nobaloney
NoBaloney Internet Svcs - In Memoriam †
I agree, which is why posts need to be helpful, or the thread can be closed and the next one might end up being helpful.
Jeff
Jeff
How do you secure your DirectAdmin server(s)?
- Thread starter questions
- Start date
clubhost
Verified User
I've just been reading through this thread and I find it rather unnerving that people are so quick to shoot down with the use the "search" or google it response.
In fast moving low tech discussion forums it's not an unreasonable response because sometimes a response can be quicker than searching through it all, but in here responses are not usually that quick and thus most people before posting would do a search before posting because it's usually quicker than waiting for a reply.
ALSO, has the posters that responded that they should use the search actually tried it themselves? if they had they would realise most of the results are very dated, which is most likely why this thread was created.
Sure there are old threads with with howto's and some checklists, etc, what's wrong with them being updated?
Jlasman, I don't think anyone would question your level of experience here, I value your contribution the directadmin community here very highly, your posts have helped me greatly in the past, but I do need to say that (please don't take this the wrong way) I found your posts in this thread a little condescending to what I felt was a genuine and reasonable enquiry.
Maybe if people don't want to post links to Howto's or software packages, then maybe instead they could post links to reading material that would put them in the right direction. Let's be positive and helpful. Negativity just spreads negativity and hackers create enough of that already.
Cheers
Brian.
In fast moving low tech discussion forums it's not an unreasonable response because sometimes a response can be quicker than searching through it all, but in here responses are not usually that quick and thus most people before posting would do a search before posting because it's usually quicker than waiting for a reply.
ALSO, has the posters that responded that they should use the search actually tried it themselves? if they had they would realise most of the results are very dated, which is most likely why this thread was created.
Sure there are old threads with with howto's and some checklists, etc, what's wrong with them being updated?
Jlasman, I don't think anyone would question your level of experience here, I value your contribution the directadmin community here very highly, your posts have helped me greatly in the past, but I do need to say that (please don't take this the wrong way) I found your posts in this thread a little condescending to what I felt was a genuine and reasonable enquiry.
Maybe if people don't want to post links to Howto's or software packages, then maybe instead they could post links to reading material that would put them in the right direction. Let's be positive and helpful. Negativity just spreads negativity and hackers create enough of that already.
Cheers
Brian.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I just reread my posts to this thread, and I don't see them as condescending. Yes, the inquiry is genuine and reasonable.
The problem for me, and perhaps for others, is that I'm not willing to give anything other than very generic responses to security questions on a forum; someone will inevitably find them later (probably through Google), perhaps take them out of context, and perhaps even blame me if my security suggestions don't completely protect them.
We don't consider ourselves security experts, but we do offer some security services, ranging from updating services and removing unnecessary daemons to pci compliance. That's, however, less generic, more open to misunderstanding, and more open to leading people in the wrong direction when taken out of context.
I certainly have my bad days, but the posts I've written in this thread don't seem to me to be indicative of bad days.
Jeff
The problem for me, and perhaps for others, is that I'm not willing to give anything other than very generic responses to security questions on a forum; someone will inevitably find them later (probably through Google), perhaps take them out of context, and perhaps even blame me if my security suggestions don't completely protect them.
We don't consider ourselves security experts, but we do offer some security services, ranging from updating services and removing unnecessary daemons to pci compliance. That's, however, less generic, more open to misunderstanding, and more open to leading people in the wrong direction when taken out of context.
I certainly have my bad days, but the posts I've written in this thread don't seem to me to be indicative of bad days.
Jeff
Jeff,
Do you limit the kind of php system commands are available to your hosted customers? The biggest threat I've seen is uploading shell type scripts like r57.php and c99 and other back door perl scripts. This happens when a hacker buys your service or when a customer has an unsecured script like Wordpress/Joomla or WHMCS.
My opinion is that there is no way to keep all hackers out.
Do you limit the kind of php system commands are available to your hosted customers? The biggest threat I've seen is uploading shell type scripts like r57.php and c99 and other back door perl scripts. This happens when a hacker buys your service or when a customer has an unsecured script like Wordpress/Joomla or WHMCS.
My opinion is that there is no way to keep all hackers out.
clubhost
Verified User
WHMCS unsecured? What do you recommend?
zEitEr
Super Moderator
@questions,
Let me answer the question.
You might want to run
as it will disable some dangerous PHP functions as
and PHP shells will be almost useless.
Also, use maldet to find web shells.
Let me answer the question.
You might want to run
Code:
cd /usr/local/directadmin/custombuild
./build secure_phpas it will disable some dangerous PHP functions as
Code:
exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_sourceand PHP shells will be almost useless.
Also, use maldet to find web shells.
zEitEr
Super Moderator
Read this http://www.directadmin.com/forum/showthread.php?t=42688&highlight=WHMCS
Is your WHMCS patched or updated to the latest release? If so, you might be calm for some time.
NoBaloney2
NoBaloney Internet Svcs.
You're correct, of course. And it's not only your opinion, it's likely true.
Your specific questions have already been answered by others; I concur with the replies so there's no need to answer them myself.
Jeff