Welcome to WebmasterWorld Guest from 23.20.137.66

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

How To Remove Access From Server?

     
6:53 pm on Jul 13, 2010 (gmt 0)

5+ Year Member



What are the key things you would do to remove outside access to your server from admins (apart from yourself).

Ive listed what I know already:

(1) Change ROOT password

(2) Remove all SSH users (you wont need it if you have root)

(3) Change FTP password

(4) Remove all FTP users (apart from yourself)

(5) Change AWSTATS password

(6) Change the control panel login password.

Are there any other ways they can get into the server or access your data apart from these things? Just want to check there is nothing I have missed that could be abused by a malicious admin.
8:16 pm on Jul 13, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



A malicious admin may potentially have installed a backdoor into the system. Short of backing up your data and moving to a new server I would not be overly confident that such a person (if determined to do harm) could be denied access.
12:22 am on Jul 14, 2010 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



among other things you will need to check all directories accessible from the server in which it is permissible to run scripts and all scripts within those directories.
make sure you are using basic authentication for all directories that should not be public.
12:50 am on Jul 14, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Your current approach is to block all holes you know of. The better approach is to close the server and only open the holes you need:

1) Stopping all network services which you don't need. Create a list with netstat -nlp and see which programs are listening to ports. Only leave those which are necessary to run your system.

2) Use a firewall (hardware or software) to block all access to the server, and only open ports and IP addresses you want to be open. If you are the only one with SSH or FTP access, then only open these ports for the IP address of your own computer.

3) Use the hosts.allow and hosts.deny files (TCP wrappers) as an extra layer to control who has access to specific services. I once had a setup where the firewall didn't start automatically due to a configuration error and passed all traffic unfiltered to the server. The extra security layer of TCP wrappers kept my server secure while I fixed the issue.

4) Check all scripts if there is a way to execute system commands via a web interface.

5) Check the set-root bit on all programs to see if someone may have added that to a command to gain root access without the root password.

6) Check the crontab and at queue to see if some processes are running periodically which might give access to others.

7) If you had some really savvy people on your server, the best option is to rebuild the server from scratch.
8:48 pm on Jul 14, 2010 (gmt 0)

5+ Year Member



Thats terrible........ it should be really easy to deny access.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month