Welcome to WebmasterWorld Guest from 107.22.61.99

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

How To Remove Access From Server?

     
6:53 pm on Jul 13, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 5, 2009
posts:41
votes: 0


What are the key things you would do to remove outside access to your server from admins (apart from yourself).

Ive listed what I know already:

(1) Change ROOT password

(2) Remove all SSH users (you wont need it if you have root)

(3) Change FTP password

(4) Remove all FTP users (apart from yourself)

(5) Change AWSTATS password

(6) Change the control panel login password.

Are there any other ways they can get into the server or access your data apart from these things? Just want to check there is nothing I have missed that could be abused by a malicious admin.
8:16 pm on July 13, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 16, 2007
posts:846
votes: 0


A malicious admin may potentially have installed a backdoor into the system. Short of backing up your data and moving to a new server I would not be overly confident that such a person (if determined to do harm) could be denied access.
12:22 am on July 14, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10858
votes: 67


among other things you will need to check all directories accessible from the server in which it is permissible to run scripts and all scripts within those directories.
make sure you are using basic authentication for all directories that should not be public.
12:50 am on July 14, 2010 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2932
votes: 20


Your current approach is to block all holes you know of. The better approach is to close the server and only open the holes you need:

1) Stopping all network services which you don't need. Create a list with netstat -nlp and see which programs are listening to ports. Only leave those which are necessary to run your system.

2) Use a firewall (hardware or software) to block all access to the server, and only open ports and IP addresses you want to be open. If you are the only one with SSH or FTP access, then only open these ports for the IP address of your own computer.

3) Use the hosts.allow and hosts.deny files (TCP wrappers) as an extra layer to control who has access to specific services. I once had a setup where the firewall didn't start automatically due to a configuration error and passed all traffic unfiltered to the server. The extra security layer of TCP wrappers kept my server secure while I fixed the issue.

4) Check all scripts if there is a way to execute system commands via a web interface.

5) Check the set-root bit on all programs to see if someone may have added that to a command to gain root access without the root password.

6) Check the crontab and at queue to see if some processes are running periodically which might give access to others.

7) If you had some really savvy people on your server, the best option is to rebuild the server from scratch.
8:48 pm on July 14, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Feb 5, 2009
posts:41
votes: 0


Thats terrible........ it should be really easy to deny access.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members