homepage Welcome to WebmasterWorld Guest from 54.226.43.155
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
How To Remove Access From Server?
murmy




msg:4169400
 6:53 pm on Jul 13, 2010 (gmt 0)

What are the key things you would do to remove outside access to your server from admins (apart from yourself).

Ive listed what I know already:

(1) Change ROOT password

(2) Remove all SSH users (you wont need it if you have root)

(3) Change FTP password

(4) Remove all FTP users (apart from yourself)

(5) Change AWSTATS password

(6) Change the control panel login password.

Are there any other ways they can get into the server or access your data apart from these things? Just want to check there is nothing I have missed that could be abused by a malicious admin.

 

caribguy




msg:4169464
 8:16 pm on Jul 13, 2010 (gmt 0)

A malicious admin may potentially have installed a backdoor into the system. Short of backing up your data and moving to a new server I would not be overly confident that such a person (if determined to do harm) could be denied access.

phranque




msg:4169614
 12:22 am on Jul 14, 2010 (gmt 0)

among other things you will need to check all directories accessible from the server in which it is permissible to run scripts and all scripts within those directories.
make sure you are using basic authentication for all directories that should not be public.

lammert




msg:4169635
 12:50 am on Jul 14, 2010 (gmt 0)

Your current approach is to block all holes you know of. The better approach is to close the server and only open the holes you need:

1) Stopping all network services which you don't need. Create a list with netstat -nlp and see which programs are listening to ports. Only leave those which are necessary to run your system.

2) Use a firewall (hardware or software) to block all access to the server, and only open ports and IP addresses you want to be open. If you are the only one with SSH or FTP access, then only open these ports for the IP address of your own computer.

3) Use the hosts.allow and hosts.deny files (TCP wrappers) as an extra layer to control who has access to specific services. I once had a setup where the firewall didn't start automatically due to a configuration error and passed all traffic unfiltered to the server. The extra security layer of TCP wrappers kept my server secure while I fixed the issue.

4) Check all scripts if there is a way to execute system commands via a web interface.

5) Check the set-root bit on all programs to see if someone may have added that to a command to gain root access without the root password.

6) Check the crontab and at queue to see if some processes are running periodically which might give access to others.

7) If you had some really savvy people on your server, the best option is to rebuild the server from scratch.

murmy




msg:4170192
 8:48 pm on Jul 14, 2010 (gmt 0)

Thats terrible........ it should be really easy to deny access.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved