23.Feb.2011 How Was My Server Hacked?
With the advent of virtual computing or more commonly referred to these days as cloud hosting, it’s possible for more people to run ‘full’ servers as the costs have come down. Frequently these servers are Linux servers of one flavour or another depending on the experience of the user.
Virtual platforms deploy ‘servers’ as default (and sometimes outdated) systems. Whilst these systems are set up for ease of use they are not set up for security. Mainly this is because each situation that someone may want a server for is different. There is no magic bullet or blanket ruleset in terms of securing a server.
With Linux in mind there are common issues that contribute to the insecurity of a server.
- Old or insecure daemons that have not been updated
- Weak access passwords and methodology
- Users
In terms of common hacks these days it’s really the last two points that have most relevance.
Users are a necessary evil. They require access to the system but there needs to be a balance between functionality and security. As expected, users want maximum functionality whilst admins want maximum security.
Common issues caused by users are the flipside of this article namely the security of the users themselves and what attackers can upload to your system with user permissions. For example, an attacker could upload a freely available php shell script, and if web accessible this gives the attacker a command line prompt to your system with webserver permissions. Of course, this should be locked down aswell but there are many systems that (incorrectly, of course) run their webservers as the root user.
The methodology of the server setup is another common stumbling block. Do the users need shell access? Who needs superuser access apart from the owner? Do you allow superuser access from anywhere, on the standard default ports?
For example, we recently set up a virtual server on a brand new allocated IP address and left direct root access open. Within 30 minutes there were authentication attempts from random IP addresses trying to guess the root password, and also no doubt probing for insecurities in the authentication daemon (OpenSSH in this case). Bots are scanning vast ranges of IP addresses all the time.
How Much Does It Cost For Salvage My Site to help?
Call us on 01204 371037 or email us to see if we can help you.
| Duration | Price |
| Per Hour (Mon-Fri 9am-5pm) | £60 |
| Per Half-Day (Mon-Fri 4hours) | £210 |
| Per Full-Day (Mon-Fri 8hours) | £400 |
| Per Hour (Non-working hours outside 9am-5pm Mon-Fri) | £120 |
| *All prices are exclusive of VAT at the prevailing rate. | |
SalvageMySite is a subsidiary of 3DPixel Ltd. Company #04721309 | Vat:876 4611 93
Suite 12, 1-3 The Courtyard
Bolton, Lancashire, BL1 8PB
01204371037
United Kingdom