If a managed server is hacked ... who's at fault?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Peaches
    Old broad
    • Oct 2002
    • 13933

    #51
    Hacker's fault.

    Comment

    • borked
      Totally Borked
      • Feb 2005
      • 6284

      #52
      Originally posted by prodiac
      The best way to protect against that is to set your /tmp dir to be noexec, and link your other tmp directories there as well.

      So not only do you always want to make sure you have the latest updates of all scripts you are running, but you want to make sure your directory permissions are also secure, don't allow writing if it doesn't need to be. Be careful with setting stuff to 777, etc.
      Just to clarify this point - securing /tmp with noexec is not simply a chmod permissions command - /tmp needs to be chmod 0777 or things'll start going whacky. You need to mount /tmp with
      mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

      or something similar and have it constantly mounted with noexec from fstab.

      For coding work - hit me up on andy // borkedcoder // com
      (consider figuring out the email as test #1)



      All models are wrong, but some are useful. George E.P. Box. p202

      Comment

      • the alchemist
        Confirmed User
        • Dec 2004
        • 3271

        #53
        Originally posted by Peaches
        Hacker's fault.
        lol classic... but really, the answer is in the question, whoever's "managing" the server is at fault...
        264 349 400

        Comment

        • borked
          Totally Borked
          • Feb 2005
          • 6284

          #54
          Originally posted by the alchemist
          lol classic... but really, the answer is in the question, whoever's "managing" the server is at fault...
          How so????
          Like scannerX said - there is not a single server out there that is unhackable. The only ones which are unhackable afrom external sources re the ones unplugged from the internet.

          For coding work - hit me up on andy // borkedcoder // com
          (consider figuring out the email as test #1)



          All models are wrong, but some are useful. George E.P. Box. p202

          Comment

          • DamageX
            Marketing & Strategy
            • Jun 2001
            • 14293

            #55
            Originally posted by Chris
            i am not wanting a full 100% restore
            i want one domains file restored
            the domain had no scripts
            just a fwe html pages and about 200 images

            thats it
            nothing major...fuck all my other sites ... i was getting tired of baby sitting em just one site i want back
            archive.org
            Whitehat is for chumps

            If you don't do it, somebody else will - true story!

            Comment

            • borked
              Totally Borked
              • Feb 2005
              • 6284

              #56
              I've written a few HOWTOs over at SplitInfinity on a few "absolute musts" to securing your server....
              nothing there on firewalls, since everyone has their own flavour (you are running a firewall aren't you?)


              http://forums.splitinfinity.com/forumdisplay.php?f=7

              Even if your server is managed, have a looksie at the HowTo's and if there something in them that isn't implemented, ask your managed provider to get it sorted.

              This list is non-exhaustive and I'll be adding to the HowTo's, esp for security as and when, so check there regularly.

              Any questions, post in the forum, or hit me up on ICQ.

              I also do one-off hardening configs for $100 -if interested hit me up (this includes much more extensive hardening than those HowTo's, but over time, I'll be posting pretty much all the HowTo's so you can do it yourself if you're savvy enough!)

              For coding work - hit me up on andy // borkedcoder // com
              (consider figuring out the email as test #1)



              All models are wrong, but some are useful. George E.P. Box. p202

              Comment

              • ladida
                Confirmed User
                • Nov 2005
                • 2179

                #57
                There's so much more then what you wrote there.
                1. EXECUTE THE FOLLOWING COMMANDS TO HELP PREVENT UPLOADS OF EXPLOITS:

                chmod 0750 `which curl` 2>&-; chmod 0750 `which fetch` 2>&-; chmod 0750 `which wget` 2>&-
                curl/fetch/wget
                That's all? I can think of at least 5 more commands that would upload things, plus some 10 more ways to add it without uploading...
                agentGFY *at* gmail.com

                Comment

                • Chris
                  Too lazy to set a custom title
                  • May 2003
                  • 27880

                  #58
                  Originally posted by borked
                  I've written a few HOWTOs over at SplitInfinity on a few "absolute musts" to securing your server....
                  nothing there on firewalls, since everyone has their own flavour (you are running a firewall aren't you?)


                  http://forums.splitinfinity.com/forumdisplay.php?f=7

                  Even if your server is managed, have a looksie at the HowTo's and if there something in them that isn't implemented, ask your managed provider to get it sorted.

                  This list is non-exhaustive and I'll be adding to the HowTo's, esp for security as and when, so check there regularly.

                  Any questions, post in the forum, or hit me up on ICQ.

                  I also do one-off hardening configs for $100 -if interested hit me up (this includes much more extensive hardening than those HowTo's, but over time, I'll be posting pretty much all the HowTo's so you can do it yourself if you're savvy enough!)

                  thanks for bumping this
                  now i am going to get 100 more icq from hosting companys wanting to sell me shit


                  fuck.
                  [email protected]

                  Comment

                  • borked
                    Totally Borked
                    • Feb 2005
                    • 6284

                    #59
                    Originally posted by Chris
                    thanks for bumping this
                    now i am going to get 100 more icq from hosting companys wanting to sell me shit


                    fuck.
                    lol - sorry!

                    For coding work - hit me up on andy // borkedcoder // com
                    (consider figuring out the email as test #1)



                    All models are wrong, but some are useful. George E.P. Box. p202

                    Comment

                    • borked
                      Totally Borked
                      • Feb 2005
                      • 6284

                      #60
                      Originally posted by ladida
                      There's so much more then what you wrote there.

                      curl/fetch/wget
                      That's all? I can think of at least 5 more commands that would upload things, plus some 10 more ways to add it without uploading...
                      As it says - it HELPS
                      Adult websites are the most targetted sector. This was just a start to get a comprehensive security list together to help others.
                      So, hey, do us all a favour and add things to the threads I created

                      For coding work - hit me up on andy // borkedcoder // com
                      (consider figuring out the email as test #1)



                      All models are wrong, but some are useful. George E.P. Box. p202

                      Comment

                      • johnny o
                        Confirmed User
                        • Jul 2006
                        • 825

                        #61
                        i'm actually responsible, i'll try not to let it happen again.
                        http://candydreams.com
                        info[at]candydreams[dot]com

                        Comment

                        • GrouchyAdmin
                          Now choke yourself!
                          • Apr 2006
                          • 12085

                          #62
                          It depends to your level of management, but really, it's usually not directly applicable to the host.

                          For instance, if you are paying for a colocated server - most sites will install the basic OS, give you your IP list, and your root password. From there, it's all yours.

                          However, if you are paying for a managed host, you really need to see what their level of support is. Most 'managed' will monitor HTTP and do basic support, but not that many offer upgrades or updates beyond your initial install - some of them aren't even aware that they should update the OS, being that DirectAdmin/CPanel have the ability to update their specific Apache 1.3/PHP/etc support tools.

                          The closest experience to a fully managed system I've actually had was through a non-adult service, ICDSoft. They actually scanned all clients, and alerted those with phpBB2 to ensure they ran updates. It was surprising, being how cheap their services were. However, they DO NOT do adult, and I don't believe that they offer anything other than shared accounts at this time.

                          Sorry to hear you got hacked. It'd be interesting to know how they got in.

                          Comment

                          • ladida
                            Confirmed User
                            • Nov 2005
                            • 2179

                            #63
                            Originally posted by borked
                            As it says - it HELPS
                            Adult websites are the most targetted sector. This was just a start to get a comprehensive security list together to help others.
                            So, hey, do us all a favour and add things to the threads I created
                            Um, i was more pointing to the fact that you did a "half job", and when security is the concern, that does more harm, then helps. If you're gona cover one subject, cover it completelly, don't write half of it, because i can assure you, 70% of webmasters are gona read that, do what you said and think "okay, i disabled uploads, how in the hell did he get that exploit on server", and they'll lose time searching in the wrong direction.
                            agentGFY *at* gmail.com

                            Comment

                            • borked
                              Totally Borked
                              • Feb 2005
                              • 6284

                              #64
                              Originally posted by ladida
                              Um, i was more pointing to the fact that you did a "half job", and when security is the concern, that does more harm, then helps. If you're gona cover one subject, cover it completelly, don't write half of it, because i can assure you, 70% of webmasters are gona read that, do what you said and think "okay, i disabled uploads, how in the hell did he get that exploit on server", and they'll lose time searching in the wrong direction.

                              rcp, lynx, links, scp, nc, elinks, proxy, vbox, lwp, GET will all be added to the HowTO in due time.

                              It's not a half-assed job. It's work in progress, fuckwit.
                              Now, if you want to help others to help themsleves, add to the thread goddammit. 99% of the peopel who have servers here wouldn't know what to do. It's not easy putting up easy-to-follow instructions. So I did the basics and will update as and when I have the time.

                              For coding work - hit me up on andy // borkedcoder // com
                              (consider figuring out the email as test #1)



                              All models are wrong, but some are useful. George E.P. Box. p202

                              Comment

                              • Ange
                                Registered User
                                • Jan 2006
                                • 44

                                #65
                                it s the scripts fault

                                Comment

                                Working...