Go Back   Tech Support Forum > Design Forum > Web Serving and Management

User Tag List

Questions & Advice X 2

This is a discussion on Questions & Advice X 2 within the Web Serving and Management forums, part of the Tech Support Forum category. Hello, I have a website on a linux cloud vps.(prefer to remain anonymous for now) I'm considering ending my 2


Closed Thread
 
Thread Tools Search this Thread
Old 02-04-2013, 12:51 AM   #1
Registered Member
 
Join Date: Feb 2013
Posts: 7
OS: win7



Hello,

I have a website on a linux cloud vps.(prefer to remain anonymous for now)
I'm considering ending my 2 year relationship with my developer , but i'm suspicious that they have backdoor access to my server(In which they could commit malicious damage , or take control at their will).
I also need to learn how to update a foreign exchange feed as required.
I don't know where to find this in WHM/cpanel. I have lightstreamer installed .

Your help is greatly appreciated.
infotaker is offline  
Sponsored Links
Advertisement
 
Old 02-04-2013, 04:15 PM   #2
Registered Member
 
Join Date: Feb 2013
Posts: 7
OS: win7



So the questions i have are :

1. How do i find the settings for the feed ?

2. How can i be sure there is no backdoor after i change the root password ?
infotaker is offline  
Old 02-05-2013, 08:47 AM   #3
Moderator - Alternative Computing Team
 
MartyF81's Avatar
 
Join Date: Jan 2013
Location: Chicago
Posts: 900
OS: Mac OS, Windows, iOS

My System


1. Sorry I do not know the answer to this question.

2. Are you logging in to WHM with the username "root"? (just to make sure...)

If you are, then there are a couple places you need to look:

1. Resellers area. To make sure they have not created a sub-WHM account for reselling. This would allow them to add domains and individual accounts.

2. Cluster/Remote Access. You can generate a new SSH key here. If they have the previous SSH key they would be able to connect to root without the password. CAUTION if any of your programs or services use SSH this could terminate the connection for them.

3. Account Information. You can get a list of accounts on the server there. They would not have root access though. If you hit the "List Accounts" button you will see a list of domain accounts on the server. In that list, you will see a "Cpanel" icon next to each account. If you click that icon it will take you to each domains individual Cpanel. In which you can look in the FTP sections etc... to see if they have created any FTP accounts, etc...

I am sure there are other ways... but that is where I would start. Others may have other things to say. I can't claim that I have thought of everything.

It is best to watch your logs and see if anyone is connecting from an IP that you do not approve of....
MartyF81 is offline  
Sponsored Links
Advertisement
 
Old 02-05-2013, 03:54 PM   #4
Moderator
- Design Team
- Networking Team
 
Fjandr's Avatar
 
Join Date: Sep 2012
Location: Spokane, WA
Posts: 2,483
OS: Windows XP SP3, Windows 7 SP1, Debian, CentOS

My System


Unfortunately it is difficult to completely secure a box after giving access to someone you no longer trust.

My suggestion would be to make complete backups, set up a secondary host, re-install the necessary packages/software, and then wipe the VPS and restore it from the secondary host.

Otherwise the necessary steps would be to look through the users and revoke any accounts which aren't required by various services. Change the passwords on the accounts required, and please, for the love of all things sacred make sure root connections over SSH are disabled completely.

Once a server is set up, there is absolutely no reason to leave root SSH access enabled. Check iptables to make sure there are no weird holes in the firewall. Check the sudoers file for appropriate permissions. Set up remote access logging so logs are sent to another location. Limit the remote access account so it is contained to the log directory and logs can only be opened for append writes (chattr +a). That way, any backdoor access is logged and the offender cannot delete the entries showing their access to your server.
__________________

Fjandr is offline  
Old 02-05-2013, 05:34 PM   #5
Registered Member
 
Join Date: Feb 2013
Posts: 7
OS: win7



Thank you Marty and Fjandr.
I will look into this
infotaker is offline  
Old 02-05-2013, 05:55 PM   #6
Registered Member
 
Join Date: Feb 2013
Posts: 7
OS: win7



I can clone my vps too , but i guess this is the same as a complete back-up.
infotaker is offline  
Old 02-05-2013, 06:30 PM   #7
Moderator
- Design Team
- Networking Team
 
Fjandr's Avatar
 
Join Date: Sep 2012
Location: Spokane, WA
Posts: 2,483
OS: Windows XP SP3, Windows 7 SP1, Debian, CentOS

My System


You're quite welcome.

Also, you'll probably want to change the passwords for any database users, and that will also require password changes in all of the files which have database connector configurations stored in them. For example, most web software built on PHP will have a config.php file with database connector information in it.
__________________

Fjandr is offline  
Old 02-06-2013, 02:20 AM   #8
Registered Member
 
Join Date: Feb 2013
Posts: 7
OS: win7



Great info guys.

Yes i am logging into WHM as username "root".

I can see in Security Centre - manage root's SSH Keys that the developer has both a public and private key.
Can I delete these when it comes time ?
Or will it affect programs/services?
I also see that SSH password authorization tweak is 'enabled'. I will disable.
Compiler access is 'enabled' for unprivaliged users. I will disable.
Add or remove recognised IP's , i'll do this.
Shell fork bomb protection is 'disabled' ? I will enable.
And they have ftp accounts that i will delete.

Thanks
infotaker is offline  
Old 02-06-2013, 02:34 AM   #9
Moderator
- Design Team
- Networking Team
 
Fjandr's Avatar
 
Join Date: Sep 2012
Location: Spokane, WA
Posts: 2,483
OS: Windows XP SP3, Windows 7 SP1, Debian, CentOS

My System


Yes, you should delete those keys to revoke key-based SSH access when the time comes.

If you disable SSH password authorization, make sure that you generate a new set of SSH keys or you will be unable to log in via SSH completely. I actually recommend disabling it, but you should definitely be aware of what that means if you need shell access at all.

The rest looks like a good start.
__________________

Fjandr is offline  
Old 02-06-2013, 11:53 PM   #10
Registered Member
 
Join Date: Feb 2013
Posts: 7
OS: win7



Ok thanks.

Also , I've got a foreign exchange feed for the charts on my website.
I need to know how to update this every quarter.
Where would be a good place to look for this ? WHM or cpanel ?
infotaker is offline  
Old 02-07-2013, 02:03 AM   #11
Moderator
- Design Team
- Networking Team
 
Fjandr's Avatar
 
Join Date: Sep 2012
Location: Spokane, WA
Posts: 2,483
OS: Windows XP SP3, Windows 7 SP1, Debian, CentOS

My System


I have no idea how your Forex feed is updated, so I have no way to answer the question without making large assumptions.

Usually, it would be through changes to a site's code or via the control software for the content management system the site is based on. The former would be done by changing the code directly (on the server, or locally and then uploading it). The latter would be logging into the CMS admin panel and opening the page to be changed.
__________________

Fjandr is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need some true and honest advice please.
Hello can someone please give me some advice, A friend gave me a Dell dimension 4550 with 533fsb so first I ripped the pentium 4 2.8GHz picked up a 3.06GHz norwood for $20 bucks off e-bay put in a 80gb hard drive for the master and 400gb for my slave, those I had laying around along with a couple...
bcamp1967 Sound Cards 2 11-03-2011 04:13 PM
[SOLVED] Some more hardware questions...
Hey guys, as some of you may have read I'm working on assembling a gaming computer in the near future. Now I thought I'd had it mostly figured out, but more questions keep popping up everywhere. I'd like to ask you some to determine some details regarding possible future upgrades to the ...
Sporkster Building 3 08-07-2011 11:26 PM
Advice needed for new system build please!
I have decided to build a new system I need some advice. I will be using an Phemon ii X4 840 (125W). 4Gb Corasir Desktop 1333 The PC will also have a case fan, 2xDVD drives and 2xHDD drives (when I have migrated from IDE to SATA). A few bits of advice please........ 1. I assume...
skywatch Building 1 07-20-2011 06:13 AM
[SOLVED] advice regarding HTPC build
OK, getting new apartment with Comcast CableCard availability so I figured this would be a good opportunity to build a new HTPC using some existing parts and some new parts. So... Tuner - Ceton InfiniTV 4 CPU - intel i3-2100 3.1GHz LGA 1155 - advice? MOBO - either the ASUS P8H67-M EVO...
gschnider Building 8 06-03-2011 04:41 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 08:52 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts