1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Dealing with Vulnerable Code on Customer Sites

Discussion in 'Plesk for Linux - 8.x and Older' started by DigitalCrowd, Sep 5, 2006.

  1. DigitalCrowd

    DigitalCrowd Basic Pleskian

    24
    23%
    Joined:
    Jul 5, 2002
    Messages:
    58
    Likes Received:
    0
    Okay, the past four days have been a nightmare. It started off saturday that our upstream provided disabled one of our servers from the Internet due to UDP attacks and then the provider failed to notify of this and after xx hours, we finally go ahold of someone in the know and got our server back, only to battle additional attacks until the problem code was found and removed.

    Then, today, two unrelated sites on the same server had totally differet coded contact us forms that where used to send tens of thousands of spam emails.

    How do you typically handle these issues with customers? How do you prevent these type of things. I realize securing things like wget to only be run by root, firewalls and the whole works, but for exmaple, the spam issue would have still happened even with all those security measures taken place.

    Are there applications which can either by run on a server to scan code or scan a website for vulnerable code so that we can alert customers (and ourselves) before these events take place?

    How do you handle customer issues like this? What type of penality to you place (financial or otherwise) and short of letting them go (for repeated issues) how do deal with it.

    Thanks.
     
  2. carliebentley

    carliebentley Guest

    0
     
    Boy, wouldn't that be nice.

    My server was also pulled because of an AUP.

    They are "Investigating" it right now, but this has gotten right out of hand.

    I'm going to find the script that's doing this and I'm going to drop the client that has it, but no one can tell me which particular script it is, where it is, or anything other than the IP its coming from and the iP it's going to.

    They only tell me the Ports and that it's UDP.

    This seems to be a very specific problem and needs to be addressed by SWSoft.
     
  3. panaman

    panaman Guest

    0
     
    mod_security and all the gotroot.com rules will block most of this **** and problaby would have stopped your issue...

    I run, apf, bfd, mod_security and mod_evasive it it really helps a lot..
    When I first starting using it.. a lot of the sites I host stopped working... I just told my customers to recode thier ****
     
  4. carliebentley

    carliebentley Guest

    0
     
    I think what really annoys me is that there is no effective way to use the control panel (Plesk) to scan the domains for potential exploitable code.

    I'm investigating mod_secure and mod_evasive now, but I don't seem to have apxs installed and the rhn up2date isn't working.

    It's quite annoying. I also probably don't have http-devel either.
     
  5. phoenixisp

    phoenixisp Silver Pleskian

    27
    57%
    Joined:
    Feb 2, 2002
    Messages:
    840
    Likes Received:
    0
    Have you tried yum to install them. I know ART has http-devel and I believe apxs.

    panaman gave you a good tip about APF (Advanced Policy Firewall) and BFD (Brute Force Detector), used together they are a definite improvement over the Plesk firewall. They are very simple to install and configure. Check them out

    http://rfxnetworks.com/proj.php
     
  6. euro_gedimas

    euro_gedimas Guest

    0
     
    when I try to start APF, I get this error:

    # /etc/apf/apf -s
    [: /etc/apf/conf.apf: unexpected operator
    APF version 0.9.6 <apf@r-fx.org>
    Copyright (C) 1999-2004, R-fx Networks <proj@r-fx.org>
    Copyright (C) 2004, Ryan MacDonald <ryan@r-fx.org>
    This program may be freely redistributed under the terms of the GNU GPL

    $CNF not found, aborting.
    # /usr/local/sbin/apf -start
    [: /etc/apf/conf.apf: unexpected operator
    APF version 0.9.6 <apf@r-fx.org>
    Copyright (C) 1999-2004, R-fx Networks <proj@r-fx.org>
    Copyright (C) 2004, Ryan MacDonald <ryan@r-fx.org>
    This program may be freely redistributed under the terms of the GNU GPL

    $CNF not found, aborting.

    My config is: /etc/apf/conf.apf
     
  7. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    965
    Likes Received:
    32
    Location:
    Romania
    See in my signature a HOW TO manual to secure also server.
     
Loading...