Jump to content

Preventing Access And Hack

arvind

By arvind
in Security Discussions

 Share

Recommended Posts

Deverill Grand Master

Deverill

Posted
Posted

Sure there are things we can do.

 

One thing is to never try out any "security programs" out of curiosity or any other reason. If things are restricted here it's for a reason (like shell access) and if we install programs that try to go around those restrictions we are begging to get kicked out.

 

Another is to have a great password on everything, including the ftp accounts we set up. A great password is not in the dictionary, not easy to guess, not too short, not only numbers or only letters. If we set our password to our dog's name then we're begging to be hacked.

 

An excellent thing to do is to make sure your server is always up to date with the latest security patches. Even Linux has mistakes or oversights that occasionally make it vulnerable. Bill and the techs here are all over these updates! I suspect that's why they had to do the emergency kernel updates mentioned in another thread because a vulnerability was found and patched. We have great servers and uptime here since they do these kinds of updates - a hacked system is usually down a long time.

 

If you install third party software then pick only the best quality ones and watch for updates from the creators. Things like phbbb and other forums, chats, etc. can open the door to hackers if they have problems so make sure you always keep an eye on the support forums and security announcements from the makers of the software.

 

A basic system with good passwords is not going to get hacked. One with "password" as the password or buggy forum software probably will. Check your logs and you'll probably find 401 - Not Found errors for formmail and other known-exploitable software. These guys are out there looking for sites that are weak so we have to be sure we don't open the door.

 

In a few words, don't get lazy. I hope this helps and will put your mind a bit at ease.

Link to comment
Share on other sites
Head Guru Grand Master

Head Guru

Posted
Posted

If you believe what crossma posted in that thread, I have some property I can sell you really cheap.

 

Another words, do not believe every word someone posts on these forums.

 

Is it possible for you account to be hacked. Sure it is. The PC your sitting behind reading this post can be hacked just as easily.

 

There are many things you can do to keep your account secure.

 

Here are just a few...

 

1. Use very strong passwords.

2. Change the passwords OFTEN!

3. Only use https to connect to your cpanel/whm.

4. Do no upload ANY scripts unless you fully understand them and know how they work.

5. Secure your site using .htaccess to stop directory browsing.

6. Never give FTP access to someone you dont know and fully trust.

7. Beware of email users.

8. Never allow anon ftp access.

9. Did I say dont upload scripts?

 

Look, the bottom line is this.

 

Crossma or someone with access to his account and personal computer got caught attempting to cover his tracks after doing some potentialy bad things. We host 20,000 clients and this is a first for us.

 

I do not make it a habbit to kick a user out.

 

We did a complete investigation on this user. Including tracing his IP address back to his ISP. There are no questions in our mind that he was the one behind the attempted hack attempts.

 

Thanks

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted

Thank you, HG, for clarifying this issue. Like arvind2100, I was concerned about someone gaining access to my account and having my account suspended and legal/authoritative action being taken against me. But of the things on your list, I do most of them, except that TCH-Lisa just two days ago helped me install MovableType, so I guess I just installed a third party script. However, MT is a fairly well-known and trusted script, so I'm hoping that it's reliability and trustworthiness makes my site safer than if I had installed "Joe's Blogging Software."

 

I do have a few questions some of your suggestions. I'll reprint them here for easy reference:

 

1. Use very strong passwords.

2. Change the passwords OFTEN!

3. Only use https to connect to your cpanel/whm.

4. Do no upload ANY scripts unless you fully understand them and know how they work.

5. Secure your site using .htaccess to stop directory browsing.

6. Never give FTP access to someone you dont know and fully trust.

7. Beware of email users.

8. Never allow anon ftp access.

9. Did I say dont upload scripts?

 

For item #3, "only use https to connect to your cpanel/whm", I'm not sure how to do this. When I access my site, I'm just using www.mysite.com/cpanel. I don't think this is https. Do I need to access my cpanel with the following command?

https://www.mysite.com/cpanel

 

For item #5: cPanel has a feature that blocks direct access to any file or folder that has been locked. Is this as effective as using .htaccess to stop directory browsing? If not, does anyone know of a good tutorial that outlines how to use .htaccess to stop directory browsing?

 

Thanks, everyone.

 

Thumbs Up Happy Friday!

Link to comment
Share on other sites
TCH-Bruce Grand Master

TCH-Bruce

Posted
Posted (edited)
For item #3, "only use https to connect to your cpanel/whm", I'm not sure how to do this. When I access my site, I'm just using www.mysite.com/cpanel. I don't think this is https. Do I need to access my cpanel with the following command?

https://www.mysite.com/cpanel

Kasey, using https instead of http will give you a secure connection to the server.

 

So yes, access would be https://yoursite.com/cpanel

Edited by TCH-Bruce
Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted
Kasey, using https instead of http will give you a secure connection to the server.

 

So yes, access would be https://yoursite.com/cpanel

Thanks, Bruce,

 

I'm going to set a browser link/bookmark then to create secure access to my cpanel!

Link to comment
Share on other sites
Head Guru Grand Master

Head Guru

Posted
Posted

Actually if your dont have your own SSL cert, you would need to use the shared ssl.

 

https://server4.totalchoicehosting.com/cpanel

 

Like that :)

 

If there were ANY signs that the problems were arisen from a account that someone gained unauthorized access to, do you guys really think I would terminate that persons accounts? Of course I would not. However, when I am looking at logs and I can match the persons IP from signup all the way thru to help desk ticket submissions it really is a closed case.

Link to comment
Share on other sites
arvind Proficient

arvind

Posted
  • Author
Posted

I get some error when I use the proxy server my ISP told me to use

Access Denied (connect_method_denied)

 

Your request attempted a CONNECT to a port "2083" that is not permitted by default.

This is typically caused by an HTTPS URL that uses a port other then the default of 443.

 

For assistance, contact your network support team.

 

This is whilst trying to access the https protocol off my server34 url why is this happening do I have to call my ISP ?

Link to comment
Share on other sites
Head Guru Grand Master

Head Guru

Posted
Posted
I get some error when I use the proxy server my ISP told me to use
Access Denied (connect_method_denied)

 

Your request attempted a CONNECT to a port "2083" that is not permitted by default.

This is typically caused by an HTTPS URL that uses a port other then the default of 443.

 

For assistance, contact your network support team.

Try this.

 

Sorry

 

https://server?.totalchoicehosting.com:2083

Link to comment
Share on other sites
arvind Proficient

arvind

Posted
  • Author
Posted

its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34. This seems to be happening to me only on my server, a friend has given me access to his server54 and that works fine on the https

Link to comment
Share on other sites
MikeJ Veteran

MikeJ

Posted
Posted
its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34.

Your ISP's proxy server is probably blocking port 2083. That error you are showing in your earlier post is not coming from the TCH server (it's probably coming from the ISP's proxy server). It looks like they block HTTPS to non-standard ports.

 

Contact your ISP for assistance on that.

Link to comment
Share on other sites
MikeJ Veteran

MikeJ

Posted
Posted
Forgive the newb question please, but how does using https or going through the link HG provided make it secure?

HTTPS uses SSL (secure sockets layer) to encrypt the connection.

 

HTTP = your username, password, and all transactions are sent between you and the server in plain text. If someone compromises a system on or near either end they could potentially capture that information.

 

HTTPS = your username, password, and all transactions are sent between you and the server encrypted. Someone captures the data inbetween and it would just look like garbarge to them.

Link to comment
Share on other sites
arvind Proficient

arvind

Posted
  • Author
Posted
its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34.

Your ISP's proxy server is probably blocking port 2083. That error you are showing in your earlier post is not coming from the TCH server (it's probably coming from the ISP's proxy server). It looks like they block HTTPS to non-standard ports.

 

Contact your ISP for assistance on that.

I seem to have found the problem, when it poped up the thing verifying the certificate I said rather than temporarily I said permanently accept it and that's what cut me access. I did that on server56 and now the same error message is popping up. I sthere some way I can delete this certificate off my computer?

Link to comment
Share on other sites
MikeJ Veteran

MikeJ

Posted
Posted
but it seems to work fine on server 56 for me :)

That is odd. Server34 HTTPS cpanel comes up fine for me. Since you are using your ISP's proxy server, I would still recommend inquring with them as well, especially since you state that it only happens when you are using their proxy server. They should be able to help troubleshoot the problem.

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted
If there were ANY signs that the problems were arisen from a account that someone gained unauthorized access to, do you guys really think I would terminate that persons accounts?  Of course I would not.  However, when I am looking at logs and I can match the persons IP from signup all the way thru to help desk ticket submissions it really is a closed case.

I must apologize because I certainly was not trying to imply that HG would do anything of the sort. My question was more along the lines of being a newbie when it comes securing my website and preventing unauthorized users from gaining access to my account and wrecking havoc. In many respects, I'm quite gullible. But I also worry that I'll do something unintentionally that can get me into trouble. (Probably some childhood psychological issues to be worked out with a therapist! ;) I'll blame my mom for that one ... yeah, that sounds good ... mom did it to me!)

 

I am also not aware of the various tools you folks have at your disposal to determine whether it's me doing the bad deeds or someone else who's pirated my account. I'm glad to know that there are processes and policies in place to handle this sort of thing.

 

By the way, Madmanmcp posted a comment about BO ... what is that? The most I know about it is that you can really turn people off if you get too close to them when you've got it real bad!!! You see, what did I tell you? I'm definitely a newbie!!

 

:)

Link to comment
Share on other sites
BogaTones Apprentice

BogaTones

Posted
Posted

Hi,

I'm new to this level of operating a website but learning fast. I want to implement the security suggestions here.. one in particular. I checked my site about directory level browsing and seems I'm vulnerable there. However, I'm very vague at this point on editing .htaccess.. can anyone give me pointers on how to handle this?

Does turning on the hotlinking protection in cpanel accomplish this for me?

Thanks in advance!

Kevin

Link to comment
Share on other sites
Madmanmcp Mentor

Madmanmcp

Posted
Posted
By the way, Madmanmcp posted a comment about BO ... what is that?

 

BO stands for Back Orifice, a remote access administration tool used by hackers.

 

"if Back Orifice is running in your computer, a remote operator anywhere on the global Internet can gain access and do almost anything you can do on your computer -- and some things you can't do"

 

There are several ways it can be installed on a computer and there are hundreds of different kinds of programs similar to it.

Link to comment
Share on other sites
Madmanmcp Mentor

Madmanmcp

Posted
Posted
That is 100% possible. However, not much one could do in that case is there?

 

Bottom line is its covered in the TOS. The customer is responsible for all actions performed on their account, whether they are aware of it or not. This is a standard clause and is necessary to protect all customers.

 

It is also a very harsh stance to take against the unaware and the uniformed computer user.

 

Now I (we) do not have access to all the information in this particular instance, nor do I wish to see it, and it could be possible that this crossma individual is actually innocent of all knowlege of the infraction. Its also possible that he/she is 100% guilty, they could be lying thru their teeth to avoid prosecution.

 

My question was just to bring to the attention of everyone that this COULD happen to anyone of us.

Link to comment
Share on other sites
kaseytraeger Proficient

kaseytraeger

Posted
Posted
My question was just to bring to the attention of everyone that this COULD happen to anyone of us.

It's a good thing (depends on your point of view) that this happened. I think it will bring it to more people's attention that they can't and shouldn't be lax on web site security or computer security in general.

 

Although Bill had to take a hard stand against crossma, I do agree that we are responsible for our own actions, and that his action was perfectly in line with the TOS. If it were my company, I'd do the same thing. You simply cannot risk the health of your business by allowing hackers to come in and commit their dirty deeds on your servers and computers. I think TCH's TOS are quite reasonable and certainly acceptable (otherwise I wouldn't have agreed to be bound by them). From what I can tell having read the TOS for various other things such as downloading free images or software, there is nothing uncommon about the statement that we are responsible for damage committed by our computer. We just need to be aware that unauthorized access (if that's what it was) can and does happen and that we as consumers need to take precautions against it.

Link to comment
Share on other sites
MikeJ Veteran

MikeJ

Posted
Posted
I checked my site about directory level browsing and seems I'm vulnerable there. However, I'm very vague at this point on editing .htaccess.. can anyone give me pointers on how to handle this?

Put the line "Options All -Indexes" in the .htaccess file in your public_html directory to disable indexes for your entire site, or put it in individual .htaccess files in their appropriate directories to turn it off for specific directory trees.

Link to comment
Share on other sites
arvind Proficient

arvind

Posted
  • Author
Posted
I checked my site about directory level browsing and seems I'm vulnerable there. However, I'm very vague at this point on editing .htaccess.. can anyone give me pointers on how to handle this?

Put the line "Options All -Indexes" in the .htaccess file in your public_html directory to disable indexes for your entire site, or put it in individual .htaccess files in their appropriate directories to turn it off for specific directory trees.

Thanks Mike worked like a charm saves me having to use the cpanel index manager :dance:

Link to comment
Share on other sites
Ninepatch Experienced

Ninepatch

Posted
Posted

Thanks for all of this security information. I was concerned when I read about that person's abuse of the system. I wondered if my account could be used to attempt such a thing because of my lack of knowledge. I've changed my bookmarks, added the line to my .htaccess files, and changed my passwords. That should do for a while, eh? :)

Link to comment
Share on other sites
mike Experienced

mike

Posted
Posted

hey Mike... does it matter "where" in the .htaccess file I put the line:

 

Options All -Indexes

 

? ..... and is that w/o quotes, I assume?

 

 

thanks. Rock Sign

Link to comment
Share on other sites
!!blue Rising Star

!!blue

Posted
Posted

I get the weirdest thing when I try to login to cpanel using the method above. See attached image....

 

What's a girl to do? :blink: :blink:

 

btw: the *only* reason I'm using IE is because I don't know how to add the certificate in Firefox :(

post-19-1082864363_thumb.jpg

Link to comment
Share on other sites
whoahorse Mentor

whoahorse

Posted
Posted
its odd I've tried disabling my firewall (Zone Alarm) and going to the above url tried it in IE, Opera and Firefox and if I have my ISP's proxy server enabled it won't work and gives me that error message ?? I'm on server 34. This seems to be happening to me only on my server, a friend has given me access to his server54 and that works fine on the https

Hey - that zone alarm I have heard is BAD... bad.. bad!

 

Full of spyware?

 

Has anyone else heard that?

 

Weezy

Link to comment
Share on other sites
TCH-Don Grand Master

TCH-Don

Posted
Posted

I have been using ZoneAlarm for years,

and it is not spyware.

I would not go online with out it, unless I had a router with a built in firewall.

I run it in full stealth, and you would be surprised to see how much it blocks.

 

Check out

Shields Up to see how secure you are :blink:

 

My computer report

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.
Link to comment
Share on other sites
!!blue Rising Star

!!blue

Posted
Posted
Thats interesting, works for me in FireBird and IE.  Are you putting the /cpanel on the end like it shows in the URL or does it turn to that for you?

I just tried it again and now it works for me. I think I need to put in an ending forward slash (/) so it should be

https://server##.totalchoicehosting.com/cpanel/

 

When I left out the last slash, I was asked to download CPanel. As if that's even possible :)

 

later,

!!blue

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...