Results 1 to 5 of 5
  1. #1
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    95

    Server Security Service?

    Im having a few issues with security,

    one of my main servers which hosts a few sites I think is insecure.
    or just 2.. of the sites hosted are insecure im unsure which.

    I have done the following:

    1. Changed root password (secure long including %$"! etc..)
    2. Changed each accounts passwords (secure long including %$"! etc..)
    3. Disabled Shell access
    4. Updated Software / Code
    5. Checked for Insecure Permissions

    to try and secure the server but it seems on one of the domains a hacker is still able to get in...

    Is there anyone or a company that specialise in server security and offer checking / improving security?

    If yes please contact me via PM or MSN: [email protected]

  2. #2
    Greetings:

    You've done several good layers of security. Additional layers would be mod_security from http://www.modsecurity.org/ with a good set of rules; a start set can be gotten from http://www.gotroot.com/

    You may also want to upgrade the end user web-applications, secure /tmp and /dev/shm and make sure packages you do not use on the server are uninstalled.

    That's just a small list of the additional layers that could be added.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  3. #3
    Join Date
    Dec 2005
    Posts
    3,077
    If you are looking for a specific company rather than tutorials, I reccomend you give Andy a shout over at www.servertune.com

    It's been quite a while since I have used them however they did an excellent job on a couple of servers for me.

  4. #4
    Join Date
    Dec 2007
    Location
    Nassau, Bahamas
    Posts
    19
    Greetings.

    To secure apache you should install mod_security and mod_evasive. For php security you should install suhosin. Check regularly for rootkits with chkrootkit and rkhunter. For shell access, secure your SSH by allowing certain IPs, disabling root logins, using keys etc. You should run a good log checker that gives you regular alerts of failed logins, malicious attacks etc.

    Regards,
    Richard.

  5. #5
    Join Date
    Oct 2006
    Posts
    371
    I would contact platinumservermanagement. We have them do their security thing on our servers when we first get them and the outcome is a safe server

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •