Jump to content

Scanning For Security Errors

basilelias

By basilelias
in Security Discussions

 Share

Recommended Posts

basilelias Newbie

basilelias

Posted
Posted

I have a few sites hosted with TCH. One of them was pulled for AUP violations today because of eggdrops deposited through an unsecure IRC program. I was unaware of the problem until the site was pulled. Now I'm concerned. I was using Postnuke as a content management system and have that same system on another site. My other site doesn't have the chat module. I'm wondering if there's any way to scan my other sites for possible security breaches or violations. I don't want another site pulled without warning. I also don't want to have vulnerable sites out there.

 

Thanks.

Basil

MikeJ Veteran

MikeJ

Posted
Posted

Hey Basil,

 

It's difficult to go through all the code to look for vulnerabilities, especially in something as complex as a content management system like PostNuke. The best thing you can do is make sure the software you use is up to date and trusthworthy. Also monitor for disclosed security vulnerabilies (For example, monitor the products own website). But also keep up to date with any modules you add, and any other software you install. Many of the cases of compromised sites I see are largely due to site owners who don't keep their software up to date.

 

You can also watch your logfiles for suspicious activity (often there will be probes before the actual compromises, sometimes even days before), but unless you have experience going through them, that can be a tedious process.

 

And welcome to the forums.

TweezerMan Veteran

TweezerMan

Posted
Posted

Welcome to the forums, Basil! :)

 

Nothing IRC related is allowed on TCH servers, so if your postnuke chat module is the 'unsecure IRC program', it is hopefully removed now, and you won't replace it with any other IRC script.

 

As far as scanning your sites for vulnerabilities, 1) this is something that TCH generally does not do, and it would be difficult for anyone else to do so, 2) security is considered to be your responsibility, so it is ultimately up to you to make sure your sites are running secure scripts and have the latest security updates, and 3) scanning web sites is not a particularly effective means of detecting vulnerabilities, as you can only scan for known vulnerabilities. Even if your site passed such a scan today, there's no guarantee that there isn't a hidden flaw that no one has discovered yet and could be exploited in the future. :blink:

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...