is my site hackable? AyrshireMinis.com

[crmpicco]

Hey All,

My site is hosted on what I believe to be a server that is appropriately secure

Can anyone tell me if my site can be hacked? (or cracked )

The URL is http://www.ayrshireminis.com/

It's not a site that holds secure or sensitive information anyway, but would like to take steps to make it secure as possible if there are problems with it.

Picco

[FishMonger]

Yes it can, but that shouldn't be your question. The question should be: How easy would it be to hack?

It all depends on the knowledge, experience, and determination of the person doing the hacking. I ran a port scan and can say that you have too many open ports. To increase security, I would only open ports 22, 80, and 443. All other services would be moved to other servers that don't have public addresses. If it was an e-commerce site, you would not be PCI compliant.

[bcarl314]

If you're site is on the internet, it can be hacked. The more appropriate question might be "how easy is it to hack my site".

[bcarl314]

Wow, looking at a port scan, it looks like your server is configured to help hackers...

Code:

20/tcp    closed ftp-data
21/tcp    open   ftp
22/tcp    closed ssh
25/tcp    open   smtp
26/tcp    open   unknown
53/tcp    open   domain
80/tcp    open   http
110/tcp   open   pop3
115/tcp   closed sftp
123/tcp   closed ntp
143/tcp   open   imap
443/tcp   open   https
465/tcp   open   smtps
873/tcp   closed rsync
993/tcp   open   imaps
995/tcp   open   pop3s
3306/tcp  open   mysql

SSH and SFTP are closed and FTP is open? Thats exactly opposit of what I would try to set up.

SSH + SFTP encrypt data, where as FTP sends data in plain-text mode, including username and password!

[crmpicco]

thanks for getting back to me, well the port configuration on the server is not really something that I have access to. It is Turtle Hosting http://www.turtlehosting.com/ - that I have as my host - so I would presume that this is their configuration and their settings, and for some reason they seem to have these ports open????

Should FTP not be open incase I wish to FTP my code to the server though?

And.......can I rephrase my question: How easy can it be hacked?

Picco

[oesxyl]

Quote:

Originally Posted by crmpicco

And.......can I rephrase my question: How easy can it be hacked?

usualy if you become a target is to use your server as spam relay or node for other operation. How easy depend of many things, in first case mail server configuration and in both, how easy they could break in.
There is no recipe for security, but any advice could help.
My contribution:
- watch your logs on a regular basis, you can find if an atempt is fail, how and maybe you could prevent next one
- check your code, and here is a very long story, starting with don't trust $_GET, $_POST, $_SERVER variables and ending with logic errors like this:

PHP Code:

$password = $_POST;

// many lines of content, and ...
if($_POST['pass'] == $password){
} 


I see this once,

best regards