1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Security Forum I think is needed.

Discussion in 'Plesk for Linux - 8.x and Older' started by lvalics, Dec 19, 2004.

  1. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    960
    Likes Received:
    28
    Location:
    Romania
    I think is time to open a security forum, where Admins can talk about how to secure a PLESK server, how to avoid hackers, how to fix problems if comming up etc.
     
  2. lvalics

    lvalics Silver Pleskian Plesk Guru

    36
    43%
    Joined:
    Jun 20, 2003
    Messages:
    960
    Likes Received:
    28
    Location:
    Romania
    I come with first questions, suggestions.

    After this phpBB security things, I treid to see how people enter in servers and I find like:

    They try to execute comand and install softwares like BNC or other into server.
    The way to do is to use /tmp directory, writeable to anyone.
    OK, because I cannot change this (even if in new PLESK I saw in each domain a /tmp) I can try to make to diable to install things in /tmp.

    They try to get programs with WGET, NCFTP or LYNX usually, common used is WGET.

    So I expect comments on changing WGET and other programs, LYNX, NCFTP to be executable only by root, like chmod 700 wget or to get out suid from wget like chmod -s wget.

    Is a good way to try to stop them to install programs?
    It will affect other softwares who will use wget ?
     
Loading...