homepage Welcome to WebmasterWorld Guest from 54.196.63.93
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
How To Remove Access From Server?
murmy

5+ Year Member



 
Msg#: 4169398 posted 6:53 pm on Jul 13, 2010 (gmt 0)

What are the key things you would do to remove outside access to your server from admins (apart from yourself).

Ive listed what I know already:

(1) Change ROOT password

(2) Remove all SSH users (you wont need it if you have root)

(3) Change FTP password

(4) Remove all FTP users (apart from yourself)

(5) Change AWSTATS password

(6) Change the control panel login password.

Are there any other ways they can get into the server or access your data apart from these things? Just want to check there is nothing I have missed that could be abused by a malicious admin.

 

caribguy

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4169398 posted 8:16 pm on Jul 13, 2010 (gmt 0)

A malicious admin may potentially have installed a backdoor into the system. Short of backing up your data and moving to a new server I would not be overly confident that such a person (if determined to do harm) could be denied access.

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4169398 posted 12:22 am on Jul 14, 2010 (gmt 0)

among other things you will need to check all directories accessible from the server in which it is permissible to run scripts and all scripts within those directories.
make sure you are using basic authentication for all directories that should not be public.

lammert

WebmasterWorld Senior Member lammert us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 4169398 posted 12:50 am on Jul 14, 2010 (gmt 0)

Your current approach is to block all holes you know of. The better approach is to close the server and only open the holes you need:

1) Stopping all network services which you don't need. Create a list with netstat -nlp and see which programs are listening to ports. Only leave those which are necessary to run your system.

2) Use a firewall (hardware or software) to block all access to the server, and only open ports and IP addresses you want to be open. If you are the only one with SSH or FTP access, then only open these ports for the IP address of your own computer.

3) Use the hosts.allow and hosts.deny files (TCP wrappers) as an extra layer to control who has access to specific services. I once had a setup where the firewall didn't start automatically due to a configuration error and passed all traffic unfiltered to the server. The extra security layer of TCP wrappers kept my server secure while I fixed the issue.

4) Check all scripts if there is a way to execute system commands via a web interface.

5) Check the set-root bit on all programs to see if someone may have added that to a command to gain root access without the root password.

6) Check the crontab and at queue to see if some processes are running periodically which might give access to others.

7) If you had some really savvy people on your server, the best option is to rebuild the server from scratch.

murmy

5+ Year Member



 
Msg#: 4169398 posted 8:48 pm on Jul 14, 2010 (gmt 0)

Thats terrible........ it should be really easy to deny access.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved