arvind Posted April 16, 2004 Share Posted April 16, 2004 How would you prevent as an owner of your account what happened here. Reading that thread left me a bit worried that one day I might wake up with my account deleted through no fault of my own. Are there certain things were can implement ? Quote Link to comment Share on other sites More sharing options...
Deverill Posted April 16, 2004 Share Posted April 16, 2004 Sure there are things we can do. One thing is to never try out any "security programs" out of curiosity or any other reason. If things are restricted here it's for a reason (like shell access) and if we install programs that try to go around those restrictions we are begging to get kicked out. Another is to have a great password on everything, including the ftp accounts we set up. A great password is not in the dictionary, not easy to guess, not too short, not only numbers or only letters. If we set our password to our dog's name then we're begging to be hacked. An excellent thing to do is to make sure your server is always up to date with the latest security patches. Even Linux has mistakes or oversights that occasionally make it vulnerable. Bill and the techs here are all over these updates! I suspect that's why they had to do the emergency kernel updates mentioned in another thread because a vulnerability was found and patched. We have great servers and uptime here since they do these kinds of updates - a hacked system is usually down a long time. If you install third party software then pick only the best quality ones and watch for updates from the creators. Things like phbbb and other forums, chats, etc. can open the door to hackers if they have problems so make sure you always keep an eye on the support forums and security announcements from the makers of the software. A basic system with good passwords is not going to get hacked. One with "password" as the password or buggy forum software probably will. Check your logs and you'll probably find 401 - Not Found errors for formmail and other known-exploitable software. These guys are out there looking for sites that are weak so we have to be sure we don't open the door. In a few words, don't get lazy. I hope this helps and will put your mind a bit at ease. Quote Link to comment Share on other sites More sharing options...
Head Guru Posted April 16, 2004 Share Posted April 16, 2004 If you believe what crossma posted in that thread, I have some property I can sell you really cheap. Another words, do not believe every word someone posts on these forums. Is it possible for you account to be hacked. Sure it is. The PC your sitting behind reading this post can be hacked just as easily. There are many things you can do to keep your account secure. Here are just a few... 1. Use very strong passwords. 2. Change the passwords OFTEN! 3. Only use https to connect to your cpanel/whm. 4. Do no upload ANY scripts unless you fully understand them and know how they work. 5. Secure your site using .htaccess to stop directory browsing. 6. Never give FTP access to someone you dont know and fully trust. 7. Beware of email users. 8. Never allow anon ftp access. 9. Did I say dont upload scripts? Look, the bottom line is this. Crossma or someone with access to his account and personal computer got caught attempting to cover his tracks after doing some potentialy bad things. We host 20,000 clients and this is a first for us. I do not make it a habbit to kick a user out. We did a complete investigation on this user. Including tracing his IP address back to his ISP. There are no questions in our mind that he was the one behind the attempted hack attempts. Thanks Quote Link to comment Share on other sites More sharing options...
arvind Posted April 16, 2004 Author Share Posted April 16, 2004 Right thanks ! Rock Sign Quote Link to comment Share on other sites More sharing options...
boxturt Posted April 16, 2004 Share Posted April 16, 2004 Very timely. Thanks for the question and the responses. Quote Link to comment Share on other sites More sharing options...
kaseytraeger Posted April 16, 2004 Share Posted April 16, 2004 Thank you, HG, for clarifying this issue. Like arvind2100, I was concerned about someone gaining access to my account and having my account suspended and legal/authoritative action being taken against me. But of the things on your list, I do most of them, except that TCH-Lisa just two days ago helped me install MovableType, so I guess I just installed a third party script. However, MT is a fairly well-known and trusted script, so I'm hoping that it's reliability and trustworthiness makes my site safer than if I had installed "Joe's Blogging Software." I do have a few questions some of your suggestions. I'll reprint them here for easy reference: 1. Use very strong passwords.2. Change the passwords OFTEN! 3. Only use https to connect to your cpanel/whm. 4. Do no upload ANY scripts unless you fully understand them and know how they work. 5. Secure your site using .htaccess to stop directory browsing. 6. Never give FTP access to someone you dont know and fully trust. 7. Beware of email users. 8. Never allow anon ftp access. 9. Did I say dont upload scripts? For item #3, "only use https to connect to your cpanel/whm", I'm not sure how to do this. When I access my site, I'm just using www.mysite.com/cpanel. I don't think this is https. Do I need to access my cpanel with the following command? https://www.mysite.com/cpanel For item #5: cPanel has a feature that blocks direct access to any file or folder that has been locked. Is this as effective as using .htaccess to stop directory browsing? If not, does anyone know of a good tutorial that outlines how to use .htaccess to stop directory browsing? Thanks, everyone. Thumbs Up Happy Friday! Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted April 16, 2004 Share Posted April 16, 2004 (edited) For item #3, "only use https to connect to your cpanel/whm", I'm not sure how to do this. When I access my site, I'm just using www.mysite.com/cpanel. I don't think this is https. Do I need to access my cpanel with the following command?https://www.mysite.com/cpanel Kasey, using https instead of http will give you a secure connection to the server. So yes, access would be https://yoursite.com/cpanel Edited April 16, 2004 by TCH-Bruce Quote Link to comment Share on other sites More sharing options...
kaseytraeger Posted April 16, 2004 Share Posted April 16, 2004 Kasey, using https instead of http will give you a secure connection to the server. So yes, access would be https://yoursite.com/cpanel Thanks, Bruce, I'm going to set a browser link/bookmark then to create secure access to my cpanel! Quote Link to comment Share on other sites More sharing options...
Head Guru Posted April 16, 2004 Share Posted April 16, 2004 Actually if your dont have your own SSL cert, you would need to use the shared ssl. https://server4.totalchoicehosting.com/cpanel Like that If there were ANY signs that the problems were arisen from a account that someone gained unauthorized access to, do you guys really think I would terminate that persons accounts? Of course I would not. However, when I am looking at logs and I can match the persons IP from signup all the way thru to help desk ticket submissions it really is a closed case. Quote Link to comment Share on other sites More sharing options...
arvind Posted April 16, 2004 Author Share Posted April 16, 2004 I get some error when I use the proxy server my ISP told me to use Access Denied (connect_method_denied) Your request attempted a CONNECT to a port "2083" that is not permitted by default. This is typically caused by an HTTPS URL that uses a port other then the default of 443. For assistance, contact your network support team. This is whilst trying to access the https protocol off my server34 url why is this happening do I have to call my ISP ? Quote Link to comment Share on other sites More sharing options...
Madmanmcp Posted April 16, 2004 Share Posted April 16, 2004 Hi Bill, is it also possible that a BO program was installed on crossma's home computer. The hacker would then be operating from the hacked computers ISP and you would not be able to determine this? Quote Link to comment Share on other sites More sharing options...
Head Guru Posted April 16, 2004 Share Posted April 16, 2004 That is 100% possible. However, not much one could do in that case is there? Quote Link to comment Share on other sites More sharing options...
Head Guru Posted April 16, 2004 Share Posted April 16, 2004 I get some error when I use the proxy server my ISP told me to use Access Denied (connect_method_denied) Your request attempted a CONNECT to a port "2083" that is not permitted by default. This is typically caused by an HTTPS URL that uses a port other then the default of 443. For assistance, contact your network support team. Try this. Sorry https://server?.totalchoicehosting.com:2083 Quote Link to comment Share on other sites More sharing options...
arvind Posted April 16, 2004 Author Share Posted April 16, 2004 its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34. This seems to be happening to me only on my server, a friend has given me access to his server54 and that works fine on the https Quote Link to comment Share on other sites More sharing options...
bellringr Posted April 16, 2004 Share Posted April 16, 2004 Forgive the newb question please, but how does using https or going through the link HG provided make it secure? Looks like I need to do some research on htaccess. Quote Link to comment Share on other sites More sharing options...
MikeJ Posted April 16, 2004 Share Posted April 16, 2004 its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34. Your ISP's proxy server is probably blocking port 2083. That error you are showing in your earlier post is not coming from the TCH server (it's probably coming from the ISP's proxy server). It looks like they block HTTPS to non-standard ports. Contact your ISP for assistance on that. Quote Link to comment Share on other sites More sharing options...
arvind Posted April 16, 2004 Author Share Posted April 16, 2004 but it seems to work fine on server 56 for me Quote Link to comment Share on other sites More sharing options...
MikeJ Posted April 16, 2004 Share Posted April 16, 2004 Forgive the newb question please, but how does using https or going through the link HG provided make it secure? HTTPS uses SSL (secure sockets layer) to encrypt the connection. HTTP = your username, password, and all transactions are sent between you and the server in plain text. If someone compromises a system on or near either end they could potentially capture that information. HTTPS = your username, password, and all transactions are sent between you and the server encrypted. Someone captures the data inbetween and it would just look like garbarge to them. Quote Link to comment Share on other sites More sharing options...
arvind Posted April 16, 2004 Author Share Posted April 16, 2004 its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34. Your ISP's proxy server is probably blocking port 2083. That error you are showing in your earlier post is not coming from the TCH server (it's probably coming from the ISP's proxy server). It looks like they block HTTPS to non-standard ports. Contact your ISP for assistance on that. I seem to have found the problem, when it poped up the thing verifying the certificate I said rather than temporarily I said permanently accept it and that's what cut me access. I did that on server56 and now the same error message is popping up. I sthere some way I can delete this certificate off my computer? Quote Link to comment Share on other sites More sharing options...
MikeJ Posted April 16, 2004 Share Posted April 16, 2004 but it seems to work fine on server 56 for me That is odd. Server34 HTTPS cpanel comes up fine for me. Since you are using your ISP's proxy server, I would still recommend inquring with them as well, especially since you state that it only happens when you are using their proxy server. They should be able to help troubleshoot the problem. Quote Link to comment Share on other sites More sharing options...
kaseytraeger Posted April 16, 2004 Share Posted April 16, 2004 If there were ANY signs that the problems were arisen from a account that someone gained unauthorized access to, do you guys really think I would terminate that persons accounts? Of course I would not. However, when I am looking at logs and I can match the persons IP from signup all the way thru to help desk ticket submissions it really is a closed case. I must apologize because I certainly was not trying to imply that HG would do anything of the sort. My question was more along the lines of being a newbie when it comes securing my website and preventing unauthorized users from gaining access to my account and wrecking havoc. In many respects, I'm quite gullible. But I also worry that I'll do something unintentionally that can get me into trouble. (Probably some childhood psychological issues to be worked out with a therapist! I'll blame my mom for that one ... yeah, that sounds good ... mom did it to me!) I am also not aware of the various tools you folks have at your disposal to determine whether it's me doing the bad deeds or someone else who's pirated my account. I'm glad to know that there are processes and policies in place to handle this sort of thing. By the way, Madmanmcp posted a comment about BO ... what is that? The most I know about it is that you can really turn people off if you get too close to them when you've got it real bad!!! You see, what did I tell you? I'm definitely a newbie!! Quote Link to comment Share on other sites More sharing options...
BogaTones Posted April 16, 2004 Share Posted April 16, 2004 Hi, I'm new to this level of operating a website but learning fast. I want to implement the security suggestions here.. one in particular. I checked my site about directory level browsing and seems I'm vulnerable there. However, I'm very vague at this point on editing .htaccess.. can anyone give me pointers on how to handle this? Does turning on the hotlinking protection in cpanel accomplish this for me? Thanks in advance! Kevin Quote Link to comment Share on other sites More sharing options...
Madmanmcp Posted April 16, 2004 Share Posted April 16, 2004 By the way, Madmanmcp posted a comment about BO ... what is that? BO stands for Back Orifice, a remote access administration tool used by hackers. "if Back Orifice is running in your computer, a remote operator anywhere on the global Internet can gain access and do almost anything you can do on your computer -- and some things you can't do" There are several ways it can be installed on a computer and there are hundreds of different kinds of programs similar to it. Quote Link to comment Share on other sites More sharing options...
Madmanmcp Posted April 16, 2004 Share Posted April 16, 2004 That is 100% possible. However, not much one could do in that case is there? Bottom line is its covered in the TOS. The customer is responsible for all actions performed on their account, whether they are aware of it or not. This is a standard clause and is necessary to protect all customers. It is also a very harsh stance to take against the unaware and the uniformed computer user. Now I (we) do not have access to all the information in this particular instance, nor do I wish to see it, and it could be possible that this crossma individual is actually innocent of all knowlege of the infraction. Its also possible that he/she is 100% guilty, they could be lying thru their teeth to avoid prosecution. My question was just to bring to the attention of everyone that this COULD happen to anyone of us. Quote Link to comment Share on other sites More sharing options...
kaseytraeger Posted April 16, 2004 Share Posted April 16, 2004 My question was just to bring to the attention of everyone that this COULD happen to anyone of us. It's a good thing (depends on your point of view) that this happened. I think it will bring it to more people's attention that they can't and shouldn't be lax on web site security or computer security in general. Although Bill had to take a hard stand against crossma, I do agree that we are responsible for our own actions, and that his action was perfectly in line with the TOS. If it were my company, I'd do the same thing. You simply cannot risk the health of your business by allowing hackers to come in and commit their dirty deeds on your servers and computers. I think TCH's TOS are quite reasonable and certainly acceptable (otherwise I wouldn't have agreed to be bound by them). From what I can tell having read the TOS for various other things such as downloading free images or software, there is nothing uncommon about the statement that we are responsible for damage committed by our computer. We just need to be aware that unauthorized access (if that's what it was) can and does happen and that we as consumers need to take precautions against it. Quote Link to comment Share on other sites More sharing options...
MikeJ Posted April 16, 2004 Share Posted April 16, 2004 I checked my site about directory level browsing and seems I'm vulnerable there. However, I'm very vague at this point on editing .htaccess.. can anyone give me pointers on how to handle this? Put the line "Options All -Indexes" in the .htaccess file in your public_html directory to disable indexes for your entire site, or put it in individual .htaccess files in their appropriate directories to turn it off for specific directory trees. Quote Link to comment Share on other sites More sharing options...
BogaTones Posted April 16, 2004 Share Posted April 16, 2004 Mike, Super! Worked like a charm! Thanks for your quick response and help! Best Regards Kevin Quote Link to comment Share on other sites More sharing options...
bellringr Posted April 16, 2004 Share Posted April 16, 2004 Thanks Mike! I'll do that when I get home tonight. Quote Link to comment Share on other sites More sharing options...
arvind Posted April 17, 2004 Author Share Posted April 17, 2004 I checked my site about directory level browsing and seems I'm vulnerable there. However, I'm very vague at this point on editing .htaccess.. can anyone give me pointers on how to handle this? Put the line "Options All -Indexes" in the .htaccess file in your public_html directory to disable indexes for your entire site, or put it in individual .htaccess files in their appropriate directories to turn it off for specific directory trees. Thanks Mike worked like a charm saves me having to use the cpanel index manager Quote Link to comment Share on other sites More sharing options...
Ninepatch Posted April 18, 2004 Share Posted April 18, 2004 Thanks for all of this security information. I was concerned when I read about that person's abuse of the system. I wondered if my account could be used to attempt such a thing because of my lack of knowledge. I've changed my bookmarks, added the line to my .htaccess files, and changed my passwords. That should do for a while, eh? Quote Link to comment Share on other sites More sharing options...
mike Posted April 24, 2004 Share Posted April 24, 2004 hey Mike... does it matter "where" in the .htaccess file I put the line: Options All -Indexes ? ..... and is that w/o quotes, I assume? thanks. Rock Sign Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted April 24, 2004 Share Posted April 24, 2004 (edited) public_html folder no quotes Geeze, see what happens when I sleep all day. Follow instructions just below this post. Edited April 25, 2004 by TCH-Rob Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted April 24, 2004 Share Posted April 24, 2004 Mike I don't think it matters top/bottom/middle. Quote Link to comment Share on other sites More sharing options...
!!blue Posted April 25, 2004 Share Posted April 25, 2004 Try this. Sorry https://server?.totalchoicehosting.com:2083 I get the weirdest thing when I try to login to cpanel using the method above. See attached image.... What's a girl to do? btw: the *only* reason I'm using IE is because I don't know how to add the certificate in Firefox Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted April 25, 2004 Share Posted April 25, 2004 Thats interesting, works for me in FireBird and IE. Are you putting the /cpanel on the end like it shows in the URL or does it turn to that for you? Quote Link to comment Share on other sites More sharing options...
whoahorse Posted April 25, 2004 Share Posted April 25, 2004 its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34. This seems to be happening to me only on my server, a friend has given me access to his server54 and that works fine on the https Hey - that zone alarm I have heard is BAD... bad.. bad! Full of spyware? Has anyone else heard that? Weezy Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted April 25, 2004 Share Posted April 25, 2004 Zone Alarm? Bad? Not when I had a windows operating system. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted April 25, 2004 Share Posted April 25, 2004 I have been using ZoneAlarm for years, and it is not spyware. I would not go online with out it, unless I had a router with a built in firewall. I run it in full stealth, and you would be surprised to see how much it blocks. Check out Shields Up to see how secure you are My computer report Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice. Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted April 25, 2004 Share Posted April 25, 2004 I like Gibson Research. He has some nice toys. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted April 25, 2004 Share Posted April 25, 2004 I like the part where it says you are in stealth mode or not connected to the internet Quote Link to comment Share on other sites More sharing options...
!!blue Posted April 25, 2004 Share Posted April 25, 2004 Thats interesting, works for me in FireBird and IE. Are you putting the /cpanel on the end like it shows in the URL or does it turn to that for you? I just tried it again and now it works for me. I think I need to put in an ending forward slash (/) so it should be https://server##.totalchoicehosting.com/cpanel/ When I left out the last slash, I was asked to download CPanel. As if that's even possible later, !!blue Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted April 25, 2004 Share Posted April 25, 2004 I have never seen that before. At least it is working now. Quote Link to comment Share on other sites More sharing options...
whoahorse Posted April 25, 2004 Share Posted April 25, 2004 Hey! Glad to hear that zone alarm is not as bad as what I have heard. You guys sure are up on all the latest programs! Weezy Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.