Results 1 to 17 of 17
  1. #1
    Join Date
    Sep 2003
    Posts
    98

    Server secure, but last reboot is 280+ days?

    My friend's account is hosted over at IPowerWeb. I can't reveal the domain, as everywhere you look is a hole!

    Also, he runs Invision Power Board v1.2

    Here is some info according to this script: http://codewalkers.com/seecode/498.html

    Software: Apache/1.3.31 (Unix) mod_log_bytes/0.3 FrontPage/5.0.2.2635 PHP/4.3.10 mod_ssl/2.8.19 OpenSSL/0.9.7c

    Uptime (days): 361 days, 5:51

    And this is the load right now: 3.88,3.30,2.89


    He thinks his server is secure, and asks people to hack it, but his security is based off of the fact nobody will take the chance to hack it, because it is illegal. He also thinks it is ok for a server to not need a reboot for 200+ days.

    Anyone care to explain why it is unsecure if a standard shared server has not been rebooted for a LONG time? I'll link him over here, and hopefully he will learn.

    Or can someone please explain to me how a server can be secure without a reboot in almost a year?
    Last edited by BobbyDouglas; 05-09-2005 at 11:20 PM.

  2. #2
    Join Date
    Sep 2002
    Location
    Oklahoma
    Posts
    825

    Re: Server secure, but last reboot is 280+ days?

    Originally posted by BobbyDouglas
    Or can someone please explain to me how a server can be secure without a reboot in almost a year?
    A server can be secure without a reboot, by not running Windows. Additionally, many patches do not require a reboot, only a restart for that paticular service/daemon.
    Devon Dunham (Owner, Sharpnet/DDoS Host)
    Advanced DDoS Mitigation and Server Management Solutions

    Protecting your online infrastructure.

    Est. 1998.

  3. #3
    Join Date
    Sep 2003
    Posts
    98
    So you have non windows servers that haven't been rebooted for over 200+ days?

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681

    Re: Re: Server secure, but last reboot is 280+ days?

    Originally posted by DD-SNC
    A server can be secure without a reboot, by not running Windows. Additionally, many patches do not require a reboot, only a restart for that paticular service/daemon.
    negative... there are many linux root exploits and all of the patches require a reboot
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Join Date
    Nov 2003
    Location
    Phoenix
    Posts
    44
    Linux/*Nix servers do not need to rebooted for any reason at all, except for a couple of things such as recompiling a kernel. There have been servers online running for years without a reboot.

    The server being up that long without a reboot is actually a good thing.

    Reboots are for the unlucky Windows users. Use Linux and you will learn to forget about having to reboot.

  6. #6
    Join Date
    Sep 2003
    Posts
    98
    "negative... there are many linux root exploits and all of the patches require a reboot"

    I thought something like this was the case. Netcrafy reports last reboot was 280 days ago, the script I linked to the my first post, says 381 days..

  7. #7
    Join Date
    Nov 2003
    Location
    Phoenix
    Posts
    44

    Re: Re: Re: Server secure, but last reboot is 280+ days?

    Originally posted by thelinuxguy
    negative... there are many linux root exploits and all of the patches require a reboot
    WRONG! Pretty much only if you are recompiling the kernel. The majority of patches do not require a reboot, and there are not "many" root exploits. Also the majority of security issues regarding Linux are due to poorly trained system admins who are not knowledgeable or responsible enough to take care of a Linux Box.
    Last edited by embsupafly; 05-10-2005 at 12:07 AM.

  8. #8
    Join Date
    Nov 2003
    Location
    Boston, MA
    Posts
    141

    Re: Re: Re: Re: Server secure, but last reboot is 280+ days?

    Originally posted by embsupafly
    WRONG! Pretty much only if you are recompiling the kernel. The majority of patches do not require a reboot, and there are not "many" root exploits. Also the majority of security issues regarding issues are due to poorly trained and system admins who are not knowledgeable or responsible enough to take care of a Linux Box.
    And in the last 380 days there have been no significant exploits where kernel updates were necessary?

  9. #9
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,783
    There has been at least 4 kernel security updates in that time frame.
    Apache/1.3.31 has a few holes in it.

    The box is not secure.

  10. #10
    Join Date
    Nov 2003
    Location
    Phoenix
    Posts
    44
    Originally posted by Techark
    There has been at least 4 kernel security updates in that time frame.
    Apache/1.3.31 has a few holes in it.

    The box is not secure.
    Coming from someone who spells Linux as "Lunix" on his web site.

    I do agree with the issue with Apache having security problems though.

  11. #11
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,093
    Originally posted by Techark
    There has been at least 4 kernel security updates in that time frame.
    Apache/1.3.31 has a few holes in it.

    The box is not secure.
    As techark said there have been a few pretty severe kernel exploits come out. There are even a few scripts out there that will automatically try to root the box via the exploits. Also even if he does not give shell out there are still ways to exploit these, like via php-injection, so he cannot simple use the no shell access excuse. He needs to at least update the kernel and reboot it and then make suer everything else has been updated.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  12. #12
    Join Date
    Sep 2003
    Posts
    98
    embsupafly, please don't turn this into a bash. I really want to hear some facts. Attack the issue, not the person.

  13. #13
    Join Date
    Nov 2003
    Location
    Phoenix
    Posts
    44
    Understood, I apologize to all offended.

    I will go do some research and present my evidence.

  14. #14
    Join Date
    Sep 2003
    Posts
    98
    Thanks

    I really want to know why or why not this is secure/unsecure. Rather learn a bit about this. I figured some people would say that Linux runs strong, and doesn't need to be patched. And others would argue that Linux needs updates that require reboots.

    Not sure what is the reason behind either answer, but hopefully I will know after some experts take the time to prove it

    I always thought the server needed to be rebooted every couple months for updates, but I could be wrong...

  15. #15
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,783
    BobbyDouglas

    What OS is he running?

  16. #16
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027

    Re: Server secure, but last reboot is 280+ days?

    Originally posted by BobbyDouglas
    My friend's account is hosted over at IPowerWeb . . . He thinks his server is secure, and asks people to hack it . . .
    On a side note . . .

    If IPowerWeb found out that he was asking folks to hack the server he's on, I'm sure they'd kick him off. I know I would, if someone on one of my servers was openly inviting or agitating hackers etc.
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up

  17. #17
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    14,135
    He thinks his server is secure, and asks people to hack it, but his security is based off of the fact nobody will take the chance to hack it, because it is illegal. He also thinks it is ok for a server to not need a reboot for 200+ days.
    while it's illegal to hack anything, here in the states, the chances of getting prosecuted are about 0.0001%. Whoever's giving him that bogus line of bs is , well, they don't know what they're talking about

    negative... there are many linux root exploits and all of the patches require a reboot
    yes, and no there.
    Yes, because anything patched in the kernel will, indeed require a reboot.
    No, because there are plenty of "root exploits" that can indeed be made with current kernels.

    As far as generalizations:
    If the server is up for 280+ days, it most definitely is insecure. What he's doing here is the classic "security through obscurity" technique, and , eventually, someone will hack his server for him, but he won't like how they do it.

    Kernel updates are made on the average of once every 1-3 months, and, the kernel is ALWAYS something you want to keep up to date, whether it's a bugfix, security fix, or whatever. Much like php, they generally put all of that into an update.

    Based on this server's uptime, I'd guess that he's running either fc1 or redhat (7.x to 9) which are quite old and should be updated to something else as well. Of course, doing that would require rebooting the server for these updates to take affect. NOT updating these is allright, but, you're more succeptible to hacks if you've got older stuff on your box

    Long story short:
    He's definitely vulnerable, especially with 280+ days uptime.
    Tom Whiting, WHMCS Guru extraordinaire
    Linux problems? WHMCS Problems? Give me a shout
    Check out my WHMCS Addons

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •