Results 1 to 11 of 11
Thread: help
-
08-12-2009, 10:56 AM #1Newbie
- Join Date
- Jul 2009
- Posts
- 8
help
hi every body
i have server but but happened hack for several sites with same
way in the same time
i want to know how to prevent that and how to prevent ssh files to upload in my server?
i wait u seriously
thx
-
08-12-2009, 11:07 AM #2CEO & Leading Designer
- Join Date
- May 2008
- Location
- Iowa
- Posts
- 1,139
If you don't know much about server security I would strongly suggest hiring someone to secure your server for you. They will be able to configure it in such a way where you get instant e-mail notifications when someone uploads files, server load gets high and much more.
I'm curious how do you know the sites have been hacked the same way?
-
08-12-2009, 01:57 PM #3WHT Addict
- Join Date
- May 2009
- Location
- Chicago, Illinois, U.S.A
- Posts
- 116
You should see if your hosting provider provides technical support and can assist in the hardening of the servers ports/security. There are a number of things you can implement on your solution to help protect against hacks such as a hardware firewall, and port monitoring.
Miguel Villegas, VP Sales & New Business Development CloudMega.net
CloudMega, Inc. US | CloudMega, Ltd UK
US Toll Free: 888.401.2006 | Intl +1 312.757.5400
UK Toll Free: 0800.368.9925 | Intl +44 20.3540.7807
-
08-12-2009, 02:03 PM #4Junior Guru
- Join Date
- Jul 2009
- Location
- Texas
- Posts
- 232
What control panel are you using? would help knowing
-
08-12-2009, 04:35 PM #5Founder - Jaguarpc
- Join Date
- Jul 2000
- Location
- Colorado Springs, CO
- Posts
- 2,288
Theres no one simple solution to those problems and there's likely other problems that may need to be checked for now too. As some others have suggested you should either outsource this to a support company that can help you or ask your service provider for help, even if theres a fee involved it would be well worth it.
Greg Landis | Director of Growth Jaguarpc - Unlock Superior Hosting with JaguarPC
Managed Servers - Virtual Private Servers | AMD EPYC Dedicated servers
Follow us @ Facebook.com/Jaguarpc | (888)-338-5261 | greg @ jaguarpc.com
-
08-12-2009, 05:03 PM #6WHT Addict
- Join Date
- Jul 2009
- Posts
- 126
I would recommend you to hire a security expert that can go through your server, hardening it. Believe me it isn't a waste of money! Security isn't something you learn just by reading a couple of articles about it on the internet, it takes time and if you won't take the time to learn it, hire someone that does it for you.
-
09-18-2009, 12:41 PM #7Support Facility
- Join Date
- Jun 2009
- Posts
- 2,335
You can protect making sure that all the files in ~/.ssh have no group or other read/write permissions.
-
09-18-2009, 12:46 PM #8Disabled
- Join Date
- Mar 2006
- Location
- San Diego CA
- Posts
- 161
-
09-18-2009, 12:50 PM #9Retired Moderator
- Join Date
- Nov 2002
- Location
- WebHostingTalk
- Posts
- 8,901
* Moved to Technical and Security Issues....
SiriusI support the Human Rights Campaign!
Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.
-
09-18-2009, 01:03 PM #10Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
There are several methods an attacker can gain access to your server. It does not have to be from ssh, it can be from something as simple as a vulnerable php script. You need to have your entire server audited for security, this includes the server software such as your linux kernel. If someone exploits a vulnerable php script then they can then execute a kernel exploit on a vulnerable kernel and get root access WITHOUT USING SSH.
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
09-18-2009, 01:12 PM #11Temporarily Suspended
- Join Date
- Feb 2004
- Location
- USA
- Posts
- 1,572
^ I highly recommend Rack911, you should make a budget for securing your server and do periodic audits.
Cheers