Announcement

Collapse
No announcement yet.

Eukhost security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Eukhost security

    I think this would be a good idea giving eukhost an edge.

    With regards to websites i think new security measures should be added for user security for their sites... i was recently hacked into all my accounts (including banks and lost all my money) and then i preyed they didn't FTP all my php scripts because that would be 3 years worth of work lost in seconds.

    So a few cool security options i think should be added:

    I'd like to see easy to read logs of what ips connect to my server using FTP or other which store when they connected also and when connection was closed, and also what scripts were edited...this would allow easy roll back on only a few pages rather than a whole website.

    Additionally when a FTP wants to copy or move the scripts from the server with FTP it sends an email approval to agree to it.. this would prevent hacks....and also an easy to read log of any IP's that login with our details so i can see any IPs that do not match mine....

    This would be wonderful for me as protection like this will save me ... i do hope eukhost can provide a software on servers for this option it would be fantastic!

  • #2
    Hello there sirchick u can easily see what is going on in ur ftp

    in cpanel if u go to ftp

    and click ftp account

    ursite.[COM]:2082/frontend/x3/ftp/accounts_pure-ftpd.html

    [com] = the .com but i have to have 5 post to show the link but u get the idea
    and download the results log and u can see what all happend and whats going on

    hope this helps you
    Anarchy-Hackers.net

    Comment


    • #3
      Yeah but once some one has accessed my files and taken them theres nothing i can do even once i view the logs, thats why a email verification would be nice.

      Comment


      • #4
        you can always install a seperate ftp and configure it to scan through your system so there basically messing with ur default ftp hence cpanel BUT just a thought maybe if u installed a seperate one a diffrent ftp and secure it u will still be able to see it
        Anarchy-Hackers.net

        Comment


        • #5
          > i was recently hacked into all my accounts (including banks and lost all my money) and then i preyed
          > they didn't FTP all my php scripts because that would be 3 years worth of work lost in seconds

          What you seem to be describing has nothing really to do with web server security as such.
          You most likely had a trojan on your local computer, and someone was being sent your
          username/passwords every time you used them, perhaps over a period of weeks.

          To prevent this happening again I would:

          - never use Internet Explorer (use firefox instead)
          - use a GOOD, PROVEN antivirus (currently I use Avira)
          - use a GOOD software firewall with HIPS (currently I use Online Armor)
          - never run untrusted or cracked downloaded executables on the same computer you bank with
          - use Firefox password manager or a virtual keyboard to evade keyloggers
          - always log on from a computer you can almost guarantee is clean from viri/trojans

          For SERVER security, realise that very few account hacks are done directly through ftp login.
          Disable anonymous ftp if possible, and use a very strong password on your ftp account.
          That's all you need to do (in conjunction with using a clean computer to log on).

          Much, much more important is to have the server's firewall configured properly
          (which is usually done by the host for a shared account) and to have up-to-date,
          trusted, well-written scripts, that have authors who respond to security issues
          when they are found.

          > because that would be 3 years worth of work lost in seconds

          Does that mean you don't have local backups!? My databases are backed up twice per day, and the files once per week. These are all stored locally. My local computer then has an incremental disk image taken every night to external drive. If you don't have a strategy similar to this, you absolutely will lose your web data at some point in the future.

          Apologies to sound so serious, but when you're hit by a trojan as badly as you were (money stolen from your bank!!??), that should have been a wake up call to do some research and understand the security issues affecting your computer and its software, and it doesn't sound as though you've done that at all. For instance, suggesting that someone from your webhost should/could write an add-on 'notification' script for Pure-FTPD/Cpanel/Plesk is quite naive!

          Comment


          • #6
            Its a very good site about discussion of uk based servers

            Comment


            • #7
              Originally posted by diddleybow View Post
              Its a very good site about discussion of uk based servers
              A bit early for Christmas is it not?
              David Smith
              Managing Director
              DPS Computing Limited

              - Massive update! (September 2011) - It's now not neglected!!
              - New Site (10/2009)

              Comment


              • #8
                Originally posted by SirChick View Post
                I think this would be a good idea giving eukhost an edge.

                With regards to websites i think new security measures should be added for user security for their sites... i was recently hacked into all my accounts (including banks and lost all my money) and then i preyed they didn't FTP all my php scripts because that would be 3 years worth of work lost in seconds.

                So a few cool security options i think should be added:

                I'd like to see easy to read logs of what ips connect to my server using FTP or other which store when they connected also and when connection was closed, and also what scripts were edited...this would allow easy roll back on only a few pages rather than a whole website.

                Additionally when a FTP wants to copy or move the scripts from the server with FTP it sends an email approval to agree to it.. this would prevent hacks....and also an easy to read log of any IP's that login with our details so i can see any IPs that do not match mine....

                This would be wonderful for me as protection like this will save me ... i do hope eukhost can provide a software on servers for this option it would be fantastic!
                It's evident the cause of this problem wasn't due eUKhost's security, so there is no need to mitigate at eUKhost's end. I think it's a far better idea you improve the security of your computer/network then for eUKhost to outline the actions you've requested. After all, your propositions wont help stop attackers getting your bank password

                Comment


                • #9
                  Originally posted by WelshTom View Post
                  It's evident the cause of this problem wasn't due eUKhost's security, so there is no need to mitigate at eUKhost's end. I think it's a far better idea you improve the security of your computer/network then for eUKhost to outline the actions you've requested. After all, your propositions wont help stop attackers getting your bank password
                  Agreed. eUK security has struck the balance i believe between being secure and remaining usable .
                  David Smith
                  Managing Director
                  DPS Computing Limited

                  - Massive update! (September 2011) - It's now not neglected!!
                  - New Site (10/2009)

                  Comment

                  Working...
                  X