Scanning A Site Against Intrusions And Security Holes?

Apr 21, 2008

What do you recommend for scanning a site against intrusions and security holes?

View 1 Replies


Somebody Is Scanning My Site For PhpMyAdmin

Jul 9, 2009

I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?

[Fri Jul 03 03:23:16 2009] [error] [client] File does not exist: /var/www/vhosts/
[Fri Jul 03 03:23:16 2009] [error] [client] File does not exist: /var/www/vhosts/
[Fri Jul 03 03:23:16 2009] [error] [client] File does not exist: /var/www/vhosts/ ...

View 14 Replies View Related

What I Must Do For Web Site Security

Dec 3, 2008

what i must do for web site security

im using CMS scripts some of my works what i must for more security?

View 3 Replies View Related

Security For E-commerce Site

May 27, 2009

I am in the process of designing a new e-commerce site for a small business and am pretty much figuring it out as I go along. I do know that it is crucial to have absolute security for any kind of monetary transactions. I am just confused as to whether I need a shared SSL, dedicated SSL, dedicated IP address or a combination of the above.

View 14 Replies View Related

Port Scanning

Apr 18, 2009

I have been receiving a lot of emails from LFD about this ip ( port scanning.

I get about 3+ of these emails a day letting me know that ldf has blocked the ip temporary.

I am now wondering should I be worried about this ip port scanning?

The ip is from the netherlands where my server is hosted and was wondering if its a coincidence or not?

View 11 Replies View Related

Website Malware Scanning

Apr 8, 2009

A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.

I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.

I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...

View 1 Replies View Related

PCI Scanning On A Shared Server (UK)

Aug 23, 2009

Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.

In particular, we're talking PCI compliance to use PayPal website payments pro UK.

From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.

Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).

View 6 Replies View Related

IANA Scanning Ports

Dec 3, 2007

My internet security software blocked port scanning from IANA
Internet Assigned Numbers Authority. Who is this and what are they doing scanning the ports on my computer.

View 2 Replies View Related

Avoiding Port Scanning And Brute Force

Oct 28, 2009

I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more..

I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one..

Just do a ping to or and then you will receive RTO message or Destination host unreachable, but actually the site is running well..

View 5 Replies View Related

Modsecurity Clamav Upload Scanning Doesn't Work

Jul 12, 2007

So I've been working on getting the modsecurity upload scan function to work for over 4 hours now and i'm done with this junk to say the least.

Using modsec 1.9
Cpanel 10x
Apache 1.3

in the modsec.conf

SecUploadDir /tmp
SecUploadApproveScript /usr/local/apache/htdocs/

All I get in the audit_log is:

Access denied with code 406. Error verifying files: Received no output from the approver script (execution failed?) "/usr/local/apache/htdocs/" ....

View 1 Replies View Related

Disable File Attachment Scanning & Extractinig At MailScanner

Mar 9, 2007

My main goal was stopping incomingo spam.. and MailScanner is doing a great work on that.. but, it is taking too much time extracting and scanning attachments... does anyone know how to disable scanning the attachments ?

This is my top output from MailScanner running:

12:10 3 MailScanner: extracting attachments

View 0 Replies View Related

FreeBSD: Sendmail To Exchange. No Scanning E-mail Process

Aug 16, 2007

I tried to configure Sendmail as e-mail MTA with ClamAV & SpamAssassin before my local network. I can send and receive e-mail but spamassassin doesn't filter them. Do you know where I should look for?

View 2 Replies View Related

Unable To Open Spam.scanning.rules - MailScanner

Mar 5, 2007

I was trying to install mailscanner on a cpanel box using chirpy's script [url], followed every step, until this:

[]perl -i
Unable to open spam.scanning.rules for reading: file or directory doesnt exist at line 115.
On the 115 line i found this:

open (IN, "</usr/mailscanner/etc/rules/spam.scanning.rules") or die "Unable to open spam.scanning.rules for reading: $!";
The file /usr/mailscanner/etc/rules/spam.scanning.rules just doesnt exists... maybe chirpy's script is not working well installing everything its needed..

View 5 Replies View Related

Plesk 11.x / Linux :: Cannot Create Pipe For Communication With Scanning Child

Dec 10, 2014

I'm running CentOS with Paralells Plesk bundled Paralellls Premium Antivirus (Dr Web). After the latest yum updates DrWeb continously seems to crash and be restarted by the Parallells watchdog. By default there were no logs for DrWeb, but when I enable logging to a file it gets spammed continously with the following error:

Cannot create pipe for communication with scanning childs (Too many open files)and the Drweb process runs at 99% CPU for long periods. This totally fills the disk with logs and I've now disabled logging again and Drweb is back to continously being restarted by the watchdog.

View 3 Replies View Related

Joomla Security / Linux Security

Apr 4, 2008

I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.

When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.

However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.

Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.

View 10 Replies View Related

Static Routes With Linux & Shorewall (site To Site VPN Virtual Private Network)

Mar 29, 2009

Attached is a (badly) drawn diagram of two sites, connected by a vpn.

The site to the left, is network which runs a linux server as the router for the network.

The site to the right, is network which runs a windows 2003 server as the router for the network.

Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to over the vpn interface.

now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.

I have the following route on the linux server: .....

View 0 Replies View Related

Plesk Automation :: Adding Dedicated IP Breaks Site (visitors Land On Default Site)

Apr 14, 2015

Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.

The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.

The bad news: visitors land on the default web site of the service node, with the default SSL certificate.

Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]

After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.

However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.

If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.

Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.

View 6 Replies View Related

Is There Anyone Knows For A Good Hosting,which Is Allowed : Adult Site & Casino Site?

May 21, 2008

is there anyone knows for a good hosting located in uk,which is allowed : adult site and casino betting online site ?

im looking for vps and dedicated server.

please help me i really need as soon as possible.thx

View 2 Replies View Related

How Effective Can Be Lighttpd 4 My Site ( Forum + Filesharing Site )

Jun 16, 2008

I run basicly run two main site.

1.Forum big one .

2.File and image sharing site.

(image sharing site generates thumbnails which produces lots of hits)

In these conditions how much difference can lighttpd can do as compared to apache for keeping my 600 MB Ram VPS host constant.

View 5 Replies View Related

Database Site Vs Comany Site

Jun 29, 2009

I'm on a short assignment to inventory and manage the fixed assets of a small company, and we've just bought a web-based database for this purpose. While I'm pretty good at administering/running local databases, the web part has me stymied. Our company is between IT people, and there's no one on site with any more idea than I have about what's going on!!

Here's what I have so far:

--The company has a website which I'll call "" -- which I think, from searching the IP address the website points to, is hosted by

--There's also a record in DNS Management with the same name (, but pointing to our little server's local IP address.

--I need to find a way to get my database -- which I can access on the network at (server's IP address)/database (ie -- online. I tried creating records in DNS Management (for ex., that point to our server's IP (the one that, if I type it in on the network, I can get to the site I'm looking for), but get generic "can't find the page" or "can't connect to the server" errors, even after 72 hours, when trying to access it from off the network.

--If I browse to on the server itself, I get to the website! But if I go to that page from any other computer, on or off the network, it doesn't work.

--The Server is running Windows Server 2003

So, what are my options? Do I have to talk to the people to add this page? Shouldn't I just be able to use my server's name ( and have that route to the server? What's going on here! Is there a simple way to get a tiny local-server-hosted website online outside of the network?

View 2 Replies View Related

Site Shows Another's Site After Transfer

Jan 9, 2008

I just transferred a domain from one cpanel box to another.

Now, that site is showing someone else's page. I've seen this happen before, but I cannot remember the fix.

the virtual host in httpd.conf is fine, shows proper IP, username, docroot, etc

Dns zone is fine as well.

The domain is using the server's main IP, so that's not the cause.

Centos 5 / cpanel 11 / apache 1.3 / php 4x

View 4 Replies View Related

Is It Possible To Relay A Site From My Site?

Aug 28, 2006

is possible to relay a site (say from my site (, where a viewer should be able to see the site ( through my site's IP.

View 4 Replies View Related

Web Security

Jul 16, 2009

I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.

My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.

View 13 Replies View Related

Mod Security

Feb 9, 2007

Is there any problems with having duplicate rules in different files as I have downloaded some rules and am going to make them all into one file to give me the best protection, but this is going to take time and I really need some sort of protection now

View 2 Replies View Related


Aug 25, 2007

after install ConfigServer Firewall i get the following ...

ConfigServer Security & Firewall - csf v2.89 >>
PHP Check >>
Check php for register_globals >>
WARNING >> You should modify the PHP configuration (usually in /usr/local/lib/php.ini) and set:
register_globals = Off

unless it is absolutely necessary as it is seen as a significant security risk

must i modify it?or not? put in ur consideration i tried to download it to modify an error occured!

View 2 Replies View Related

How Much Security

Aug 24, 2007

I am on a shared server account with Lunar Pages basic hosting plan.

The only script file I have up running is db Masters FormM@iler. It runs on Cpanel. I deleted whatever other scripts I could find on my server. The site is just basic html pages with jpgs and a gif.

Is there much else I really need to do to secure the server or is that more in Lunar Pages' hands?

If there is still more I can do to secure the server, and is it a small amount that's easy to do or would it be wise to just hire someone else to put in a few hours making sure everything is truly set up securely?

View 5 Replies View Related


Apr 23, 2007

I have a vps that has been exploited, and the hosting company is giving me advise on what to do to fix the security problems, but i need a good server administrator/company to help me with this. can anyone recommend a company that will go thru my server,

View 8 Replies View Related

Copyrights 2005-15, All rights reserved