want to move my site, but how do I know the next company has better security measures? And what should these security measures include? Any tick lists out there for testing domain host's security?
My information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.
My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.
So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"
How can I:
1) ...set their specific FTP to open to their directory only?
2) ...ensure that they cannot navigate to other folders on my server?
3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?
I am a web designer, and have been doing this for about 5 years now and have never encountered such a problem. I had a problem come up a few days ago where one of my clients got into an argument with the Mavrick Team web hosting and computer services company's owner regarding services. She has reported to me that he went into her email account, and has emailed her clients false information about her services after their heated discussion. She told him that she was going to press charges. He told her that he had harvested all of her clients email addresses and will email them to her competitors if she does not back down. What can she do? I feel awkward as I am in the middle of it now. I was the one who referred her to Mavrick Team (aka as I host them) for web hosting services, and moved her site to their servers. This man has created such a big problem for this women now. Her clients are doubting her services and he is blackmailing her. She does not owe him any monies. She has forwarded two of the emails that her clients forwarded to her, so I know she is not making this thing up. I advised her to move all of her emails to a personal email account, contact all of her clients to let them know that someone has access to their info, and I am helping her move her site. Who can she report them to?
View 12 Replies View RelatedI'm running CentOS 5.x and DirectAdmin and wondering how to do the following:
- Disable compilers and other known binaries. Should I chown WGET 550?
- Prevent Shell Fork Bombs
- Best way to create partitions for tmpfs, tmp since my host forgot them?
- Any other tips on securing a DA based server? (I already have taken care of the whole SSH side of things)
One one of our (linux) servers spammers are king. they apparently can control anything and place spam links throughout the files.
For example spammer inserts Iframes either above or below HTML tags. (some step57 related type of virus/trojan as it seems)
Our programmer did not find where the problem is in our applications, yet he is not a security expert.
Our server admin company made us install phpuexec, we apparently have been checked on the server end and have mod_security, but we still don't know what's going on...spam continues.
Trying to determine what I want to put on my server for security. I have secured my /tmp, /var/tmp, and /dev/shm. I am now contemplating mod_evasive, mod_security, and/or APF Firewall.
1.) Should I install all three, or will APF Firewall, provide the same or similar security as mod_security, or vice versa?
2.) Will they all work together without conflicts?
3.) Does installing these services have any affect on overall server performance?
4.) Any other services you might recommend installing and why?
I have recently installed and configured my webserver. Since I think security is very important I am curious for recommendations, tips, etc.
My server:
-CentOS 4.4 (installed by provider)
-Apache 2.0.52
-Php 4.3.9
-MySql 4.1.20
-No FTP
-Mod_security is running
The firewall that comes with CentOS is switched on and allows the following ports: http, ssh, smtp.
I have installed sendmail, but it is turned off by default. I need it approx. 3 times a week for 15 minutes or so and will turn it on then.
I have barely any budget so hardware firewalls etc. aren't an option.
Furthermore it's a basic server, just like my knowledge, so advanced things like IDS aren't an option.
i want to know how can they make the directory ( u--------- )
take a look on this php shell
[url]
what i mean is they make the directory secure against any phpshell with that trick and they hide the hard disk space
how can i make this
my apache is 1.3.37 and i using fc5 and i have mod_security and cfs
I am considering renting a server, but got one question first.
If I sign up for one unmanaged root server with a control panel, from a provider. And just put my website on the server, and let it run there.
Is that a security risk? Is it easy for people to hack into my server, or anything like that?
My server has been hacked, I need you please to help learn about Unix server security to protect my server.
View 6 Replies View RelatedI have a dedicated server which I access via remote desktop.
The firewall is not enabled. What kind of security should I have on my server?
Ive read that if I enable Windows Firewall my remote desktop connection will be blocked & this will mean me having to contact the server company via phone etc.
Does any body recommend we3cares server management services?
I need a very simple server management and hardening job and dont want to pay much. (not for a hosting company)
Currently working on securing my server and i think I'm doing quite well until I asked myself the question, have I done it right? Is there anyway to actually test how secure my server actually is? I'd rather not just wait and see if someone can hack me to bring to light what I did wrong...I was also thinking of hiring someone to secure my server but then how do I know that they've done anything different to me?
Are there any scripts or programs I can run to test server security?
Is there any script or method where I can test my server security?
View 2 Replies View Relatedafter following the perfect server setup - centos5.2 guide I have setup a home server on my dsl connection and installed openfire with relative ease. I have a paid hosting server which runs my website but I want to have it access the userservice plugin of openfire to add/remove users (which is installed on my new home webserver).
After trying fopen and CURL to post GET data to my home server without any luck I did some reading and came accross the snoopy php class. The snoopy class now allows me to get the default apache test page on my home server but when i try to point snoopy to my openfire admin on port 9090 it throws up a timeout error (but i think this may be an error in the snoopy class?).
CURL and fopen allowed me to get data from google and some other sites but not from my home server.
what the way to protect dedicated server?
At present, My dedicated server have firewall and setting permision for each user/ data.
I have installed a anti-virus software.
I wonder that whenever my server can be hacked/ attached.
I'm in an environment where we have hundreds of users uploading content to a web site.
With the current system, someone could potentially run a command that would wipe out hundreds of files (and it has recently happened). We are currently looking at ways to improve security and prevent "accidents" by separating the public server into to parts.
A public server and a quality assurance server. Everyone would have access to the QA server, and the QA server would upload all changes to production.
I personally see the benefit, but don't see the problem being completely solved. Does anyone have any advice on this or link to articles or books that might help to set up a secure web server structure?
i have a dedicated server , some one else made the security for me, how could to be sure of its security? how could to be sure of all php functions contain risk are closed or disabled? how could to be sure of there are not any security gap?
way to understand and implement the steps.
I found a random proxy site running out of /var/www/temp. It seems to have been created yesterday, and I found about it via a DMCA notice from the planet. Is this apache's temporary directory? There was even an entry for it in the apache configuration and was running as a perl script out of its own cgi bin. I killed it and chmod'd it to 0. In the future, would setting permissions on this directory to non executable prove to be effective? Any idea if this type of breach is serious enough to warrant an OS reinstall?
View 9 Replies View RelatedIf I understand correctly, on the main physical server, we cannot install any firewall, so customers in VPS can open any port on their VPS. So, I am wondering about the security of the main server? What if someone can *hack* into the main server, and delete all VPS there? Is there any case like that before?
View 6 Replies View Related