Server Security

[blow]

I run a few sites a vbulletin forum & 2 wordpress blogs on my VPS, but im not shore how secure my server is set up...

Someone has cloned all 3 of my sites & someone else told me that they can access more or less every derectory on my server. They said to block access to the (vbulletin) /install directory with .htaccess & protect the upgrade files.

I've deleted the install.php file i thort that was good enuff.

If someone knows what there doing, can you take a look at this for me?

www.hiphopdownloadz.com vbforum

www.djsmuggla.com wordpress

 

[NewEraCracker]

Hello,

About vB: You should delete all of the /install/ directory and not just install.php as installer says.
You are also advised to upgrade to vB 3.8.7 PL1 in order to prevent security issues.

About wordpress: http://www.djsmuggla.com/readme.html
hmm... You will be hacked in less than 60 seconds if you don't upgrade.

Also upgrade your Apache. The version that you have currently installed (2.2.3) has several critical security vulnerabilities.

 

[CloudShadow]

Why dont you hire someone to secure the server for you?

 

[c0rrupt]

If you are looking to hire someone you should contact Krun!x he is good at server security.

 

[Whoo]

If you are looking to hire someone you should contact Krun!x he is good at server security.

I can vouch for him too

 

[damnyou]

If you are on the xen server than ask someone to install the grsecurity.

 

[blow]

If you are looking to hire someone you should contact Krun!x he is good at server security.

Is he the guy that owns knowin servers, thats who im hosted with.

& NewEraCracker My licence ran out a few months back so i cant download the vB 3.8.7 PL1 version.

Can i do anything with .htacess? like prevent direct access to a directory or something. I think a good step to take is to password protect my admincp & modcp folders with htacess, can i do any others?

 

[c0rrupt]

Krun!x owns http://knownsrv.com

 

[CloudShadow]

Is he the guy that owns knowin servers, thats who im hosted with.

& NewEraCracker My licence ran out a few months back so i cant download the vB 3.8.7 PL1 version.

Can i do anything with .htacess? like prevent direct access to a directory or something. I think a good step to take is to password protect my admincp & modcp folders with htacess, can i do any others?

No, krunix doesn't own knowinservers. You can send him a pm and ask him whether he can secure the server for you

 

[blow]

Ok great, i'll submit a support ticket with them. Do you think its somthing he'll do free for me, because im a customer?

Im not shore how long it would take or how much people charge to do jobs like this...

EDIT- Just checking now im with http://knownsrv.com is that the one he owns?

 

[CloudShadow]

Yes thats the one he owns. The VPSes on knownsrv are fully managed, so kurnix will secure it for you free of charge.

 

[blow]

Great thanks m8...

 

[Hostinpk.com]

Thanks a lot for this. I was searching this before.