Where Might There Be Potential Security Vulnerabilities On Servers?

Security gaps

Installed software

The software/services (qmail, Apache, FTP, MySQL, etc.) installed on the server may exhibit security vulnerabilities. It can be relatively easy for third parties to establish which software is installed on the server (example: nmap -A HOST [shows the open ports and what software or software version is listening on this port]). Therefore if there are known security gaps they can be exploited.

Preventive measures that should be observed: Regular update your software software.

Dynamic web pages

Security gaps may often exist in dynamic web pages that use an upload facility. Most content management systems, forums, blogs, boards etc. have such upload facilities (Joomla, Mambo, PostNuke, phpBB, TYPO3, WordPress and many others).
As a result, it is sometimes possible to sneak damaged files onto the server. However, incorrect programming of these dynamic systems can also give rise to security gaps. With most popular content management systems any security gaps are detected relatively quickly and patches are made available. Therefore always keep the systems used up to date.

PHP settings

Incorrect PHP settings can also produce gaps in security. Particularly vulnerable are the register_globals and safe_mode options.
If the PHP option, register_globals, is set to ON, third parties could compromise the PHP code (manipulation of variables, code injection). It is therefore advisable to set its value to OFF.

The situation is similar with the safe_mode PHP option. If safe_mode is set to OFF, again a third party may be able to compromise the server. So, in this case, it is advisable to set safe_mode to ON. An even more secure variant would be to use PHP as a program (suPHP), instead of as the Apache module.

What should happen if the server is compromised?

Firstly you should attempt to identify the processes focusing on the following points:

  • Monitor the traffic on the network card at regular intervals (tools: ifconfig, netstat). Unusually high traffic here may be indicative.
  • Unusual/Unknown open ports on which unusual/unknown programs are listening.
  • Have the processes displayed and search for unknown/unusual processes and terminate them. Note: Always kill the parent process because killing child processes usually won't have the desired effect.
  • Check the advanced file attributes. Malicious files/scripts may possess advanced file attributes (usually the "i" attribute that prevents deletion of these files). 
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Compromised Servers – A Broad Overview

Hacking: According to the Cambridge Dictionary, hacking is - 'The activity of illegally using a...

How To Change My HOSTAFRICA Client Password

Log in to your HOSTAFRICA Client Account and click on the "Hello Tab" to reveal the drop-down...

How To Design A Secure Password

The Password Method 1. Choose a phrase of between 12 and 20 characters. Remember, Windows-based...

Security Tips For Linux Servers

Physical System Security Configure the BIOS to disable booting from CD/DVD, External Devices,...

Security Tips For Windows Servers

Ensure that your Windows file server is physically secure. If an intruder can gain physical...