Results 1 to 24 of 24
Thread: CliffSupport Server Hardening.
-
10-13-2009, 06:25 PM #1Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
CliffSupport Server Hardening.
CliffSupport has taught me a valuable lesson, if you want something done right you have to do it yourself. I ordered their Server Hardening package last night with the initial intent of getting a security audit done but didn't want the monthly plan so I chose the hardening service since the majority of the tasks they would perform were already done. I included some basic information and 1 request: disable password authentication when they were finished.
So they started working on my VPS (I am glad I didn't have them work on my main node or my VPS with my client's sites on them)and I went to bed. I wake up to find my sites are unusable, exim broken, and I cannot access my server.
Apparently, the disable_functions settings they were using conflicted with my live chat(LiveZilla), client management software (iPanel), and forums (MyBB)... which are the only 3 scripts my websites consist of.
I notice that I had not received any e-mails during the 5 hours I slept and found in WHM that my mail queue was building up because of an incorrect placement of a "=" in the exim rules. I reverted the rules back to default (both deleting my own custom rules and the changes they made in the process) which allowed mail to flow freely again. Luckily I don't offer any type of SLA because while Exim was down I did not receive any system generated alerts and missed 8 time sensative support tickets.
So after getting these resolved I try to login to SSH to find out what exactly is going on... but my SSH key is not letting me login. I open the sshd_config file in HyperVM after shutting down the VPS and find that they set both PasswordAuthentication = No and PermitRootLogin = No... considering root is the only active account on the server I really need it for SSH! Their response was that I requested to have passwords disabled so they disabled root login since they saw I had SSH keys setup.
I opened a ticket and requested they revert all changes they made to which they edited the disable_functions and said everything was fixed. So I am now in the process of rebuilding the VPS from scratch after having to migrate my sites to another VPS. So yes, I just paid $25 to rebuild my VPS back to the state it was before spending the money with nothing to show for it except lost income, clients, sleep, and time.
EDIT: Oh, and I forgot to mention that in the course of my migrating the accounts over I found out that their security hardening also includes disabling those "insecure" WHM backups. WTH?Last edited by ZKuJoe; 10-13-2009 at 06:32 PM. Reason: Added something.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-13-2009, 06:47 PM #2Web Hosting Master
- Join Date
- Apr 2007
- Location
- United Kingdom
- Posts
- 1,861
That, or find someone that knows what they're doing.
I've never heard of the WHM backups being insecure, and I fail to see why they would be!
-
10-13-2009, 06:57 PM #3Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Insecure whm backups? Wow.
Did you get a refund for the poor work performed?
-
10-13-2009, 07:18 PM #4Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Nope, no refund. But I did get a lot of apologies, at least they are taking responsibility for thier actions which is more than I could say for others I've dealt with.
Oh, and calling the backups insecure was my form of sarcasm... I honestly have no idea why they disabled them and why they never told me or included it in their report.-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-13-2009, 07:54 PM #5Disabled
- Join Date
- Apr 2005
- Location
- Cochin
- Posts
- 2,452
cliffsupport has a good reputation going and this is something uncharacteristic of them. Probably a bad day !!
-
10-13-2009, 08:24 PM #6Disabled
- Join Date
- Aug 2008
- Location
- Right behind you.
- Posts
- 410
Yes true. Seen few positive reviews about them.
May be bad luck crossed them yesterday.
-
10-13-2009, 10:03 PM #7Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Unfortunately their "bad luck" required a complete rebuild of the VPS.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-13-2009, 10:37 PM #8Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
I don't think a rebuild would have been needed. But it probably easier in your situation. In my experience a rebuild of a os is only needed when theres either a root compromise or an arch change from 32bit to 64bit.
It's a cpanel vps, a few commands would have forced it to default settings so you could start configuring the configs the way you want them.Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
10-13-2009, 11:01 PM #9Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
But the problem was with their vague report they provided I don't know what exact changes they had made so I could have continued running the server in hopes it would not have an adverse affect down the road once I started placing clients on it or rebuild it and sleep better at night. IMO it would have been irresponsible for me not to have rebuilt the VPS.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-14-2009, 12:30 AM #10Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
10-14-2009, 05:14 AM #11Web Hosting Master
- Join Date
- Oct 2004
- Location
- Kerala, India
- Posts
- 4,771
Joe,
The issue happened on your server because of the disabling of some vulnerable php functions on the server. Also I can see that you had requested "After hardening please disable Password Authentication for SSH". I have checked this with the technical department and confirmed they have disabled direct ssh access. Also they mentioned they saw ssh keys has been added in whm for certain machines, so they proceeded with this.
I will request the sales department to give you a complete refund.David | www.cliffsupport.com
Affordable Server Management Solutions sales AT cliffsupport DOT com
CliffWebManager | Access WHM from iPhone and Android
-
10-14-2009, 07:14 PM #12Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
PasswordAuthentication = No and PermitRootLogin = No are 2 different things though and doesn't explain why my scheduled backups were disabled. I thank you for the refund and hope that this was just a mistake in communication.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-15-2009, 02:11 AM #13Web Hosting Master
- Join Date
- Oct 2007
- Posts
- 2,349
Rebuild was really not required but I think cliffsupport applied usual and standard way of hardening the server . But they should have tested the services after securing as sometimes sites or emails do have problems.
www.24x7servermanagement.com
Server Management, Server Security, Server Monitoring.
India's Leading Managed Service Provider !! Skype: techs24x7
-
10-15-2009, 02:16 AM #14Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
Usual and standard? How is locking the server owner out of the server and disabling backups "standard"?
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-15-2009, 05:04 PM #15Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
-
10-15-2009, 06:59 PM #16Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
No I can't, root is my only option. I can only login to my server via root, I have attempted to use other user accounts but they do not work with PuTTy and SSH keys for some reason (I have another thread about this).
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-15-2009, 07:55 PM #17Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
10-15-2009, 07:56 PM #18Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
10-15-2009, 08:02 PM #19Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
I fixed the sshd_config by copying it over from another server since they are identical across all of my servers (luckily I use HyperVM so I always have access to the server even if it's "offline").
As for the PuTTy issue, if you can figure it out it'd be greatly appreciated since nobody I've talked to can figure it out. It could just be my PC but I just did a complete rebuild to a new hard drive last week.
http://www.webhostingtalk.com/showthread.php?t=896867-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-15-2009, 08:14 PM #20Problem Solver
- Join Date
- Mar 2003
- Location
- California USA
- Posts
- 13,681
Steven Ciaburri | Industry's Best Server Management - Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
-
10-15-2009, 08:20 PM #21Total Nerd
- Join Date
- Feb 2007
- Location
- Florida
- Posts
- 1,932
I believe so, not at my PC right now so I cannot verify exactly but that looks like the keys I've been copying into authorized_keys.
-Joe @ Secure Dragon LLC.
+ OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
+ Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas
-
10-18-2009, 10:47 AM #22Retired Moderator
- Join Date
- Jul 2001
- Location
- Singapore
- Posts
- 1,889
Giam Teck Choon
:: Join choon.net Community today to share your tips and tricks on server issues please ::
:: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::
-
10-18-2009, 01:15 PM #23Junior Guru Wannabe
- Join Date
- May 2009
- Location
- India
- Posts
- 59
I suggest Rack911, Steven have really good no of happy clients
██ GDesigns
██ Visuals without walls
██ http://gdesigns.in
██ Developer | Designer | ASP.NET MVC developer in-progress
-
10-18-2009, 01:38 PM #24Temporarily Suspended
- Join Date
- Feb 2004
- Location
- USA
- Posts
- 1,572
I remember seeing your request for management on WHT, sorry to hear you had a bad experience i hope all goes well.
Similar Threads
-
CliffSupport.com: !! LIMITED OFFER !! -- 50% Discount for server hardening
By david510 in forum Systems Management OffersReplies: 0Last Post: 10-12-2009, 09:43 AM -
CliffSupport.com: !! LIMITED OFFER !!-- 50% Discount for linux server hardening
By david510 in forum Systems Management OffersReplies: 0Last Post: 08-05-2009, 10:43 AM -
CliffSupport.com: !! LIMITED OFFER !!-- 50% Discount for linux server hardening
By david510 in forum Systems Management OffersReplies: 0Last Post: 07-29-2009, 10:36 AM -
CliffSupport.com: !! LIMITED OFFER !!-- $25 for cpanel server management
By david510 in forum Systems Management OffersReplies: 0Last Post: 07-15-2009, 10:25 AM -
CliffSupport.com: !! LIMITED OFFER !!-- $25 for complete server solution
By david510 in forum Systems Management OffersReplies: 0Last Post: 07-08-2009, 10:13 AM