How to "secure" server from hackers
My server keeps getting "you been hacked" pages uploaded and even mysql have been corrupted.
I'm not a good one when it comes to servers. :blush: What should I do?
Thanks.Hire a company that knows what they're doing. I've heard good things about Platinum Server Management (<!-- m --><a class="postlink" href="http://www.platinumservermanagement.com/">http://www.platinumservermanagement.com/</a><!-- m -->), although I haven't used them myself.Hire an administrator.Platinum Server Management should be able to do it for you, you can see a list of things they do on there site.Is it better to have a one time tweak or monthly management?Thanks.Well since you've indicated you're "not a good one when it comes to servers", I'd go with some type of ongoing management.If you do not have very much experience it's probably a good idea to have monthly management. There are always security upgrades that need to be put in place.There MIGHT be a simpler solution to this. What software/script are you using that keeps getting hacked?If you're using a PHP script those older ones get hacked all the time. Sometimes, upgrading to a new version or using a different script stops the hacking.In addition, do a password review and check your own PC you use to connect for trojans and keyboard/typing loggers. We had a client who used his login name as his password and kept wondering why he kept getting hacked. We couldn't figure it out until he told us what he used for his password. Make sure you're using a strong password...it'll be hard to remember but that's the point of it.If that doesn't work, then perhaps you can do as the others posting have said and get a management company. That's a good guarantee against hacking.Just in case you didn't get the message yet, hire a server management company.Software vendors are constantly releasing security updates and patches. If you are truly concerned about the security of your server, you need ongoing management. With one-time fixes, you are only as safe as the last update.Not only do you need management, you need proactive management.With monthly management, they update only when you ask them t
nly when they're proactive, do they do it without you submitting a support ticket.There's several companies that have some offers listed in the Systems Management Offers forum here (with proactive management, which I would also recommend) - check that out.I recommend you contact platinumservermanagement We have been using them for while now and we had our server hacked a few months ago they secured the server they fixed it up and now it is running smoothly. Now I can actually get some sleep.Use this forum as a resource. I'm sure there is someone qualified you can hire to manage your server(s).How to "secure" server from hackers
By disconnecting it...
Another vote for PSM here. They will harden the security for you.
Also recommend CSF/LFD (<!-- m --><a class="postlink" href="http://configserver.com/cp/csf.html">http://configserver.com/cp/csf.html</a><!-- m -->)Use phpsuexec, and it will solve alot of php injection hacks, which seem to be what you are facing.
Move to a semi-managed or fully-managed hosting company.
Sounds like phpsuexec would be a huge start for you, as I can bet you are running php as apache, which run php users as nobody, which leave you open to attacks.Use phpsuexec, and it will solve alot of php injection hacks, which seem to be what you are facing.Move to a semi-managed or fully-managed hosting company.Sounds like phpsuexec would be a huge start for you, as I can bet you are running php as apache, which run php users as nobody, which leave you open to attacks.Using phpsuexec may not be bad idea, but it alone is not going to help too much in the way of actually preventing exploits.mod_security, suhosin, open_basedir on other hand would be great.disable unnecessary functions in php.ini as well.How to "secure" server from hackers
My server keeps getting "you been hacked" pages uploaded and even mysql have been corrupted.
I'm not a good one when it comes to servers. :blush: What should I do?
Thanks.
You can never make your server so secure that someone can't hack it, but you can make your server secure enough to know when someone hacks your server or someone bad has got in.
Have you ever though about hiring someone to do your dirty work for you? You should and think about it if you dont have the best knowlage for cpanel ... try going to platinumservermanagement.com i use them and they are pretty darn good they will fully manage your cpanel server, do unlimited admin work for you, secure your server *a must*, all techs are usa based and they run 24 / 7 365.. they will also reboot your server if it goes down so you dont have to come home or get to a computer every time to talk to your provider and tell them to reboot it for you... all that is like only $29.00 a month.. they have a good reputation and have been in business for years its well worth it.I would recommend that you get a trustwave scan first to identify the "low hanging fruit" if you will. After you resolve all of those issues you need to look at your application and verify that your applications are not running under priviledged users and your web server does not allow write permissions to any web directories that are publicly accessible.ALWAYS check the software you're running for known exploits! You say you have a MySQL server running, this has many older exploits, for example - but there's a possibility you're running any amount of vulnerable software. Always check security websites for exploits and patch as necessary. Alternatively just keep all of your software up to date, and run a firewall which will block all except reverse-shell connect payloads (and will stop many of the skiddies).Its not so much securing your server, its the software/scripts you need to keep up to date. I'm sure others have said this but it needs to be said again!Unplug it, that'll show them.They will come with a evil boot disk!
My server keeps getting "you been hacked" pages uploaded and even mysql have been corrupted.
I'm not a good one when it comes to servers. :blush: What should I do?
Thanks.Hire a company that knows what they're doing. I've heard good things about Platinum Server Management (<!-- m --><a class="postlink" href="http://www.platinumservermanagement.com/">http://www.platinumservermanagement.com/</a><!-- m -->), although I haven't used them myself.Hire an administrator.Platinum Server Management should be able to do it for you, you can see a list of things they do on there site.Is it better to have a one time tweak or monthly management?Thanks.Well since you've indicated you're "not a good one when it comes to servers", I'd go with some type of ongoing management.If you do not have very much experience it's probably a good idea to have monthly management. There are always security upgrades that need to be put in place.There MIGHT be a simpler solution to this. What software/script are you using that keeps getting hacked?If you're using a PHP script those older ones get hacked all the time. Sometimes, upgrading to a new version or using a different script stops the hacking.In addition, do a password review and check your own PC you use to connect for trojans and keyboard/typing loggers. We had a client who used his login name as his password and kept wondering why he kept getting hacked. We couldn't figure it out until he told us what he used for his password. Make sure you're using a strong password...it'll be hard to remember but that's the point of it.If that doesn't work, then perhaps you can do as the others posting have said and get a management company. That's a good guarantee against hacking.Just in case you didn't get the message yet, hire a server management company.Software vendors are constantly releasing security updates and patches. If you are truly concerned about the security of your server, you need ongoing management. With one-time fixes, you are only as safe as the last update.Not only do you need management, you need proactive management.With monthly management, they update only when you ask them t
nly when they're proactive, do they do it without you submitting a support ticket.There's several companies that have some offers listed in the Systems Management Offers forum here (with proactive management, which I would also recommend) - check that out.I recommend you contact platinumservermanagement We have been using them for while now and we had our server hacked a few months ago they secured the server they fixed it up and now it is running smoothly. Now I can actually get some sleep.Use this forum as a resource. I'm sure there is someone qualified you can hire to manage your server(s).How to "secure" server from hackersBy disconnecting it...
Another vote for PSM here. They will harden the security for you.
Also recommend CSF/LFD (<!-- m --><a class="postlink" href="http://configserver.com/cp/csf.html">http://configserver.com/cp/csf.html</a><!-- m -->)Use phpsuexec, and it will solve alot of php injection hacks, which seem to be what you are facing.
Move to a semi-managed or fully-managed hosting company.
Sounds like phpsuexec would be a huge start for you, as I can bet you are running php as apache, which run php users as nobody, which leave you open to attacks.Use phpsuexec, and it will solve alot of php injection hacks, which seem to be what you are facing.Move to a semi-managed or fully-managed hosting company.Sounds like phpsuexec would be a huge start for you, as I can bet you are running php as apache, which run php users as nobody, which leave you open to attacks.Using phpsuexec may not be bad idea, but it alone is not going to help too much in the way of actually preventing exploits.mod_security, suhosin, open_basedir on other hand would be great.
disable unnecessary functions in php.ini as well.How to "secure" server from hackersMy server keeps getting "you been hacked" pages uploaded and even mysql have been corrupted.
I'm not a good one when it comes to servers. :blush: What should I do?
Thanks.
You can never make your server so secure that someone can't hack it, but you can make your server secure enough to know when someone hacks your server or someone bad has got in.
Have you ever though about hiring someone to do your dirty work for you? You should and think about it if you dont have the best knowlage for cpanel
... try going to platinumservermanagement.com i use them and they are pretty darn good they will fully manage your cpanel server, do unlimited admin work for you, secure your server *a must*, all techs are usa based and they run 24 / 7 365.. they will also reboot your server if it goes down so you dont have to come home or get to a computer every time to talk to your provider and tell them to reboot it for you... all that is like only $29.00 a month.. they have a good reputation and have been in business for years its well worth it.I would recommend that you get a trustwave scan first to identify the "low hanging fruit" if you will. After you resolve all of those issues you need to look at your application and verify that your applications are not running under priviledged users and your web server does not allow write permissions to any web directories that are publicly accessible.ALWAYS check the software you're running for known exploits! You say you have a MySQL server running, this has many older exploits, for example - but there's a possibility you're running any amount of vulnerable software. Always check security websites for exploits and patch as necessary. Alternatively just keep all of your software up to date, and run a firewall which will block all except reverse-shell connect payloads (and will stop many of the skiddies).Its not so much securing your server, its the software/scripts you need to keep up to date. I'm sure others have said this but it needs to be said again!Unplug it, that'll show them.They will come with a evil boot disk!