we have an ftp thru our webhost company and the people are still geting in and hacking our website about everyday is there a way to secure our ftp and files from this end. its getting on our last nerve having to redo a site because of these people.
Ftp security
- Thread starter robert33tn
- Start date
D
DelJo63
ftp security: there aint any :knock:
if you're getting hacked via ftp, then you have a trivial password and they
are running a dictionary scan or a cracking tool against you.
good password:
create a contraction of two words, separated per the above; eg Xyz1-9Zyx
*IF* it were your own host, you could use the SSH ftp feature and instead of
passwords you would use a pub/priv key system. You might ask if the host
company will support SSH, but don't be surprised if they say no.
if you're getting hacked via ftp, then you have a trivial password and they
are running a dictionary scan or a cracking tool against you.
good password:
- 8 or more characters
- not a normal word-- combination of chars and digits
- contains at least one digit
- one or more Upper Case chars
- one or more of (#$%^&*_+=)
create a contraction of two words, separated per the above; eg Xyz1-9Zyx
*IF* it were your own host, you could use the SSH ftp feature and instead of
passwords you would use a pub/priv key system. You might ask if the host
company will support SSH, but don't be surprised if they say no.
well i havent been using basic passwords ive using and online windows password maker that does random passwords and we have redone our passwords over and over again.now is there away to go in thru the the index page and hack it that way and change the stuff.
D
DelJo63
check your permissions on every directory and file.robert33tn said:
an HTTP / FTP server should have file settings 644 or 755
(as seen from a Linux ls -l ) eg;
Code:
ls -l
-rw-r--r-- 1 apache websrvr 15 Sep 20 2005 test755 = rwxr-xr-x
what you must avoid is r**r**rw*
directories should be 755 everywhere (rwxr-xr-x)
D
DelJo63
btw: what makes you sure that FTP is the culprit? it's highly likely that your
HTTP server is poorly configured and allows PUT, POST or cross-domain scripting.
what is the server environment (platform, OS, and webserver)?
HTTP server is poorly configured and allows PUT, POST or cross-domain scripting.
what is the server environment (platform, OS, and webserver)?
I recommend implementing a much stronger password policy.
Use passwords that require numbers, upper and lowercase letters, and special characters.
Do no use anything that is found in the dictionary either.
Example of what not to use Chistmas23
Example of what to use <V821#BNur>!
Use passwords that require numbers, upper and lowercase letters, and special characters.
Do no use anything that is found in the dictionary either.
Example of what not to use Chistmas23
Example of what to use <V821#BNur>!
D
DelJo63
robert33tn said:
V821#BNur is typical of a random passwordsmore9648 said:
D
DelJo63
*if* and only if it's an IIS serversmore9648 said:
Nodsu
Posts: 5,451 +7
I have to agree.. Instead of FTP, make sure that other things are secure. Yes, it is very possible to hack your server through the web service. Especially if you have IIS..
- Do you have any active content on the server? PHP? ASP?. If it is a ready-made product, check for any security issues and update. If it's something custom, have it audited. PHP is a gaping security hole unless you take a lot of care writing the code.
- Check your firewall (or set up one if you haven't yet!). Make sure you are blocking everything but the services that actually need to be accessible from outside. You should allow only the bare minimum. If some services are accessed from only some locations, then make the firewall rules accordingly.
- Check for security updates: Apache (or IIS or whatever), MySQL (or MSSQL or whatever), your FTP server software, pretty much everything running on the server should be updated.
- Consider using SSH and SFTP instead of plain FTP. It's a bit trickier to get it running under Windows, but you gain a lot of security.
- Since it is a Windows server (and it has been compromised), you could have some malware installed and running there. Make a thorough virus and spyware scan, or even better, format and reinstall.
- Do you have any active content on the server? PHP? ASP?. If it is a ready-made product, check for any security issues and update. If it's something custom, have it audited. PHP is a gaping security hole unless you take a lot of care writing the code.
- Check your firewall (or set up one if you haven't yet!). Make sure you are blocking everything but the services that actually need to be accessible from outside. You should allow only the bare minimum. If some services are accessed from only some locations, then make the firewall rules accordingly.
- Check for security updates: Apache (or IIS or whatever), MySQL (or MSSQL or whatever), your FTP server software, pretty much everything running on the server should be updated.
- Consider using SSH and SFTP instead of plain FTP. It's a bit trickier to get it running under Windows, but you gain a lot of security.
- Since it is a Windows server (and it has been compromised), you could have some malware installed and running there. Make a thorough virus and spyware scan, or even better, format and reinstall.
Similar threads
Latest posts
-
Resident Evil 9 returns to Raccoon City, coming next February- Daniel Sims replied
-
Scientists develop plastic that dissolves in seawater within hours
- Squid Surprise replied
