PDA

View Full Version : Don't make security an after thought!

jdlitson
07-03-2003, 12:34 AM
Hi, I just found out that my server has been hacked!
I'm not writing this to complain about DA or my server provider this is FYI.

Luciky for me this was cought before I had any customers on my new box.
If you are a new server admin like me make sure you install that firewall or what ever it is you need to do to secure your server.

I give credit and Thanks to the Direct Admin team and the President of www.saevin.net for fiding this problem for me. Without their help I might have been running an insecure environment for my customers.

Goog luck everyone and secure that sever before someone else dose :eek:

Regards -Jason
ProWebUK
07-03-2003, 02:48 AM
firewall and software updates come before anything usually ;)

Chris
FarCry
07-03-2003, 04:19 AM
the whole reason we are using DA right now is because our cPanel box was hacked beyond repair. we had about 60 customers on the server. it was not pretty, and it certainly was not very fun.

There is something else i can suggest, ALWAYS keep a ssh connection open, if i didnt have this, we would have been toast!
ProWebUK
07-03-2003, 05:53 AM
not always the easiest thing to do but i guess its an idea :p

Chris
jdlitson
07-03-2003, 08:27 AM
Sorry to hear that.
Did the hacker get any of your customer's credit card info?
In reality this is breaking and entering into our business and I wish I knew how to catch them. I would press charges for sure.

-Jason
ProWebUK
07-03-2003, 10:23 AM
lol i wouldn't store anything like CC numbers and other important info on the server... just to be 100% safe from that!
FarCry
07-03-2003, 10:27 AM
Originally posted by jdlitson
Sorry to hear that.
Did the hacker get any of your customer's credit card info?
In reality this is breaking and entering into our business and I wish I knew how to catch them. I would press charges for sure.

-Jason

We don't store credit card details at all, any other customer info is encrypted. If we new who it was, we would have contacted the correct authorities, and pressed charges.
jdlitson
07-03-2003, 01:39 PM
I am looking for a security company now who can monitor my server 24-7 for this type of thing. If I find anything I will post it here.
jdlitson
07-03-2003, 01:50 PM
Looks like all the good security stuff is right here in the Forums.

http://www.directadmin.com/forum/showthread.php?s=&threadid=189
ProWebUK
07-03-2003, 04:15 PM
also my checklist is here, http://www.directadmin.com/forum/showthread.php?s=&threadid=65