Tag Archives: Security

Track down cross account Symlinks on Linux server

One common exploit hackers try is this to create lots of symlinks to commonly used configuration files in other user’s accounts. Every PHP based CMS has configuration files somewhere containing database passwords and the like. The hacker has a list of these commonly found files.

Once he’s hacked your account, there’s a good chance he will also be able to get a list of all linux users on the server. Then, all he has to do is look for the commonly found configuration files in each users account.

Hacker, being lazy, will just try to create symlinks to the files in question, whether they exist or not. Now, if the hacker has used a kiddie script the chances are you have already detected his attack – but just in case he’s a little more resourceful, then here’s how you can search all cpanel accounts for evidence of Symlinks to files outside of each respective cpanel account:

ls /var/cpanel/users | grep -v "\`\|\.\|cpanel\|root\|mysql\|nobody" | while read CPUSER; do find /home/$CPUSER -type l -not \( -lname "/home/$CPUSER/*" -o -lname "*rvsitebuilder*" -o -lname "[^/]*" -o -lname "/usr/local/apache/domlogs/*" -o -lname "/usr/local/urchin/*" \) ; done

Apache Directives to prevent Symlink Attacks

In WHM Main >> Service Configuration >> Apache Configuration >> Global Configuration you will find the settings for Directory “/” Options.

To maintain a more secure server, you should only tick SymLinksIfOwnerMatch and NOT FollowSymLinks. This ‘might’ break some things depending on what you are trying to do legitimiaterly, but SymLinksIfOwnerMatch will only allow Apache to follow a symlink if the target has the same owner as the symlink.

Google Malware Warnings are Bad for Business

In fact, it’s probably fairer to say that having your site pulled from Google’s index because of Malware is not just bad for you, it’s bad for everyone. Malware is software that has been installed in your website code that is intended to infringe people’s privacy, commit identity theft/fraud or to infect their computer with a virus or trojan. Hackers spend every waking hour working on ways to sneak their software into your website, and if google finds out, this is what you can expect (click on the image to see the next page that Google will give you):

So, if you have a website for your business, and you care about whether that website is going to be available in the next 24hrs, you really must read on! Read More…

Is Facebook secure for your kid’s photographs?

This article started out, funnily enough, as a Facebook message to a family member who had asked me to remove pictures of a child from my Facebook account, just in case the pictures fell into the hands of evil weirdos. It was clearly believed that this would somehow protect the child (in this case, my grand-daughter), from unwelcome attention.

Paranoia around child abuse is not good, and leads to the sort of thing that appeared in the papers a few years ago. So, I’m going to attempt to help others better understand the implications of getting out of bed in the morning, and risks that can expose us all to.

Have you looked for “baby” lately on Google images? 340 million image so far. Search for baby photos on istockphoto.com, fotolia.com, alamy.com – in fact any large stock image library carries tens of thousands of baby images for professional use. I’m guilty myself of paying a mother money so I could get some saleable photos of her baby – it’s what professional photographers do. Those images hopefully wind up on packaging, advertising, or in editorial content such as magazines and books. Oh don’t worry, anyone I photographed under age was always done so with guardians close by and with model release forms signed off).

Look at this alamy page here! – thousands of babies for the perverts to look at – some are even, shock horror, unclothed! Does this make the world a darker place? If you think so, then I would suggest you need to take a reality check, and review the inner workings of your own mind. Read More…

Protecting websites from hackers – 9 pillars of wisdom

Sheild yourself from the hacker's toolsIt’s the most awful feeling in the world (I imagine). It’s a new morning, and you settle down at your desk with your favourite drink, fire up your web browser, and before long you have a sinking feeling… Your website – or worse – your clients’ websites have been hacked, and since the wee small hours have been peddling poker, spam, porn and god knows what else to the world via your IP address.

The work involved in recovering the sites, the confidence your customers lose in you and the loss of business really aren’t worth risking, are they? Yet countless millions of websites are run in environments that make it easy for hackers to get a foothold.

In this article, we’re going to look at some of the things you should be doing as a website owner to mitigate as far as is practicable, the risks posed by the hacking community, and avoid being hacked! Read More…

Hardening WordPress – Password Protected Directory causing 404 errors

Securing WordPress Guide

WordPress SecuritySecuring your WordPress blog is quite important, especially once you start to get any attention – the hackers and script kiddies won’t be far behind! It’s not hard to take a number of steps to make life much harder for people who want to spoil your blog.

I’m going to document “timeless” techniques first, then look at some plugins. There are dozens of plugins for securing WordPress that can help with security, but plugins come and go (apart from a few), so I’m sticking to solid security measures.

Because there are always bug fixes, and new security exploits being patched, I won’t insult your intelligence by stating that you should keep your copy of WordPress up to date on your server  – oops, I just did!

Seriously, though, installing WordPress is the easy bit – you must keep it current to be secure. I could show you excerpts from our application firewall logs, and your toes would curl if you were aware of how many times your blog gets probed for various weaknesses and exploits. Read More…

Secure FTP (SFTP) in Dreamweaver using SSH tunnelling – No shared keys

It’ a bit of a bugbear with many people that Adobe Dreamweaver CS3, CS4, and I think CS5, although supporting SFTP using password authentication, won’t work with SSH public/private keypairs. It’s far more secure to use SSH with a public/private key pair than with straightforward password authentication.

Why is SFTP important?

FTP is about as secure as SMTP email, or Telnet – i.e. every man and his dog can listen in and before you know it, your (not so) local porn pedlars have replaced your website with something sensational. It amazes me constantly that companies that install SSL certificates are happy for their web developers to connect to the web server using plain old FTP, often uploading files containing critical passwords to databases and other external systems.

Securing FTP using SSH tunneling

Read More…