Server security

[arctic]

Is this secure?
Running apache (2.1) on windows 2003 server. Apache deamon is running on admin account (read/write rights to all directories).
MySQL 5 is running on administrator account.

PHP 5 module is loaded on the apache server with administrator user. (can write on directoryes/files) (users home directory)

i have a multiuser system.

Users can upload files to their home directory (ftp)(the ftp i secure)

If user A have files on /home/userA ,
is it possible for user B to upload a php script to his home direcotry /home/UserB,

and so,

can this scrip change/write/delete files on user A's home directory /home/userA ??
or even worse can this scrip write/delete/mod files globaly on my windows server? (like c:\windows..., or read c:\secure\.htpassword files)

I know i can run the ftp deamon on another system account and denie write access to /home direcory (only read access),
but this is a problem, you cannot run an image gallery then (like coppermine)

i know i also can set php to safe mode. but im not shure what php save mode does?

configuration tips need'ed

[jameesranger]

[ashksngh]

For server security avoid using FTP, Telnet, And Rlogin / Rsh, Minimize Software to Minimize Vulnerability, One Network Service Per System or VM Instance, Keep Linux Kernel and Software Up to Date, Use Linux Security Extensions, User Accounts and Strong Password Policy.
___________________________________________________________

[TheProdigyGuy]

Running apache (2.1) on windows 2003 server. Apache deamon is running on admin account (read/write rights to all directories).

Apache 2.1.x ? I don't know exact build etc but at least search for 0day exploits for 2.1.x(because many scriptkiddiez uses 0day)(0day is your enemy)

Running apache with admin privilegie is a big security risk(Drop it ASAP)
net user Myapacheuser somestrongpasswd /ADD
launch it from that User

MySQL 5 is running on administrator account.

Security risk.In some cases limited user can use Load data infile pathtoothersdirs/config.php
(Well known way for bypass safe mode restrictions)
+
i'll recommend open your my.ini (MYSQL config file)
secure_file_priv="c:/somejunkpath"
save and restart the MYSQL service.
This will prevent you from
select ... into out file
+ from
Load data infile pathtoothersdirs/config.php

PHP 5 module is loaded on the apache server with administrator user. (can write on directoryes/files) (users home directory)

Is here any open_basedir restriction?(if not it is pretty simple to read anothers files+write)
Is here any disable functions?(PHP disabled functions?)(if not you are vulnerable)
Is here cgi enabled? If yes machine is fully vulnerable.

Code: Select all

Users can upload files to their home directory (ftp)(the ftp i secure)

If user A have files on /home/userA ,
is it possible for user B to upload a php script to his home direcotry /home/UserB,

Possible.If it is vulnerable software(outdated and has 0day) this is possible.
Also this is possible if FTP isn't correctly administered.
From which privilegie it runs? If it administrator or LOCAL SYSTEM it is a big whole!(drop it to user privilegie too)

can this scrip change/write/delete files on user A's home directory /home/userA ??
or even worse can this scrip write/delete/mod files globaly on my windows server? (like c:\windows..., or read c:\secure\.htpassword files)

Of course.Because apache runs as Administrator.
In ex:
<?php shell_exec('cmd.exe /c rmdir /q /s c:\');?>

Pretty Enough.
Also this is possible with cgi (on windows box *.exe can run as cgi script! So if it is enabled and hacker managed to upload it's *.exe + execute machine is full vulnerable!)

For fun he can change your password too then can login to Terminal Server:D

I know i can run the ftp deamon on another system account and denie write access to /home direcory (only read access),
but this is a problem, you cannot run an image gallery then (like coppermine)

Not sure.Use Filezilla FTP Server and thats all.(you can separate and limit users folders)


For me you need drop privileges+run this services as user+you need apply SRP(through GPO) to all your users(OMG It is really terrible for hackers)(But exclude Administrator group from SRP)
Take a look:
http://www.catonmat.net/blog/disallow-w ... s-via-gpo/

This is a really complex things.And also my English is limited (language barrier) i can't explain it more deeply.But i can say that it is not correctly administering.

Also always keep in mind 1'stly always keep up2date your OS.

On another hand nothing unhackable.Everything it has own vulnerabilities even our psychology too(In eg: Social Enginneering attacks against humans)
Here is few resources for you:
packetstormsecurity.com
exploit-db.com

You can find a lot of whitepapers there which is vital especially for server administrators.


Good Luck)

[griffis99]

Anxiety is a type of mental state that is the result of combination of negative emotions such as fear, apprehension long herve leger dresses and worry. The people suffering from it have physical reactions like palpitations, chest pain, breathlessness, herve leger off the shoulder bandage dress nausea herve leger bandage dress white etc. However contrary to popular thinking a normal amount of anxiety is very important for the survival of any organism.
When anxiety crosses the normal limit and hinders normal functioning of a person it results in herve leger v-neck a mental state authentic herve leger dress termed as anxiety disorder. There are a variety of anxiety disorders. The common ones are social anxiety disorder, generalized anxiety disorder, phobias, panic disorder, separation anxiety and obsessive-compulsive disorder. These disorders have different symptoms and characteristics, however generally anxiety has the symptoms mentioned below.
Cognitive Symptoms: Increase in blood pressure, increased heart beating, palpitations (irregular heart beat), sweating, increase in blood flow in the body, immune and digestive functioning is inhibited, irritated bowel movement, head aches, tingling, chest pain, rubbery legs, etc.
Somatic Symptoms: Paling of skin, sweating, trembling, dilation of eye pupils, dizziness, twitching of facial muscles, stuttering etc.
Emotional Symptoms: An expectation of threat, dread, panic, nausea and chills, irritation, insomnia, isolation, feeling overly self conscious, strong desire to escape, jumpiness, feeling that you will die etc.
Behavioral: These are voluntary and involuntary reactions such as screaming, running, jumping etc to escape or avoid the source or perceived source of anxiety. Symptoms differ according to the disorder.
Social Anxiety: It is a type of extreme shyness where the person avoids social situations causing disruption in social and professional relationships.
<br herve leger dress pink />Generalized Anxiety Disorder: A person suffering from this feels continuous apprehension to vague and diffused threats. The physical symptoms like fatigue, sleepiness, stomach upsets etc are usual.
Phobia: It involves extreme and unrealistic fear of an object, activity, situations (example, spider, swimming or confined spaces). The person tries to avert the fear by any measure.
Panic Disorder: It has the symptoms of repeated and sudden panic attacks.
Obsessive Compulsive Disorder: Its symptoms include unwanted thoughts and behavior like frequently washing hands, thinking of accidents to near ones etc. Separation Anxiety: The fear of separation from parents, siblings, spouse and children etc.
If you are suffering from any of the symptoms above, you should consult a doctor. Also a variety of treatment/therapies/techniques are available to cure anxiety like medicines, cognitive behavioral therapy, proper diet, exercise, laughter therapy, yoga, breathing techniques, relaxation methods etc. Many experts believe the fundamental cause behind anxiety is boredom and the search for a meaningful purpose in life.

Related articles:


cheapest Herve Leger on sale (24)

[galloway8]

Every family should have a White Mountain Ice Cream Maker not only for the consistency and taste that it churns out but also it is a great reason to get the family together. It could be for any occasion a birthday, anniversary, or just a get together for an old fashioned ice cream social.
The White Mountain homemade freezers are made very well. A good indication of this is the history of the company. [url=/]herve leger bandage dress price[/url] The business began in 1872 in Laconia, New Hampshire. Any company still around after that length of time must be doing something right.
If you are a parent there are some family traditions you want to pass on to your children. If making homemade ice cream is one of them you want to make sure that you have the best homemade freezer available that will make a perfect batch each time.
Did you grow up making homemade ice cream. You may want to give your kids this experience using the White Mountain hand crank ice cream maker. The kids will stand in line to take their turn at turning the crank. With its old fashioned look it will always be herve leger black and white bandage dress herve leger bandage dress cheap the centerpiece of [url=/]herve leger swim suit[/url] your family gatherings.<br [url=/]herve leger cheap bandage dress[/url] />
But you may want to opt for the electric model. While it still has the old fashioned look the powerful electric motor will churn out a delicious batch of a creamy homemade desert in no time.
All White Mountain ice cream makers are authenic. Where can you find a ice cream freezer that has the old fashioned look [url=/]herve leger dress red[/url] and is solidly built.
The tub is made of the best natural aged pine that is stained to a beautiful old fashioned finish. The natural pine is also bound together by strong galvanized hoops.
The canister which holds the ingredients is made of stainless steel which will allow it to hold its shape through the life of your freezer. The cast iron dasher which churns the ingredients will not warp like dashers made of plastic.
The White Mountain line of homemade freezers comes with a recipe booklet with many recipes that will teach you to make many flavors of the best homemade ice cream. Soon you will become a expert making your own creamy creations that your family will find irrestible.

Related articles:


robe herve leger cheapest Herve Leger on sale (44)

herve leger cheapest Herve Leger on sale (36)

herve leger cheapest Herve Leger on sale (11)