Anyone here ever had their server hacked or compromised? I've noticed there are a lot of servers being hacked these days. Not sure if it's due to people lacking updates for their software or just leaving ports and holes open. The one and only time I was ever hacked, happen't through IPB. We basically had to take it down and put up a vB

I have heard of more servers being hacked through exploiting apache recently, aside from that more than likely they just did not have the proper security updates or firewall settings. Lack of monitoring a server can result in not being able to prevent someone exploiting the server before it happens also.

I noticed my host hasn't updated any certificates or cpanel. It's things like this that make me want to leave hosts. I'd hate to have my files and databases compromised and in the hands of abusers/spammers.

Do you have 100% managed services. Hosts are ideally not supposed to fool around with your software. I will prefer them to take care of the network and hardware issues.

Apache has many security holes. It better to install and external firewall or a firewall software.

If you can pay, then I would say buy at least a cisco 505e firewall connected with the server externally.

or if you dont have/dont want to pay much in external ones. Use APF or CSF firewalls availble freely

I would recommend CSF which is priced at no cost. Its an idela solution if you have low budget or dont want to pa for external firewall. Also, it is still recommended for those who have external firewalls installed as they have a limited functionality.

Thats sad, when you are trying to get your business going and some kids come and start playing around with all your work done so far. They should caught them and put them in jail.

Thats scary.

Can you share some more information because i also use IPB and would want to know the areas i need to focus upon.

Did you discuss it with IPS?

I don't think the latest version of IPB can be hackable yet, maybe he was using a older version of IPB which are vulnerable. That's why I suggest everybody to update they software when a new patch or version comes out.

Just because there's no known public vulnerability, it doesn't mean a hacker doesn't know one.

Dan is Exactly Correct! That's what these people do, they sit around all day and confir with other jerks just like them looking for vulnerabilities.

I've had exactly one Linux server hacked in my life and it was due to a combination of an old 'test/test' account being left on the box and an exploit in either Apache or Horde (the damage was to great to track it down any further).

Thankfully this wasn't one of our hosting boxes, but it was still an eye opener.

If you've ever had anyone in your box doing work for you, I'd take a check through the /etc/passwd file to look for lame-O accounts like test/test. People don't do it on purpose, but sometimes you need a random account to test something with and may forget to delete it. Leaves a wide open hole for even a rudimentary brute-force attack to get through.

Always make sure that all the ports and sockets on the server are closed. Just open necessary ports. It makes server more secure.

Lucky for me, I've not had to deal with too many compromised servers where I work, but when I have, the thing that kills me is that an older version of service X was still being used. You've got to keep them up to date. The older the code, in my opinion, the more exploits there seems to be, or at least, the more the hackers might know about how to exploit.