Security Forum I think is needed.

[lvalics]

I think is time to open a security forum, where Admins can talk about how to secure a PLESK server, how to avoid hackers, how to fix problems if comming up etc.

 

[lvalics]

I come with first questions, suggestions.

After this phpBB security things, I treid to see how people enter in servers and I find like:

They try to execute comand and install softwares like BNC or other into server.
The way to do is to use /tmp directory, writeable to anyone.
OK, because I cannot change this (even if in new PLESK I saw in each domain a /tmp) I can try to make to diable to install things in /tmp.

They try to get programs with WGET, NCFTP or LYNX usually, common used is WGET.

So I expect comments on changing WGET and other programs, LYNX, NCFTP to be executable only by root, like chmod 700 wget or to get out suid from wget like chmod -s wget.

Is a good way to try to stop them to install programs?
It will affect other softwares who will use wget ?