Linux Server Security Scanner

Apr 28, 2008

i have managed server. just i want sure if it is secured.

i want company to test my server, Security Scanner.

and give me report about my bugs.

View 7 Replies


ADVERTISEMENT

Secure Server From Scanner

Dec 4, 2008

i want to secure my server that scanner tools can not scan my site . because of one of my site is very important to do not scan of folder.

my server os : linux Centos 5

View 3 Replies View Related

Virus Scanner For Unix Server?

Aug 27, 2007

I wonder which virus scanner software is useful for Unix server(Centos 4.5). One of my client install SMF forum and when visitors access the forum,their virus scanner warn that site is affected by trojan. I used Clamav to scan entire home directory but seem nothing found.

View 4 Replies View Related

High Security Issue For Linux Server (New Methods)

Aug 22, 2007

What are new methods to High secure a linux server ? (For webhosting company)

Please write something you know for Linux Security Methods (New version of OS).

View 14 Replies View Related

Joomla Security / Linux Security

Apr 4, 2008

I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.

When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.

However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.

Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.

View 10 Replies View Related

EXploit Scanner (cxs)

Nov 6, 2009

CSF install the new version, I warned that the option Check for cxs. I had a few questions!

1 - is it free? And can be installed and will work?

2 - I like these things are additional to the installation?

3 - a bit about this new possibility to explain how to solve the case to get out of the red.

View 14 Replies View Related

Formmail Scanner

Jan 4, 2007

Does anyone know any open source tools that will scan cgi programs for exploits? Specifically for exploitable formmail scripts.

View 0 Replies View Related

What Email Scanner Gateway

Apr 10, 2009

What type of free email scanner gateway that you are using? I am using SA, Clam and Qmail. It's a little old and w/o the GUI for client to manage the settings.

I'm thinking to switch to something with GUI. Perhaps the combination of Exim, SA, Clam, MAilScanner and a GUI.

View 0 Replies View Related

Illegal Content Scanner

May 20, 2009

While reading a lot of posts and blogs about hosting, I just wanted to ask if someone has an idea on how to find files with illegal content.

I just tried a few bash scripts, but if there are a few thousand files, most of them stop working or produce server loads that stop the whole server.

Is there any software already out there or any script to scan the content on server for phrases?

View 12 Replies View Related

ClamAV Scanner Resource Intensive?

Oct 22, 2006

I would like to know how resource intensive is ClamAV Scanner. Should I allow it or not to my VPS clients/resellers?

Can I set it to use it as root? How?

View 0 Replies View Related

How To Block Acunetix Scanner With Mod_security

Aug 12, 2007

Anobody knows appropriate rules to block Acunetix scanner to crawl my sites?

View 8 Replies View Related

File System Vulnerablity Scanner

Feb 20, 2007

Are there any vulnerability scanners that search the local file system for vulnerable apps?

I don't need an external scanner. I want to scan all my users home dirs for bad apps - old coppermines, phpbb, etc.

I've not been able to find anything like this.

View 4 Replies View Related

Google Dork Scanner - Find Vulns?

Mar 25, 2008

Anyone use this poorly coded thing?

Goolag Scanner coded by CULT OF THE DEAD COW/cDc communications

Ive been using it for a bit, but i don't have any vulns on most of my box's.

Anyone else find this thing effective?

Ive passed it onto a few clients, seem to entertain them doing there own basic google powered security scans.

Here is a quick download; Goolag_Scanner_1.0.0.40_Setup.exe

Ive pulled a few results on other large sites, some interesting data thats spread out on google, strange how the crawlers get into it?

1.2 Software

To understand Goolag Scanner, it is important to understand how "dorks"
work (see 1.4) and with that, to establish the use of dorks as an
acceptable tool for information security experts, penetration testers,
and practical paranoids.

1.4 Terms And Abbreviations

* Dork = A detailed search pattern - heretofore used with Google's
search engine - that uses Google to show untapped results for web
sites previously indexed by Google.

The intention of a dork is to find results that might show
information relevant to security issues and/or confidential data.

From our point of view, dorks are not limited to Google. Frankly,
they are malicious patterns that apply to most search engines.

* gS = Goolag Scanner

* cDc = CULT OF THE DEAD COW/cDc communications

View 3 Replies View Related

Emails Not Displaying Mail Scanner Headers

Sep 14, 2008

i installed the latest version of the mail scanner on my linux server. It has been tested to be scanning and running properly. But one thing that is unusual is that the emails that is being processed by the mailscanner does not get tagged as its being processed by it. Hence i do not really know whether it has been processed.

When i check the email full headers, i am missing information like spam score, spam information and spam status. I did a check in the mailscanner.conf and the configuration was done correctly.

how can we set these information to show on the email header that it has been processed.

View 2 Replies View Related

Linux Hosting And Security

Jan 20, 2008

About next week, I'll put a Linux box on the web.

Could anyone suggest what kind of security measures I could implement?

Iptables:
- Protect against DDos?
- Protect against certain worms?
- Protect against flooding?

Services:
- Protect against constant dictionary attacks based on ports?

Pretty much any experience you could put down in this thread would be invaluable.

Also mod, if this shouldnt be here. Feel free to move, Im not sure where it should go!

View 9 Replies View Related

What Is The Best Security Software For Linux

Feb 29, 2008

What is the best security (antivirus/firewall) for a linux web server?

View 4 Replies View Related

Plesk 12.x / Linux :: How To Test WAF (mod Security)

Oct 8, 2014

I have Parallels Plesk 12.0.18 with CentOS 6.5 (Final)

WAF is On, with Atomic Basic ModSecurity rule set.

I was wondering if my sites were protected and I went to the Atomic wiki.

When I run a test from a non-whitelisted system following these instructions (STEP 10) [URL].... I always receive 404 error with all of my sites.

I also tested with:

[URL]...

Results: The sites load normally. (the call not even appears in the logs)

I've unistalled and reinstalled mod_security several times with the same results.

Is there any "official" way to check if WAF is protecting Plesk 12?

I asked same question in Atomic forum and they said:

you'd need to ask parallels about this, we made the ruleset available to them, but they implemented it using their own design. They might not be using 403 error codes like we do.

View 13 Replies View Related

Linux Security Threat - More Sloppy Coding

Jul 19, 2009

[url]

Now, before you say it, the real flaw is the compiler. But, that too comes from the usual holier-than-thou culprits. They can't fix it unless they fix the compiler.

And of course, there is the usual see no evil-hear no evil head in the sand approach to defending the honour of their little pet.

View 1 Replies View Related

Your Favorite Security Tools For Your Linux Web Servers

Nov 18, 2008

Your Favorite Security Tools For Your Linux Web Servers

Just wanted to know what all you guys favorite tools are for your Linux Web Server Setups

View 7 Replies View Related

Plesk 12.x / Linux :: After Mod Security Logrotate New Log Is Empty

Jul 6, 2014

Plesk 12 on Centos 6.5

I added the following to my /etc/logrotate.conf

/var/log/modsec_audit.log {
missingok
daily
rotate 4
compress
}

I'm not exactly sure if the above is the correct syntax, but the result was that two days later my current modsec_audit.log was Gzipped and a new modsec_audit.log was created.

The problem is that nothing was logged to this new file.

From the Plesk 12 control panel I turned off mod security and then turned it back on again and hey presto, the new logfile started to log events.

This leaves the problem of why nothing was recorded when the file was created.

View 2 Replies View Related

Plesk 12.x / Linux :: FTP Very Slow (with Firewall / Mod Security Enabled)

Jun 26, 2014

After upgrading to Plesk 12 the FTP connection has become very slow. Mode Security, Fail2Ban and Plesk Firewall have been enabled, the security is set to force sFTP and maximum security and in /etc/proftpd.d/ a conf file has been added to set the passive ports that have been opened in the Plesk Firewall (60000 to 62000)

Turning off the Mod Security does not solve the slow connection.

What can we do to detect the cause of the problem?

View 3 Replies View Related

Plesk 11.x / Linux :: Add Strict Transport Security (HSTS) To Panel

Mar 4, 2014

I have tried this on Plesk 11.5 and Plesk 12.0.10 Preview running on Ubuntu 12.04.4 LTS...

Locate the file

/etc/sw-cp-server/conf.d/plesk.confClick to expand...

View 3 Replies View Related

Plesk 12.x / Linux :: Disable Outlook Or Thunderbird Security Warning

Jul 12, 2014

How can I do to send email without the security warning?

I want the clients sending mails no longer have a security warning.

I tried with SSL port 465

I tried with port 587 TLS> Mail settings for the entire server> Enable Send Message

View 1 Replies View Related

Plesk 12.x / Linux :: For Security Reason Backup Is Performed On Behalf Of Subscription System User

Aug 24, 2014

I thought this problem was fixed in Plesk 11.5 but I'm still getting the following backup warnings in Plesk 12..."For security reason backup is performed on behalf of subscription system user...."

My phpbb forum creates cache files which have apache ownership and Plesk backup manager gives warnings that it cannot backup the files due to ownership errors.

I have searched for days for a solution without success. If I change the permissions to owner instead of apache the forums don't function correctly.

Is this a Plesk bug that is still evident in Plesk 12?

View 10 Replies View Related

Server Security

May 21, 2009

I'm running CentOS 5.x and DirectAdmin and wondering how to do the following:

- Disable compilers and other known binaries. Should I chown WGET 550?

- Prevent Shell Fork Bombs

- Best way to create partitions for tmpfs, tmp since my host forgot them?

- Any other tips on securing a DA based server? (I already have taken care of the whole SSH side of things)

View 3 Replies View Related

Server / PHP Security

Feb 27, 2007

One one of our (linux) servers spammers are king. they apparently can control anything and place spam links throughout the files.

For example spammer inserts Iframes either above or below HTML tags. (some step57 related type of virus/trojan as it seems)

Our programmer did not find where the problem is in our applications, yet he is not a security expert.

Our server admin company made us install phpuexec, we apparently have been checked on the server end and have mod_security, but we still don't know what's going on...spam continues.

View 6 Replies View Related

Server Security

Oct 9, 2007

Trying to determine what I want to put on my server for security. I have secured my /tmp, /var/tmp, and /dev/shm. I am now contemplating mod_evasive, mod_security, and/or APF Firewall.

1.) Should I install all three, or will APF Firewall, provide the same or similar security as mod_security, or vice versa?

2.) Will they all work together without conflicts?

3.) Does installing these services have any affect on overall server performance?

4.) Any other services you might recommend installing and why?

View 7 Replies View Related

What Do You Think Of My Server Security

Aug 26, 2007

I have recently installed and configured my webserver. Since I think security is very important I am curious for recommendations, tips, etc.

My server:
-CentOS 4.4 (installed by provider)
-Apache 2.0.52
-Php 4.3.9
-MySql 4.1.20
-No FTP
-Mod_security is running

The firewall that comes with CentOS is switched on and allows the following ports: http, ssh, smtp.

I have installed sendmail, but it is turned off by default. I need it approx. 3 times a week for 15 minutes or so and will turn it on then.

I have barely any budget so hardware firewalls etc. aren't an option.

Furthermore it's a basic server, just like my knowledge, so advanced things like IDS aren't an option.

View 14 Replies View Related

Server's Security...

May 8, 2007

i want to know how can they make the directory ( u--------- )

take a look on this php shell

[url]

what i mean is they make the directory secure against any phpshell with that trick and they hide the hard disk space

how can i make this

my apache is 1.3.37 and i using fc5 and i have mod_security and cfs

View 6 Replies View Related

Server Security For Unmanaged Root Server

Aug 31, 2008

I am considering renting a server, but got one question first.

If I sign up for one unmanaged root server with a control panel, from a provider. And just put my website on the server, and let it run there.

Is that a security risk? Is it easy for people to hack into my server, or anything like that?

View 5 Replies View Related

Unix Server Security

Nov 6, 2009

My server has been hacked, I need you please to help learn about Unix server security to protect my server.

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved