Naughty

We certainly hope so.

Is there a tool that you can scan your servers with and see if you have holes in your security?

__________________
seks.ai for sale - ping me

TidalWave

LOL... the only way to guarantee you wont be hacked is to pull your power cord from the wall. this has been proven many times.

apart from that, make sure you have recent offsite backups to restore from.

__________________
www.SwiftNode.com

Naughty

I agree. And how about checking admin sections? Forgotten closures in htaccess files etc.. Any way to test those?

__________________
seks.ai for sale - ping me

Naughty

I'm thinking it should be easy to create though. Just a script that will scan all serverfiles/directories for easy access and print results.

__________________
seks.ai for sale - ping me

GrouchyAdmin

You can hire someone like me to make suggestions, which are ignored or overruled, and when someone gets through by some script written in New Delhi that uses unsanitized requests to include functions or unescaped SQL... well..

No, there is no tool; there was one 12 years ago, and it's been outdated since it's release. There's far too many things that can be done, can go wrong, or can be fucked with.

__________________

GrouchyAdmin

find / -type f -exec echo {} "is probably not safe." \;

__________________

tomud

Online port scanner :

http://www.t1shopper.com/tools/port-scanner/

Tomud

__________________

ICQ: 160168237

Naughty

This is just to see how you're doing on your own pc, right?
I'm talking about something that GrouchyAdmin is talking about.

__________________
seks.ai for sale - ping me

cem

Try checking your /tmp folder or you could scan your /cgi-bin/ folders for unknown files (e.g. shell.cgi or 101image.cgi) MANUALLY.

Here are a few points to consider for server security;

- Make sure you have the most recent software (e.g. web script software, apache, php, ftp etc. etc.)
- Use mod_security (apache mod) (it's actually more effective then you'd think)
- Use .htaccess IP restriction in admin folders (If you have a static IP)
- in php.ini = safe_mode on / register_globals off
- enable open_basedir (you know why)

None of my sites have been hacked (i have some since early 2000) and never seen ANY of my site passwords floating around, BECAUSE i am also managing my own servers and don't let any fool touch my servers.

If you need any help let me know.

thonglife

You can use GFI's Languard to scan your server for common vulnerabilities and run Chkrootkit to scan your files to check CRC's. Anything is possible these days.. like someone else said.. the only safe server is one that's unplugged. I've had my server rooted only once.. but that was enough.. have had game servers installed, httpds compromised and a phishing site setup... sendmail hacked.. etc.. if these fucking people want to get in your machine and they are good they will.

PussyTeenies

try

chkrootkit
and
rkhunter

those are fast server scanners to see if something is wrong

also learn to use lsof

__________________
Need adult hosting?

Contact us!
WARM Hosting

Need an IT solution? or someone to check your site and security? Nossie - IT Professional

ladida

The reason for that is because your sites are unpopular, not because you manage your servers.

__________________
agentGFY *at* gmail.com

cem

You dont even know which adult sites i own. I've been in the scene for a while, maybe even too long Don't let my sig fool you, this is just my latest attempt to try to get into the softcore scene.

ladida

Then name them, but i'm 100% sure that if you were popular enough you'd be hacked several times by now, especially if you are that long on the scene since problems with security "back then" have been so abundant it's ridiculous.

__________________
agentGFY *at* gmail.com