12-27-2004, 03:42 PM
|
|
WHT Addict
|
|
Join Date: May 2004
Posts: 122
|
|
Ive been having some security probs over the last month, and a look at netstat -a appears quite frightening.
Really im looking for someone who will voluntarily help me clean my server of all the insecurities and possible intrusions, so i can start over securing my server properly.
If anyone wouldnt mind lending a hand, PM me here!
Thx alot
|
12-27-2004, 04:05 PM
|
|
Temporarily Suspended
|
|
Join Date: Nov 2003
Posts: 350
|
|
you can email to CEO of linuxdominicana.com his email is: linuxdominicana@gmail.com
he can help you.
will not sure if its free.. but i know they provide full security test for 15$ one time.
|
12-27-2004, 05:57 PM
|
|
Web Hosting Master
|
|
Join Date: Aug 2003
Location: USA
Posts: 1,030
|
|
Good, trusted server security is not free. I'd suggest spending the money necessary to keep your systems in good order.
__________________
CybexHost.com - Shared and Reseller Hosting Solutions on cPanel/WHM Linux Servers
ModernTweak.com - Discount ModernBill Licenses, Hosted Installations, and Professional Services
:: Pay for your discount ModernBill license with PayPal 
:: admin[at]cybexhost.com :: AIM: CybexH
|
12-28-2004, 04:28 AM
|
|
WHT Addict
|
|
Join Date: May 2004
Posts: 122
|
|
I just cleared off a script which was connecting to several IRC servers, functioning as bots.... they had been running as user 'nobody'
Im going to use nessus to completely security scan the server, then patch accordingly.
Anything else i should look into?
|
12-28-2004, 04:35 AM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,552
|
|
Chances are if they were running as nobody, then it was an exploited php script, and nessus is not going to tell you anything.
|
12-28-2004, 04:42 AM
|
|
WHT Addict
|
|
Join Date: May 2004
Posts: 122
|
|
nessus scans for cgi vulnerabilities. Anyways, if this is the case then i will be checking my (insert name of program that lets cgi and php scripts run as the user instead of nobody, i forgot the name ^_^) configuration.
|
12-28-2004, 04:43 AM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,552
|
|
yes but it wont check every domain, and cgi is normally ran as a user not nobody, which leaves php to be the problem.
|
12-28-2004, 04:47 AM
|
|
WHT Addict
|
|
Join Date: May 2004
Posts: 122
|
|
SuExec is the name:
Notes: suexec allows cgi scripts to run with the user's id. It will also make it easier to track which user has sent out an email. If suexec is not enabled, all cgi scripts will run as nobody.
Does this not include php?
|
12-28-2004, 04:55 AM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,552
|
|
No, you would have to isntall phpsuexec / suphp for php
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
