Results 1 to 20 of 20
Thread: Security & CPANEL
-
08-02-2002, 07:31 PM #1Disabled
- Join Date
- Aug 2002
- Location
- Australia
- Posts
- 771
Security & CPANEL
I am having to delete a client account due to non-payment of the service provided. He has threatened to "hack" into my servers and destroy them if I do. Now as a security precaution, I would like to know, is CPANEL secure enough to keep my server safe and outa harms way?
Thanks
-
08-02-2002, 07:41 PM #2Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
Cpanel doesn't replace a good sys admin.. It just makes the work load easier...
You should have things like the kernel, apache, PHP, OpenSSH, OpenSSL, and many of the other utilites up to date..
Have set security policys, etc, if you do that, then you wouldn't have to worry about security...
-
08-02-2002, 08:18 PM #3Junior Guru
- Join Date
- Jul 2002
- Posts
- 180
Prohacker is right. If you have everything up to date, you should not face any problem by this as**ole!
-
08-02-2002, 08:48 PM #4Web Hosting Master
- Join Date
- Jan 2002
- Location
- Scotland, UK
- Posts
- 2,688
This seems to have been cross-posted: http://www.webhostingtalk.com/showth...threadid=64643
-
08-03-2002, 10:57 AM #5Newbie
- Join Date
- Aug 2002
- Posts
- 17
well as far as i know, one can still hack into ur server, even if u have updated all the security patches/updates etc...
he can buy another account from some other name or thru
a friend, and can use his scripts (if any ) to exploit ...
coz i dont know of any hosting controller which implements
100% client sites content security ... is there any ?
-
08-03-2002, 11:00 AM #6Web Hosting Master
- Join Date
- Jan 2002
- Location
- Scotland, UK
- Posts
- 2,688
izcryptman: It depends what we mean by when we talk about "security". I mean if this "hacker" got a site on the server, he could well run something such as a fork bomb and bring the whole machine down, or use the machine to send out thousands of SPAM email. It's a whole different ball game when the hacker has an account on the machine. There are different things to look at when we talk about "security", it is a bit of a broad subject
Edit: Another thing to remember, most of these supposed "hackers" aren't really "hackers" all they are is kids with nothing better to do than look up a hacking resource site and follow step-by-step instructions on how to do something. They majority that really break in themselves is fairly small.
-
08-03-2002, 11:16 AM #7Newbie
- Join Date
- Aug 2002
- Posts
- 17
u r quite right rochen, but the thing is :
"why the hosting controler software vendors (like cPanel) does not implement such security measures ???
and still m in search, is there any ?
especially on windows (apart form all other loop holes of windows )?
-
08-03-2002, 11:18 AM #8Web Hosting Master
- Join Date
- Jan 2002
- Location
- Scotland, UK
- Posts
- 2,688
Originally posted by izcryptman
"why the hosting controler software vendors (like cPanel) does not implement such security measures ???
-
08-03-2002, 11:27 AM #9Newbie
- Join Date
- Aug 2002
- Posts
- 17
then whats the use of spending big bucks for them ?
while m not specificlly talking abt machine security, m talking
client-sites content security n obviously client-sites are
made thru hosting controllers ... anyways ..
-
08-03-2002, 11:29 AM #10Registered User
- Join Date
- Mar 2002
- Posts
- 1,003
CPanel is the last secure software out there. What kind of retard will say "I will hack you" if you have his contact info? Why don't you make a call to him.
I would block his IP block from the server.
-
08-03-2002, 11:30 AM #11Web Hosting Master
- Join Date
- Jan 2002
- Location
- Scotland, UK
- Posts
- 2,688
Originally posted by izcryptman
then whats the use of spending big bucks for them ?
They are also a benefit to the client as they allow them to make changes to their website configuration instantly.
-
08-03-2002, 11:38 AM #12Newbie
- Join Date
- Aug 2002
- Posts
- 17
Originally posted by Shyne
CPanel is the last secure software out there. What kind of retard will say "I will hack you" if you have his contact info? Why don't you make a call to him.
I would block his IP block from the server.
how that retard can hack in ...
-
08-03-2002, 11:40 AM #13Web Hosting Master
- Join Date
- Jan 2002
- Location
- Scotland, UK
- Posts
- 2,688
Originally posted by izcryptman
how that retard can hack in ...
-
08-03-2002, 11:41 AM #14Newbie
- Join Date
- Aug 2002
- Posts
- 17
Originally posted by rochen
Because they are huge time savers on the part of the system administrator, which frees him up to go and secure the machine or have a game of golf
They are also a benefit to the client as they allow them to make changes to their website configuration instantly.
-
08-03-2002, 11:47 AM #15Newbie
- Join Date
- Aug 2002
- Posts
- 17
Originally posted by rochen
I hate to say, but that's not hacking if he already has access to the machine
but m glad u got what i meant ...
-
08-04-2002, 04:22 AM #16Newbie
- Join Date
- Jul 2002
- Posts
- 25
Regarding Prohacker's post:
You should always have some sense of paranoia when administrating a server even if you do have all the latest patches. You need to have layered security, meaning you can't just have the latest patches and a firewall and think you are okay.
I agree with Shyne although he could be really stupid and actually attempt to attack the server, so watch the system logs and the IDS logs (you have an IDS right?).
Simply blocking his IP will help but then again he could compromise another system and launch his/her attack from there.
If he has local access to the machine it absolutely does make it a lot easier for him to compromise the machine and it is technically still "hacking" (it's just local and not remote) even though that is not the correct term to use.
In the future you should also always be secured already and not have to secure your system for instances like this.
Although it seems unlikely for him/her to attack your server, you cannot just brush this threat off.
Good luckAffordable Hosting Solutions
CitadelHost.com
-
08-04-2002, 10:23 AM #17Junior Guru Wannabe
- Join Date
- Jul 2002
- Posts
- 39
He is threatening criminal activity, so treat him as someone who is threatening criminal activity. That's the core issue. Deal with the person here and the person may change his mind.
That being said, security is something that is often an afterthought, unfortunately. As someone else said, it is a layered approach. There is perimeter defense, intrusion detection, setting rights and permissions properly, using strong passwords, physical security, business continuity and distater planning, patching, having no more services than what is required, and I could go on. You're lucky--he was stupid enough to give you some warning--someone else may not.
-
08-04-2002, 11:24 PM #18Aspiring Evangelist
- Join Date
- Jul 2002
- Posts
- 433
Originally posted by justageek
He is threatening criminal activity, so treat him as someone who is threatening criminal activity. That's the core issue. Deal with the person here and the person may change his mind.
I would send some hired goons around to hack into him you do have his details? or at least a CC
-
08-05-2002, 12:08 AM #19Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
Its all about the backups....
Like CitadelHost said, you can apply as many patches and firewalls, which will help some, but won't stop them completely...
If the lamest script kiddie is determined enough to root your box, there is a good chance they will, the odds are really stacked against you...
Its hard to know every exploit for every piece of software on your box and to update all of it...
And the chain is as strong as its weakest link, one little hole will blow the entire thing...
So you gotta do remote or separate backups... Be sure to backup logs, IDS's are great, and keep the email and his info..
If anything does happen, it is an interstate crime, and prolly wouldn't be hard to prove $500+ loss of revenue because of it, so it would be a felony...
You might remind him/her that you do have their name and address and you are fully willing to notify the FBI...
After 9/11 the computer crimes division of the FBI has been seriously beefed up, so they generally look into more cases than they used too...Last edited by Mat Sumpter; 08-05-2002 at 04:22 PM.
-
08-05-2002, 01:09 PM #20Temporarily Suspended
- Join Date
- Oct 2000
- Location
- UK
- Posts
- 318
I thought it was $5000 in lossed revenue before criminal prosecution is taken?