Results 1 to 24 of 24
  1. #1
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932

    Angry CliffSupport Server Hardening.

    CliffSupport has taught me a valuable lesson, if you want something done right you have to do it yourself. I ordered their Server Hardening package last night with the initial intent of getting a security audit done but didn't want the monthly plan so I chose the hardening service since the majority of the tasks they would perform were already done. I included some basic information and 1 request: disable password authentication when they were finished.

    So they started working on my VPS (I am glad I didn't have them work on my main node or my VPS with my client's sites on them)and I went to bed. I wake up to find my sites are unusable, exim broken, and I cannot access my server.

    Apparently, the disable_functions settings they were using conflicted with my live chat(LiveZilla), client management software (iPanel), and forums (MyBB)... which are the only 3 scripts my websites consist of.

    I notice that I had not received any e-mails during the 5 hours I slept and found in WHM that my mail queue was building up because of an incorrect placement of a "=" in the exim rules. I reverted the rules back to default (both deleting my own custom rules and the changes they made in the process) which allowed mail to flow freely again. Luckily I don't offer any type of SLA because while Exim was down I did not receive any system generated alerts and missed 8 time sensative support tickets.

    So after getting these resolved I try to login to SSH to find out what exactly is going on... but my SSH key is not letting me login. I open the sshd_config file in HyperVM after shutting down the VPS and find that they set both PasswordAuthentication = No and PermitRootLogin = No... considering root is the only active account on the server I really need it for SSH! Their response was that I requested to have passwords disabled so they disabled root login since they saw I had SSH keys setup.

    I opened a ticket and requested they revert all changes they made to which they edited the disable_functions and said everything was fixed. So I am now in the process of rebuilding the VPS from scratch after having to migrate my sites to another VPS. So yes, I just paid $25 to rebuild my VPS back to the state it was before spending the money with nothing to show for it except lost income, clients, sleep, and time.

    EDIT: Oh, and I forgot to mention that in the course of my migrating the accounts over I found out that their security hardening also includes disabling those "insecure" WHM backups. WTH?
    Last edited by ZKuJoe; 10-13-2009 at 06:32 PM. Reason: Added something.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  2. #2
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,861
    Quote Originally Posted by JWeb2 View Post
    CliffSupport has taught me a valuable lesson, if you want something done right you have to do it yourself.
    That, or find someone that knows what they're doing.

    I've never heard of the WHM backups being insecure, and I fail to see why they would be!

  3. #3
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Insecure whm backups? Wow.

    Did you get a refund for the poor work performed?

  4. #4
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Nope, no refund. But I did get a lot of apologies, at least they are taking responsibility for thier actions which is more than I could say for others I've dealt with.

    Oh, and calling the backups insecure was my form of sarcasm... I honestly have no idea why they disabled them and why they never told me or included it in their report.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  5. #5
    Join Date
    Apr 2005
    Location
    Cochin
    Posts
    2,452
    cliffsupport has a good reputation going and this is something uncharacteristic of them. Probably a bad day !!

  6. #6
    Join Date
    Aug 2008
    Location
    Right behind you.
    Posts
    410
    Yes true. Seen few positive reviews about them.

    May be bad luck crossed them yesterday.

  7. #7
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Unfortunately their "bad luck" required a complete rebuild of the VPS.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by JWeb2 View Post
    Unfortunately their "bad luck" required a complete rebuild of the VPS.
    I don't think a rebuild would have been needed. But it probably easier in your situation. In my experience a rebuild of a os is only needed when theres either a root compromise or an arch change from 32bit to 64bit.

    It's a cpanel vps, a few commands would have forced it to default settings so you could start configuring the configs the way you want them.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  9. #9
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    But the problem was with their vague report they provided I don't know what exact changes they had made so I could have continued running the server in hopes it would not have an adverse affect down the road once I started placing clients on it or rebuild it and sleep better at night. IMO it would have been irresponsible for me not to have rebuilt the VPS.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  10. #10
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by JWeb2 View Post
    But the problem was with their vague report they provided I don't know what exact changes they had made so I could have continued running the server in hopes it would not have an adverse affect down the road once I started placing clients on it or rebuild it and sleep better at night. IMO it would have been irresponsible for me not to have rebuilt the VPS.
    I disagree but that's okay
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  11. #11
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    Joe,

    The issue happened on your server because of the disabling of some vulnerable php functions on the server. Also I can see that you had requested "After hardening please disable Password Authentication for SSH". I have checked this with the technical department and confirmed they have disabled direct ssh access. Also they mentioned they saw ssh keys has been added in whm for certain machines, so they proceeded with this.

    I will request the sales department to give you a complete refund.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  12. #12
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    PasswordAuthentication = No and PermitRootLogin = No are 2 different things though and doesn't explain why my scheduled backups were disabled. I thank you for the refund and hope that this was just a mistake in communication.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  13. #13
    Rebuild was really not required but I think cliffsupport applied usual and standard way of hardening the server . But they should have tested the services after securing as sometimes sites or emails do have problems.
    www.24x7servermanagement.com
    Server Management, Server Security, Server Monitoring.
    India's Leading Managed Service Provider !! Skype: techs24x7

  14. #14
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    Usual and standard? How is locking the server owner out of the server and disabling backups "standard"?
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  15. #15
    Join Date
    Oct 2005
    Location
    Six Degrees From You
    Posts
    1,079
    Quote Originally Posted by JWeb2 View Post
    Usual and standard? How is locking the server owner out of the server and disabling backups "standard"?
    My first port of call is to add a new user, then I can disable direct root SSH access.

    Next time, before you turn a Linux server over to a security specialist, run
    Code:
    useradd [new user]
    passwd [new user]
    Then you can safely disable root.

  16. #16
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    No I can't, root is my only option. I can only login to my server via root, I have attempted to use other user accounts but they do not work with PuTTy and SSH keys for some reason (I have another thread about this).
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  17. #17
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by JWeb2 View Post
    No I can't, root is my only option. I can only login to my server via root, I have attempted to use other user accounts but they do not work with PuTTy and SSH keys for some reason (I have another thread about this).
    Future reference jweb2. if your sshd config ever gets damaged again you can do a safe restart of sshd with this in your web browser:

    http://your_server_ip:2086/scripts2/doautofixer?autofix=safesshrestart
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  18. #18
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by JWeb2 View Post
    No I can't, root is my only option. I can only login to my server via root, I have attempted to use other user accounts but they do not work with PuTTy and SSH keys for some reason (I have another thread about this).

    Odd that you can't get other user accounts to work. I use this daily, its no different then setting up the root key. What thread is this ?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  19. #19
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    I fixed the sshd_config by copying it over from another server since they are identical across all of my servers (luckily I use HyperVM so I always have access to the server even if it's "offline").

    As for the PuTTy issue, if you can figure it out it'd be greatly appreciated since nobody I've talked to can figure it out. It could just be my PC but I just did a complete rebuild to a new hard drive last week.
    http://www.webhostingtalk.com/showthread.php?t=896867
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  20. #20
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,681
    Quote Originally Posted by JWeb2 View Post
    I fixed the sshd_config by copying it over from another server since they are identical across all of my servers (luckily I use HyperVM so I always have access to the server even if it's "offline").

    As for the PuTTy issue, if you can figure it out it'd be greatly appreciated since nobody I've talked to can figure it out. It could just be my PC but I just did a complete rebuild to a new hard drive last week.
    http://www.webhostingtalk.com/showthread.php?t=896867
    is what your copying looking like this

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBS0mtpDceyr+c4iOX/5gjb4ybiKB6OtrsLZkDeuj52RSoEvAj2n40pp0qMatc1qiXDDBbHl8eS0ws4G2mQnWNt3godqf39uVR9GASl+ZnnbZrMBz8qXbbiWcVAS4aKtK+rfMj9h5TlzqgY8wzHwWKKd7fa7UB4T+SpZu9Z2p +pvQ== rsa-key-20091015
    ?
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  21. #21
    Join Date
    Feb 2007
    Location
    Florida
    Posts
    1,932
    I believe so, not at my PC right now so I cannot verify exactly but that looks like the keys I've been copying into authorized_keys.
    -Joe @ Secure Dragon LLC.
    + OpenVZ Powered by Wyvern | KVM | cPanel Hosting | Backup VPSs | LowEndBoxes | DDOS Protection
    + Florida | Colorado | Illinois | California | Oregon | Georgia | New Jersey | Arizona | Texas

  22. #22
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,889
    Quote Originally Posted by JWeb2 View Post
    I believe so, not at my PC right now so I cannot verify exactly but that looks like the keys I've been copying into authorized_keys.
    Have you try with authorized_keys2 instead of authorized_keys file for normal users?
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  23. #23
    Join Date
    May 2009
    Location
    India
    Posts
    59
    I suggest Rack911, Steven have really good no of happy clients
    GDesigns
    Visuals without walls
    http://gdesigns.in
    Developer | Designer | ASP.NET MVC developer in-progress

  24. #24
    Join Date
    Feb 2004
    Location
    USA
    Posts
    1,572
    I remember seeing your request for management on WHT, sorry to hear you had a bad experience i hope all goes well.

Similar Threads

  1. Replies: 0
    Last Post: 10-12-2009, 09:43 AM
  2. Replies: 0
    Last Post: 08-05-2009, 10:43 AM
  3. Replies: 0
    Last Post: 07-29-2009, 10:36 AM
  4. CliffSupport.com: !! LIMITED OFFER !!-- $25 for cpanel server management
    By david510 in forum Systems Management Offers
    Replies: 0
    Last Post: 07-15-2009, 10:25 AM
  5. CliffSupport.com: !! LIMITED OFFER !!-- $25 for complete server solution
    By david510 in forum Systems Management Offers
    Replies: 0
    Last Post: 07-08-2009, 10:13 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •