Server Security Service?

wxdqz

New Member
Im having a few issues with security,

one of my main servers which hosts a few sites I think is insecure.
or just 2.. of the sites hosted are insecure im unsure which.

I have done the following:

1. Changed root password (secure long including %$?quot;! etc..)
2. Changed each accounts passwords (secure long including %$?quot;! etc..)
3. Disabled Shell access
4. Updated Software / Code
5. Checked for Insecure Permissions

to try and secure the server but it seems on one of the domains a hacker is still able to get in...

Is there anyone or a company that specialise in server security and offer checking / improving security?

If yes please contact me via PM or MSN: <!-- e --><a href="mailto:[email protected]">[email protected]</a><!-- e -->:

You've done several good layers of security. Additional layers would be mod_security from <!-- m --><a class="postlink" href="http://www.modsecurity.org/">http://www.modsecurity.org/</a><!-- m --> with a good set of rules; a start set can be gotten from <!-- m --><a class="postlink" href="http://www.gotroot.com/">http://www.gotroot.com/</a><!-- m -->

You may also want to upgrade the end user web-applications, secure /tmp and /dev/shm and make sure packages you do not use on the server are uninstalled.

That's just a small list of the additional layers that could be added.

Thank you.If you are looking for a specific company rather than tutorials, I reccomend you give Andy a shout over at <!-- w --><a class="postlink" href="http://www.servertune.com">www.servertune.com</a><!-- w --> (<!-- m --><a class="postlink" href="http://www.servertune.com">http://www.servertune.com</a><!-- m -->) It's been quite a while since I have used them however they did an excellent job on a couple of servers for me.Greetings.To secure apache you should install mod_security and mod_evasive. For php security you should install suhosin. Check regularly for rootkits with chkrootkit and rkhunter. For shell access, secure your SSH by allowing certain IPs, disabling root logins, using keys etc. You should run a good log checker that gives you regular alerts of failed logins, malicious attacks etc.Regards,Richard.I would contact platinumservermanagement. We have them do their security thing on our servers when we first get them and the outcome is a safe server :)
 
Back
Top