...

View Full Version : is my site hackable? AyrshireMinis.com



crmpicco
01-29-2008, 07:22 PM
Hey All,

My site is hosted on what I believe to be a server that is appropriately secure ;)

Can anyone tell me if my site can be hacked? (or cracked :eek: )

The URL is http://www.ayrshireminis.com/

It's not a site that holds secure or sensitive information anyway, but would like to take steps to make it secure as possible if there are problems with it.

Picco
:D

FishMonger
01-29-2008, 08:54 PM
Yes it can, but that shouldn't be your question. The question should be: How easy would it be to hack?

It all depends on the knowledge, experience, and determination of the person doing the hacking. I ran a port scan and can say that you have too many open ports. To increase security, I would only open ports 22, 80, and 443. All other services would be moved to other servers that don't have public addresses. If it was an e-commerce site, you would not be PCI compliant.

bcarl314
01-29-2008, 08:55 PM
If you're site is on the internet, it can be hacked. The more appropriate question might be "how easy is it to hack my site".

bcarl314
01-29-2008, 09:00 PM
Wow, looking at a port scan, it looks like your server is configured to help hackers...



20/tcp closed ftp-data
21/tcp open ftp
22/tcp closed ssh
25/tcp open smtp
26/tcp open unknown
53/tcp open domain
80/tcp open http
110/tcp open pop3
115/tcp closed sftp
123/tcp closed ntp
143/tcp open imap
443/tcp open https
465/tcp open smtps
873/tcp closed rsync
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql



SSH and SFTP are closed and FTP is open? Thats exactly opposit of what I would try to set up.

SSH + SFTP encrypt data, where as FTP sends data in plain-text mode, including username and password! :eek:

crmpicco
01-29-2008, 09:18 PM
thanks for getting back to me, well the port configuration on the server is not really something that I have access to. It is Turtle Hosting http://www.turtlehosting.com/ - that I have as my host - so I would presume that this is their configuration and their settings, and for some reason they seem to have these ports open????

Should FTP not be open incase I wish to FTP my code to the server though?

And.......can I rephrase my question: How easy can it be hacked?

Picco

oesxyl
01-29-2008, 10:10 PM
And.......can I rephrase my question: How easy can it be hacked?

usualy if you become a target is to use your server as spam relay or node for other operation. How easy depend of many things, in first case mail server configuration and in both, how easy they could break in.
There is no recipe for security, but any advice could help. :)
My contribution:
- watch your logs on a regular basis, you can find if an atempt is fail, how and maybe you could prevent next one
- check your code, and here is a very long story, starting with don't trust $_GET, $_POST, $_SERVER variables and ending with logic errors like this:



$password = $_POST;

// many lines of content, and ...
if($_POST['pass'] == $password){
}


I see this once, :)

best regards



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum