I am having to delete a client account due to non-payment of the service provided. He has threatened to "hack" into my servers and destroy them if I do. Now as a security precaution, I would like to know, is CPANEL secure enough to keep my server safe and outa harms way?


Thanks

Cpanel doesn't replace a good sys admin.. It just makes the work load easier...

You should have things like the kernel, apache, PHP, OpenSSH, OpenSSL, and many of the other utilites up to date..

Have set security policys, etc, if you do that, then you wouldn't have to worry about security...

Prohacker is right. If you have everything up to date, you should not face any problem by this as**ole!

This seems to have been cross-posted: http://www.webhostingtalk.com/showthread.php?threadid=64643

well as far as i know, one can still hack into ur server, even if u have updated all the security patches/updates etc...
he can buy another account from some other name or thru
a friend, and can use his scripts (if any :P) to exploit ... :)
coz i dont know of any hosting controller which implements
100% client sites content security ... is there any ?

izcryptman: It depends what we mean by when we talk about "security". I mean if this "hacker" got a site on the server, he could well run something such as a fork bomb and bring the whole machine down, or use the machine to send out thousands of SPAM email. It's a whole different ball game when the hacker has an account on the machine. There are different things to look at when we talk about "security", it is a bit of a broad subject ;)

Edit: Another thing to remember, most of these supposed "hackers" aren't really "hackers" all they are is kids with nothing better to do than look up a hacking resource site and follow step-by-step instructions on how to do something. They majority that really break in themselves is fairly small.

u r quite right rochen, but the thing is :
"why the hosting controler software vendors (like cPanel) does not implement such security measures ???
and still m in search, is there any ?
especially on windows (apart form all other loop holes of windows :P)?

Originally posted by izcryptman
"why the hosting controler software vendors (like cPanel) does not implement such security measures ???
Because they are not responsible for the security of the machine, I mean they are responsible for making CPanel itself secure, but in no way the rest of the machine.

then whats the use of spending big bucks for them ?
while m not specificlly talking abt machine security, m talking
client-sites content security n obviously client-sites are
made thru hosting controllers ... anyways .. :P

CPanel is the last secure software out there. What kind of retard will say "I will hack you" if you have his contact info? Why don't you make a call to him.

I would block his IP block from the server.

Originally posted by izcryptman
then whats the use of spending big bucks for them ?
Because they are huge time savers on the part of the system administrator, which frees him up to go and secure the machine or have a game of golf :D

They are also a benefit to the client as they allow them to make changes to their website configuration instantly.

Originally posted by Shyne
CPanel is the last secure software out there. What kind of retard will say "I will hack you" if you have his contact info? Why don't you make a call to him.

I would block his IP block from the server.

well, pls read my first post carefully, i've mentioned that
how that retard can hack in ... :P

Originally posted by izcryptman
how that retard can hack in ... :P
I hate to say, but that's not hacking if he already has access to the machine ;)

Originally posted by rochen

Because they are huge time savers on the part of the system administrator, which frees him up to go and secure the machine or have a game of golf :D

They are also a benefit to the client as they allow them to make changes to their website configuration instantly.

keep "security" out ... :P

Originally posted by rochen

I hate to say, but that's not hacking if he already has access to the machine ;)

while hacking philosophy has a vast meaning in it,
but m glad u got what i meant ... :P

Regarding Prohacker's post:
You should always have some sense of paranoia when administrating a server even if you do have all the latest patches. You need to have layered security, meaning you can't just have the latest patches and a firewall and think you are okay.

I agree with Shyne although he could be really stupid and actually attempt to attack the server, so watch the system logs and the IDS logs (you have an IDS right?).

Simply blocking his IP will help but then again he could compromise another system and launch his/her attack from there.

If he has local access to the machine it absolutely does make it a lot easier for him to compromise the machine and it is technically still "hacking" (it's just local and not remote) even though that is not the correct term to use.

In the future you should also always be secured already and not have to secure your system for instances like this.

Although it seems unlikely for him/her to attack your server, you cannot just brush this threat off.

Good luck

He is threatening criminal activity, so treat him as someone who is threatening criminal activity. That's the core issue. Deal with the person here and the person may change his mind.

That being said, security is something that is often an afterthought, unfortunately. As someone else said, it is a layered approach. There is perimeter defense, intrusion detection, setting rights and permissions properly, using strong passwords, physical security, business continuity and distater planning, patching, having no more services than what is required, and I could go on. You're lucky--he was stupid enough to give you some warning--someone else may not.

Originally posted by justageek
He is threatening criminal activity, so treat him as someone who is threatening criminal activity. That's the core issue. Deal with the person here and the person may change his mind.


I agree. If this was an email threat then surely you have kept it?

I would send some hired goons around to hack into him :D you do have his details? or at least a CC

Its all about the backups....

Like CitadelHost said, you can apply as many patches and firewalls, which will help some, but won't stop them completely...


If the lamest script kiddie is determined enough to root your box, there is a good chance they will, the odds are really stacked against you...

Its hard to know every exploit for every piece of software on your box and to update all of it...

And the chain is as strong as its weakest link, one little hole will blow the entire thing...

So you gotta do remote or separate backups... Be sure to backup logs, IDS's are great, and keep the email and his info..

If anything does happen, it is an interstate crime, and prolly wouldn't be hard to prove $500+ loss of revenue because of it, so it would be a felony...

You might remind him/her that you do have their name and address and you are fully willing to notify the FBI...

After 9/11 the computer crimes division of the FBI has been seriously beefed up, so they generally look into more cases than they used too...

I thought it was $5000 in lossed revenue before criminal prosecution is taken?