The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tired of hackers

Discussion in 'General Discussion' started by alexd, Oct 20, 2005.

  1. alexd

    alexd Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Hi:

    I'm tired of security holes in PHP scripts of my customers.
    I'm tired of that holes makes system to start UDP attacks to other systems.

    Is there any solution ? Is there any restrictive rules to prevent this ?

    I'm open to ANYTHING

    I have test so many things (monitors, nessus-like software, mod_security and other mods)... Please.. i'm open !!!

    Suggestions ? Maybe i do not know the existence of a super software that everybody uses ;)
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Addressing security issues is one of those cases where "an ounce of prevention is worth a pound of cure". A hacker could do untold damage if they get into your system or network. And because hackers learn their trade in underground electronic communities, if one finds a way into your system you can bet that they'll let everyone else know about it.

    Insecure scripts can be used as a back door to access your server, regardless. You need to patch and then upgrade these scripts. In addition, unless you have good set of rules and your applications including mod_security and other firewalls are configured properly, your server will be an open gate to hackers and spammers.
     
  3. alexd

    alexd Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    is there any "blocker" of mass outgoing traffic ?

    i mean

    most of out-attacks from a compromised host run through DNS port.
    is there any way to detect a massive outgoing traffic through that port ?

    because obviously you can not disable it :P
     
  4. Myacen

    Myacen Well-Known Member

    Joined:
    Apr 6, 2002
    Messages:
    222
    Likes Received:
    0
    Trophy Points:
    16
    Hire a system administrator.
     
  5. alexd

    alexd Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    seriously... :)

    maybe some program that detects a sudden growth of outgoing traffic...
     
  6. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    APF with egress filtering.
     
  7. netwrkr

    netwrkr Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    No 'magic' security bullet exists. Typically the best approach is by layering multiple security features and hopefully through more trial and error you will come up with a workable solution that will mitigate the majority of issues you've experienced.

    Some quick suggestions:

    APF
    tcpwrappers
    noexec /var/tmp and /tmp
    remove /dev/shm from /etc/fstab
    mod_security <--research rules others have successfully used on this forum
    strong passwords
    PHP Openbase_dir protection
    PHP suexec
    change permissions on your compilers
    Don't permit ssh (even jailshell) access

    etc etc.

    It's not an easy task, nor something you can do once and forget about it.

    Hope that helps.

    Tom
     
  8. alexd

    alexd Well-Known Member
    PartnerNOC

    Joined:
    Dec 30, 2003
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    i can not believe there's no program like that.

    Ok to that security patches, or to try to fix security holes...
    but what i mean is... ONCE hackers have compromised the server...

    is there any tool to detect a sudden grow of traffic in any port ?

    something like bwm-ng...
    but bwm-ng does not ALARM when some K'b is reached .... :P
     
Loading...

Share This Page