Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder crmpicco's Avatar
    Join Date
    Jan 2005
    Location
    Mauchline, Scotland
    Posts
    1,096
    Thanks
    15
    Thanked 1 Time in 1 Post

    Question is my site hackable? AyrshireMinis.com

    Hey All,

    My site is hosted on what I believe to be a server that is appropriately secure

    Can anyone tell me if my site can be hacked? (or cracked )

    The URL is http://www.ayrshireminis.com/

    It's not a site that holds secure or sensitive information anyway, but would like to take steps to make it secure as possible if there are problems with it.

    Picco

  • #2
    Super Moderator
    Join Date
    May 2005
    Location
    Southern tip of Silicon Valley
    Posts
    2,872
    Thanks
    2
    Thanked 164 Times in 159 Posts
    Yes it can, but that shouldn't be your question. The question should be: How easy would it be to hack?

    It all depends on the knowledge, experience, and determination of the person doing the hacking. I ran a port scan and can say that you have too many open ports. To increase security, I would only open ports 22, 80, and 443. All other services would be moved to other servers that don't have public addresses. If it was an e-commerce site, you would not be PCI compliant.

  • #3
    Mega-ultimate member
    Join Date
    Jun 2002
    Location
    Winona, MN - The land of 10,000 lakes
    Posts
    1,855
    Thanks
    1
    Thanked 45 Times in 42 Posts
    If you're site is on the internet, it can be hacked. The more appropriate question might be "how easy is it to hack my site".

  • #4
    Mega-ultimate member
    Join Date
    Jun 2002
    Location
    Winona, MN - The land of 10,000 lakes
    Posts
    1,855
    Thanks
    1
    Thanked 45 Times in 42 Posts
    Wow, looking at a port scan, it looks like your server is configured to help hackers...

    Code:
    20/tcp    closed ftp-data
    21/tcp    open   ftp
    22/tcp    closed ssh
    25/tcp    open   smtp
    26/tcp    open   unknown
    53/tcp    open   domain
    80/tcp    open   http
    110/tcp   open   pop3
    115/tcp   closed sftp
    123/tcp   closed ntp
    143/tcp   open   imap
    443/tcp   open   https
    465/tcp   open   smtps
    873/tcp   closed rsync
    993/tcp   open   imaps
    995/tcp   open   pop3s
    3306/tcp  open   mysql
    SSH and SFTP are closed and FTP is open? Thats exactly opposit of what I would try to set up.

    SSH + SFTP encrypt data, where as FTP sends data in plain-text mode, including username and password!

  • #5
    Senior Coder crmpicco's Avatar
    Join Date
    Jan 2005
    Location
    Mauchline, Scotland
    Posts
    1,096
    Thanks
    15
    Thanked 1 Time in 1 Post
    thanks for getting back to me, well the port configuration on the server is not really something that I have access to. It is Turtle Hosting http://www.turtlehosting.com/ - that I have as my host - so I would presume that this is their configuration and their settings, and for some reason they seem to have these ports open????

    Should FTP not be open incase I wish to FTP my code to the server though?

    And.......can I rephrase my question: How easy can it be hacked?

    Picco

  • #6
    Master Coder
    Join Date
    Dec 2007
    Posts
    6,682
    Thanks
    436
    Thanked 890 Times in 879 Posts
    Quote Originally Posted by crmpicco View Post
    And.......can I rephrase my question: How easy can it be hacked?
    usualy if you become a target is to use your server as spam relay or node for other operation. How easy depend of many things, in first case mail server configuration and in both, how easy they could break in.
    There is no recipe for security, but any advice could help.
    My contribution:
    - watch your logs on a regular basis, you can find if an atempt is fail, how and maybe you could prevent next one
    - check your code, and here is a very long story, starting with don't trust $_GET, $_POST, $_SERVER variables and ending with logic errors like this:

    PHP Code:
    $password $_POST;

    // many lines of content, and ...
    if($_POST['pass'] == $password){

    I see this once,

    best regards


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •