To Move My Church's Site To Something More Secure

Apr 11, 2008

I've been a reseller for 7-8 years now. Just now getting out of the business.

I've "downsized" so that the only sites I have left are either my own little "experiments" or are sites belonging to local non-profits, where...because of a lack of expertise on their part, I'm basically the webmaster.

One of these sites belongs to my church. The site has been up-and-running for, oh, I think somewhere in the realm of 4-5 years now.

In the past two years, we've seen a large increase in the number of exploit attempts on this site. First, there's the never-ending flood of bots... creating user accounts in the forum software and image gallery software.

Then there are the actual hacks. Once, long ago, it was hacked by a pro-Muslim-extremist group. (But it wasn't alone. A ton of sites all over the net were hacked that day. Hacker through up the same pro-Muslim-extremist page on all of them.)

Then, more recently, somebody exploited a weakness in the image gallery software and uploaded their own little files onto the box. And one of those files was a script that apparently was designed to let them hack away at CPanel, trying to get in.

Anyways, I've been doing my best to keep the third-party software up-to-date. And I've customized some of that code according to recommendations on their websites in a way that "blocks" bots and certain functions that these people might like to use.

But staying viligant sure does take a lot of time and energy.

Tonight, I'm going to uninstall their forums permanently. Nobody's been using them in the past several months anyways. But I sure don't want to uninstall their image gallery software.

I guess I'm wondering if there's some hosting provider out there who maybe specializes in helping provide churches with extra security?

View 14 Replies


ADVERTISEMENT

How To Secure A Web Site

Feb 3, 2007

The searching I've done has uncovered numerous articles about securing a Web server...but I don't have control at that level. What I'm looking for is advice and tips on how to best secure an individual Web site to ward off hackers and the like.

More specifically, how to best do it using the tools available in cPanel, like Web Protect, HotLink protection, Leech Protect, Index Manager, etc., plus other things I should do if cPanel's tools aren't sufficient.

View 14 Replies View Related

Seamless Site Move

May 22, 2007

How can I move my site to a new hosting provider and have no downtime for my customers? (My website, webserver, and MySQL database appear to be online at all times).

I have my domain registered at godaddy.com

I have my current host at ************** with dedicated IP

I have my new host at Cartika with shared IP

The domain at godaddy points to:
ns1.**************.biz
ns2.**************.biz

Can I set up my new Cartika name servers to point to my old site's dedicated IP and set TTL at a very low level, and then change the domain at godaddy to point to the new Cartika nameservers?

This way as the change populates, everything is still pointed at my old hosting site.

Then I move my site over to Cartika, and once everything is tested and working, update the Cartika nameservers to point to the Cartika account?

View 3 Replies View Related

How To Move Site From 1 HOST To Another

Jan 2, 2007

I have couple of site on a shared hosting. Now I want to move it another shared hosting. Is there a program, that can move the sites effortlessly, with a click of button or two. I have couple of mysql database. I want them to be created on my 2nd hosting company.

View 3 Replies View Related

Move My Site From Dreamhost To Liquidweb Vps Server

Jul 14, 2007

I am newbie of vps server, never use it before. I am a total shared hosting guy. please help me to move my sites from dreamhost to liquidweb vps.

Ok, i have 2 web sites and 1 blog hosted with dreamhost.

web sites are basicly some html pages with vbulletin board.
blog is using wordpress.

My goal is to move all my stuff to new server, and my visitors wont even notice that I am moving.

Staff @liquidweb already got my vps account set and it ready to go.

Here's what I did, I went to
WHM -> account functions ->Create a New Account.

I filled up form for my blog site, johnqin.com. New account is created. and ftp also ready. I am able to connect ftp now.

now, whats the next step I need to do? how can I copy from dreamhost to my new server?

View 3 Replies View Related

Can Recommend A Secure Adult Video Stream Hosting Site?

Jan 28, 2009

Who can recommend a secure/affordable video streaming hosting site to me?

Setting up a members video site.

Best if the web host can come with a ready members template and shopping cart/payment service where I can just upload my videos.

View 7 Replies View Related

Move A Site From One Host To Another Possibly Copy/ghost A VPS Over The Internet

Jan 31, 2009

I am trying to figure out a way to move a site from 1 host to another... The problem is that I don't just have a bunch of HTML files to move... I rented a VPS server for the last year, I believe it was CentOS 5 (OS). I setup several things on the server, MYSQL, FFMPEG, ETC...

I am now wanting to move to a dedicated server HOWEVER I DO NOT WANT TO START ALL OVER AGAIN. The site is rather busy and it is important to do the transition as fast as possible.

SO -- I have used Symantec Ghost before to "clone" a computer before. It basically takes an IMAGE of the entire HD and then you can paste/burn that image on a new HD and it makes a PERFECT copy of the original machine.

BUT - I have NO CLUE how to do this over the internet?

View 7 Replies View Related

Server Move - Is There A Way To Setup DNS To Show A Backup Site / Message

Jun 25, 2009

The data centre which I use, is moving all collacated servers to a brand new data centre next week, which will mean a two hour downtime for each of my servers and customer websites.

At the moment my servers utilise two nameservers on seperate servers and when the move happens all websites will be offline with an ugly error message to any visitors.

Does anyone know a good way to setup a page which would be displayed if the web server was down? I am using MS DNS.

My thoughts so far is

1. Setup a 3rd nameserver which is off site from the data centre.

2. Purcahse web hosting / vps for a month on a seperate hosting company

3. Set it up so that it accepts * to a specific IP address in IIS or apache

4. I create an index.php script which gets the host header value sent i.e. [url]and the page then displays a nice maintenace i.e

"We are sorry joeblogs.com is currently down for maintenace, we will be back online shortly".

I think my main question is do I need to setup a 2nd www record in DNS for each site and how do I ensure the 2nd dns (backup record) only gets used when the first website / server is down.

View 0 Replies View Related

Static Routes With Linux & Shorewall (site To Site VPN Virtual Private Network)

Mar 29, 2009

Attached is a (badly) drawn diagram of two sites, connected by a vpn.

The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.

The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.

Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.

now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.

I have the following route on the linux server: .....

View 0 Replies View Related

Plesk Automation :: Adding Dedicated IP Breaks Site (visitors Land On Default Site)

Apr 14, 2015

Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.

The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.

The bad news: visitors land on the default web site of the service node, with the default SSL certificate.

Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]

After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.

However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.

If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.

Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.

View 6 Replies View Related

Is There Anyone Knows For A Good Hosting,which Is Allowed : Adult Site & Casino Site?

May 21, 2008

is there anyone knows for a good hosting located in uk,which is allowed : adult site and casino betting online site ?

im looking for vps and dedicated server.

please help me i really need as soon as possible.thx

View 2 Replies View Related

How Effective Can Be Lighttpd 4 My Site ( Forum + Filesharing Site )

Jun 16, 2008

I run basicly run two main site.

1.Forum big one .

2.File and image sharing site.

(image sharing site generates thumbnails which produces lots of hits)

In these conditions how much difference can lighttpd can do as compared to apache for keeping my 600 MB Ram VPS host constant.

View 5 Replies View Related

Database Site Vs Comany Site

Jun 29, 2009

I'm on a short assignment to inventory and manage the fixed assets of a small company, and we've just bought a web-based database for this purpose. While I'm pretty good at administering/running local databases, the web part has me stymied. Our company is between IT people, and there's no one on site with any more idea than I have about what's going on!!

Here's what I have so far:

--The company has a website which I'll call "ourwebsite.org" -- which I think, from searching the IP address the website points to, is hosted by HostMySite.com.

--There's also a record in DNS Management with the same name (ourwebsite.org), but pointing to our little server's local IP address.

--I need to find a way to get my database -- which I can access on the network at (server's IP address)/database (ie 0.0.00.0/database) -- online. I tried creating records in DNS Management (for ex., assets.ourwebsite.org) that point to our server's IP (the one that, if I type it in on the network, I can get to the site I'm looking for), but get generic "can't find the page" or "can't connect to the server" errors, even after 72 hours, when trying to access it from off the network.

--If I browse to assets.ourwebsite.org/database on the server itself, I get to the website! But if I go to that page from any other computer, on or off the network, it doesn't work.

--The Server is running Windows Server 2003

So, what are my options? Do I have to talk to the HostMySite.com people to add this page? Shouldn't I just be able to use my server's name (ourcompanyadc.ourcompany.org) and have that route to the server? What's going on here! Is there a simple way to get a tiny local-server-hosted website online outside of the network?

View 2 Replies View Related

Site Shows Another's Site After Transfer

Jan 9, 2008

I just transferred a domain from one cpanel box to another.

Now, that site is showing someone else's page. I've seen this happen before, but I cannot remember the fix.

the virtual host in httpd.conf is fine, shows proper IP, username, docroot, etc

Dns zone is fine as well.

The domain is using the server's main IP, so that's not the cause.

Centos 5 / cpanel 11 / apache 1.3 / php 4x

View 4 Replies View Related

How Secure /tmp On Vps

Jul 26, 2009

how can i secure my tmp on vps?

mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

it isnt work on vps and i have this error:

[root@ dev]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: could not find any device /dev/loop#

View 4 Replies View Related

I Cant Secure My /tmp

May 5, 2009

i want to secure my /tmp and do this:

so i try this link
[url]

so:
cd /dev
dd if=/dev/zero of=tmpMnt bs=1024 count=150000
/sbin/mke2fs /dev/tmpMnt
cd /
cp -R /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

but i have this error:

root@server [/]# mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
mount: no permission to look at /dev/loop#

View 4 Replies View Related

Secure A Vps

May 13, 2009

when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.

View 14 Replies View Related

How Secure Is My VPS

Aug 7, 2008

vbulletin.com/forum/showthread.php?t=281011

How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?

Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?

View 3 Replies View Related

Secure VPS I Done

Sep 8, 2008

i'v been Installed all these In my VPS server

1)Disable Functions:
system,system_exec,shell,shell_exec,exec,passthru,escapeshellarg, escapeshellcmd,proc_close,proc_open,ini_alter,dl, popen,parse_ini_file,show_source
and Enable The Safe_Mode.
---------------------------------------
2)Hide_your_apache_Version
---------------------------------------
3)Install LogWatch in a Server
---------------------------------------
4)Mod-Security-Install
---------------------------------------
5)Root-Login (IP Sent).
---------------------------------------
6)Disable Login Root and Change SSH Port .
---------------------------------------
7)Installing eAccelerator .
---------------------------------------
8)Install Nobody Check
---------------------------------------
9)Updateing All of
/scripts/upcp
/scripts/updatenow
/scripts/sysup
/scripts/fixeverything
/scripts/exim4
/scripts/easyapache
/scripts/securetmp
----------------------------------------

but doesnt know yet what the better to secure my vps ..

and about Firewall two .. wich firewall better

CSF or APF+BFD ..

View 4 Replies View Related

Secure FTP

Mar 27, 2008

I have an application that requires a Secure FTP connection to a server to work. I am having trouble connecting to one server, a windows based server, while the CentOS Linux server is working fine.

Does anyone know where I can find test Secure FTP locations so I can determine if the issue is with misconfiguration or with an incompatibility of the program with windows Secure FTP sites?

I am able to connect to both sites using WinSCP and choosing Secure FTP.

View 1 Replies View Related

How To Secure The VPS

Aug 30, 2007

Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.

[url]

View 2 Replies View Related

Secure UK VPS - DPA

Nov 11, 2007

Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.

In particular this bit make Dreamhost a bit of a no go due to them being in California:

"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."

Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:

Secure UK Datacenter, eg Easynet, Blue Square etc
128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer
LAMP Environment
Support within Business Hours
Control Panel

View 6 Replies View Related

Way To Secure SVN

Feb 4, 2007

So I just got SVN installed on my server, and now I'm wondering about the best way to go about securing it. This is what I've had done so far

the executables were installed to /usr/bin as ROOT

Then I created a directory in /usr/local/svn as ROOT to hold the svn repositories (the conf folders, etc).

I've decided that I'd like to use the SVNSERVE tool rather than have to run Apache2 which my current VPS provider does not provide any support for.

So I've run SVNSERVE like so:
svnserve -d -r /usr/local/svn --listen-port=7126

Then for each repository within the /usr/local/svn folder I've gone into the conf folder and added:

anon-access = none
auth-access = write
password-db = passfile
realm = myrealm

The passfile is located in the same directory (ie. /usr/local/svn/test) and contains my users in the format:

[users]
harry = harryssecret
sally = sallyssecret

I then run my checkouts like so:
svn checkout svn://mysite.com:7126/test

Now my question is how secure is this. I was tempted to use svn+ssh but I couldn't seem to figure out how to get it configured. Is the protection I have adequate? How easily can this be compromised? What steps should I take to lock it down further. Can I limit the connection to SVNSERVE to only come from certain specific IP's... similar to how apache does:

Order deny,allow
deny from all
allow from 192.153.123.12

View 10 Replies View Related

Most Secure CMS

Feb 22, 2007

What would be the most secure free CMS at the moment? I ask this because im looking to setup a website, and i dont have enough money to invest in a custom coded website, so to start out with ill use a free CMS, but i dont want to be hacked.

Now i know that because the CMS's are open source, they can still be hacked, what im looking for is something that is the most secure, preferably with sql injection protection.s?

View 11 Replies View Related

Secure FTP

Apr 15, 2007

Secure FTP?

Entirely dependent on Client Software or do we need to buy an SSL certificate and install it on our server as well?

How it works?

View 1 Replies View Related

When Trying To Secure The /tmp Dir

Jun 25, 2007

[url]

i followed the guide, after done I reboot the server then it gives me these errors:

Quote:

mounting local filesystems: Failed

mounting other filesystems: /dev/tmpMnt: No such file or directory

View 5 Replies View Related

Move Db Using SSH

Jan 17, 2007

how can i move db from old server to new server using SSH?

(both of server are UNÝX )

View 4 Replies View Related

Cp Move

Oct 7, 2007

Have any one got any script to genrate cp move backup on remote FTP , but it should also have date in filename on which backup was genrated

View 5 Replies View Related

How To Move 4 Gb From Vps To Another

Jul 31, 2007

i'm wondering if i want to move from a company to another

if i have a files with approx 4gb to 6 gb files

is it safe to transfere my files from a vps to another?

i have 4 acounts in my VPS

View 12 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved