I'm very green at this security stuff, and there are some things I don't understand....

If your personal account information is available to you, can it be available to a hacker? Say your name, CC#, billing info?

Is there anything out there that can assure that doesn't happen (short of changing passwords everyday that a sneaky hacker can possibly grab too)? Have a project coming up that would generate a lot of "hornets" (political commentaries do bring out some nut cases) and would like to protect personal info.

Would also like to know if there's a mask out there that would funnel outlinked files through some secured server or something. So hackers can't trace back where the files come from directly (even those savvy enough to go digging), and start doing their handiwork.

Any advice?

Chris
--
I'm so green I can be planted :(

I don't suggest storing information like CC# on the server, because if it gets hacked then the hacker can take it. You can't 100% secure your server, but you make it harder for the hacker to crack into it. There are many things you can use to secure your server:

http://www.psionic.com/abacus/portsentry
It is a program designed to detect and respond to port scans against a target host in real-time.

http://www.psionic.com/abacus/logcheck
Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail.

http://www.lids.org/
LIDS is an enhancement for the Linux kernel. It implements several security features that are not in the Linux kernel natively. Some of these include: mandatory access controls (MAC), a port scan detector, file protection (even from root), and process protection.

http://tripwire.com/
Tripwire for Servers software assures the security and integrity of data on your servers by notifying users if, when, and how files have changed.

Also a good security tip is not to use windows, because everyone is trying to break into it. When they'll be done with windows they'll move to hacking linux. So you can't be 100% safe.

Also you have to keep up with the latest exploits adn security news:

http://www.linuxsecurity.com
http://www.securityfocus.com
http://packetstorm.linuxsecurity.com/

Originally posted by Palm
I don't suggest storing information like CC# on the server, because if it gets hacked then the hacker can take it. You can't 100% secure your server, but you make it harder for the hacker to crack into it.

Sorry if I wasn't clear. I was referring to someone getting an account say at "Xxxxxxx Web Hosting" and one of the features is knowing about your account status and next bill date via Cpanel or something.

I'm confused if the account will contain your real life info (name, billing address, payment type), that any hacker can get into.

My concern is more about getting access to personal info, than what's on the server itself (at least what I may have on the server, which won't be anything that needs encryption or anything - public art files, etc). If they broke in all they'll have, file wise, wouldn't have been worth their effort - it's open on the internet already.

The masking I was refering to was a way a hacker can't trace back where the online files are coming from, so he won't come over to do his malice in the first place.

I don't know beans about server ops (I'm an artist, not an server guru), and maybe not using the right terminology here. :/

Chris

As a host, you should never present the CC# to anyone, including the customer, maybe give them a place to enter a new number to start charging, but never show that number to them...


If your going to keep that kind of info on a server, it really needs to be encrypted with a heavy key.....

Originally posted by The Prohacker
As a host, you should never present the CC# to anyone, including the customer

I'm referring that I'm the host and customer who is buying the service to begin with. No one else.

Want to know if my account info can be accessed via cPanel (or whatever access shell) by a hacker who managed somehow to hack into the server?

Basically like to know if a hacker once on an account shell, can he get my account info from it? Like it's easy access after hacking one password to get all this personal info?

Chris

If you are using cPanel, then no. cPanel doesn't ask you for any info other then the domain.

Originally posted by Palm
If you are using cPanel, then no. cPanel doesn't ask you for any info other then the domain.

Thanks, Palm.

I'll learning as I go here. :/