Is your site/server hackersafe?
 

We certainly hope so.

Is there a tool that you can scan your servers with and see if you have holes in your security?

LOL... the only way to guarantee you wont be hacked is to pull your power cord from the wall. this has been proven many times.

apart from that, make sure you have recent offsite backups to restore from.

I agree. And how about checking admin sections? Forgotten closures in htaccess files etc.. Any way to test those?

I'm thinking it should be easy to create though. Just a script that will scan all serverfiles/directories for easy access and print results.

You can hire someone like me to make suggestions, which are ignored or overruled, and when someone gets through by some script written in New Delhi that uses unsanitized requests to include functions or unescaped SQL... well..

No, there is no tool; there was one 12 years ago, and it's been outdated since it's release. There's far too many things that can be done, can go wrong, or can be fucked with.

Online port scanner :

http://www.t1shopper.com/tools/port-scanner/

Tomud

This is just to see how you're doing on your own pc, right?
I'm talking about something that GrouchyAdmin is talking about.

Try checking your /tmp folder or you could scan your /cgi-bin/ folders for unknown files (e.g. shell.cgi or 101image.cgi) MANUALLY.

Here are a few points to consider for server security;

- Make sure you have the most recent software (e.g. web script software, apache, php, ftp etc. etc.)
- Use mod_security (apache mod) (it's actually more effective then you'd think)
- Use .htaccess IP restriction in admin folders (If you have a static IP)
- in php.ini = safe_mode on / register_globals off
- enable open_basedir (you know why)

None of my sites have been hacked (i have some since early 2000) and never seen ANY of my site passwords floating around, BECAUSE i am also managing my own servers and don't let any fool touch my servers.

If you need any help let me know.

You can use GFI's Languard to scan your server for common vulnerabilities and run Chkrootkit to scan your files to check CRC's. Anything is possible these days.. like someone else said.. the only safe server is one that's unplugged. I've had my server rooted only once.. but that was enough.. have had game servers installed, httpds compromised and a phishing site setup... sendmail hacked.. etc.. if these fucking people want to get in your machine and they are good they will.

try

chkrootkit
and
rkhunter

those are fast server scanners to see if something is wrong

also learn to use lsof :)

The reason for that is because your sites are unpopular, not because you manage your servers.

You dont even know which adult sites i own. I've been in the scene for a while, maybe even too long :) Don't let my sig fool you, this is just my latest attempt to try to get into the softcore scene.

Then name them, but i'm 100% sure that if you were popular enough you'd be hacked several times by now, especially if you are that long on the scene since problems with security "back then" have been so abundant it's ridiculous.