Our server security is LOW

Portal Home > Knowledgebase > Articles Database > Our server security is LOW

Posted by roberts118, 02-16-2011, 10:33 AM
Hello, We have a server which is hosting about 200 sites (shared hosting). We have a problem which happens every 2-3 months: One site is being hacked, then hacker is able to upload a shell file, then he is able to reach more and more sites at the server and so he is able to cause a damage for these sites. We can't make sure all of our customers keep their sites up to date. Is it possible to keep the server safe even one or more sites had been hacked ? We feel that our server is like a Domino, if one site fall "All sites fall down!" We feel our current server management company isn't familiar with shared hosting security. Can you advise us what should we do to make our server safe ? Thanks Last edited by roberts118; 02-16-2011 at 10:37 AM.
Posted by MikeDVB, 02-16-2011, 10:36 AM
One thing I would advise is running suPHP and making sure that there are no files or folders with 777 permissions (755 at the highest). Also you'll want to run php_open_basedir. That should help and is a start but isn't the only thing you should do.
Posted by Mr Terrence, 02-16-2011, 10:46 AM
Is this a cPanel server? if so you want to make sure all of your scripts running on the server are up to date, you can also try cfs.. full details here
Posted by Harzem, 02-16-2011, 10:58 AM
Make sure you run suPHP and open_basedir. Also disable cgi scripts altogether, google it for "RemoveHandler perl". because even if your php is secure, they can use perl to hack other accounts.
Posted by Syslint, 02-16-2011, 11:04 AM
You need to check for any world writable files or folders . Or any backdores like php shell. You may need to change your cpanel and ftp passwords. And check your phpscript well.
Posted by tobaria, 02-16-2011, 09:14 PM
Maybe you need to perform a kernel upgrade.
Posted by Squidix - SamBarrow, 02-16-2011, 09:15 PM
Upgrade everything including the OS and CPanel, install CSF/LFD, enable suphp, and run rkhunter.
Posted by Hillockhosting, 02-17-2011, 12:37 AM
time to change hosting and move to safer environment
Posted by pilsentico, 02-17-2011, 12:46 AM
He is the provider!
Posted by roberts118, 02-17-2011, 05:20 AM
Our server hosted at SL. They didn't provide complete management so we hire a management company. I appreciate all your replies. I hope my question is written in the right place: How can we choose a company which is familiar with securing shared hosting ? Our current company is the 3d company we hire but every 2-3 months we have the same story - one site hacked , then a link is created to additional sites on the server and thus the hacker can deface any site he wants on our server. We got tired! Thanks
Posted by Orien, 02-17-2011, 05:35 AM
Hire Steven @ Rack911.com to secure your server for you and get the job done right.
Posted by roberts118, 02-17-2011, 05:44 AM
We have worked with Rack911.com and we interested to work with a different company.

Add to Favourites Print this Article