| Question: |
Good nocima then cut threw with statice can be done from perechislennye my vps I have Centos, but I think there all like this-же1) debian 7 x642) disable authorization root password, use ssh-ключей3) for the diagnosis of snoopy to install, configure logging sftp.4) don`t use ftp, use sftp only. Preferably, the keys. In the sftp client in any case does not store the passwords of your account or ssh key. 5) nginx+apache-mpm-itk + php 5.3 + percona-server instead of mysql6) the configs of virtual hosts include open basedir if the website will be with this setup to work (this option prevents php scripts when you access them via http to exceed the limits specified in the basedir directory)7) don`t forget to include MatchUser/MatchGroup for виртуалхостов8) need to configure default host for apache and nginx to exclude uncontrolled configs processing any requests over http. Usually hang 403 or 404 error as default. 9) don`t put unnecessary software, not to blindly enter commands from accidentally found in Google manuals if you do not understand what this command does. 10) not to put a software from source, especially from untrusted sources. 11) if the server needs outgoing mail, it is correct to set limits for her. For example for exim4 (Debian is preferred) - one, two. 12) remove the http auth all unnecessary administrative scripts - phpmyadmin -, admin sites, graphics, |
| Answer: |
Hello. explain why this is? You understand what is written here? here half not applicable to your server without loss of functionality of the site, part of povedet site inoperable, nekotorymi items you will not be able to work. for example, you know what, autorizacia for ключу7 you worked with her? one of the main Vaprio - what is it exactly You, please obosnuyte every point in the process you will understand that this is not required. All settings You need we will meet |
| Question: |
Good utrona be so angry. With my limited time resource, deeply understand specifically what exactly you need is not so easy, but I think as a minimum 12) to remove the http auth all unnecessary administrative scripts - phpmyadmin -, admin sites, graphics,Right? It would create another, that is to say the layer of protection? |
| Answer: |
the Question referred to the administrator, wait for amp. |
| Answer: |
no one was angry, you mistakenly predstavlenie. if you thought so then bring the VM an apology for the misunderstanding. You need first of all to solve the issue of the vulnerability of the website, which showed the report. |
| Question: |
Thank you.In fact, very concerned about these break-ins.Now remove all that is found doctor, but the problem is that I find some files which he has not found.You could have something else to put in and run a scan, if that makes sense.Thank you |
| Answer: |
the Question referred to the administrator, wait for amp. |
| Answer: |
Yes, we can run the \"paranoid mode\" |
| Question: |
Thought You already pull my joke)))But now reading the list of commands for aibolit and Yes, there is such an opportunity.Run please.Also was thinking about it.You could set up automatic daily scan of the site, with a report in the mail?Every day after 3:00 regular skanirovaniya a week, on Thursday, for example, after 3:00 paranoid skanirovaniya thanks for the reply |
| Answer: |
the Question referred to the administrator, aidit amps. |
| Answer: |
the Question referred to the administrator, aidit amps. |
| Question: |
Even takya request.Can rename the ticket to \"Positive review\", in \"antivirus Settings and tamper protection. Maxigoods\"Just think then it will be easier to find, and I You of course, zanpamisaki large |
| Answer: |
tickets are not renamed unfortunately. you can create a new ticket. regarding this ticket, you need to first resolve the issue with the website, because hacking through a vulnerability of the site. |
| Question: |
OK, let`s do so.Make paranoid skanirovaniya I will go through all files, something removed, something will take note.Will make a template update, to version 3.8.1, as saying that it was there all the supper and there is no longer aslimasti.Change your password in adminkey put http auth and change the root paratek will be okay?Or You can offer other options or course of action?Thank you for your help |
| Answer: |
skanirovanii performed. we will notify about the result. the server we also scanned everything is clean. what exactly do You want to bet http-auth ? |
| Question: |
on the admin panel, phpmyadmin, well, you can still access armadetail |
| Question: |
That`s what I thought.Hackers in any case, use a proxy or tor, I think so.Maybe there is some opportunity to limit access to so-called grey ip, or suspicious cetanu so prose and thinking out loud here, but if this is possible to do would have been even very still, cratosphere for the answer |
| Answer: |
to specify how the admin panel? on the panel you have protected access. |
| Question: |
Admin site: maxigoods.com/admin10010/index.phpphpmyadmin: http://138.201.75.204/phpmyadmin/СпасибоСканирование in paranoid mode everything? |
| Answer: |
this is done with a file .htaccess and htpasswd . you need to place the file .htaccess directives handling http authorization to the folder you want to close and specify the path to the password file. file explained you have to generate |
| Question: |
the password file can be put anywhere?Even outside the site folder?In the file \".htpasswd\" should I specify a password, right?The file as and .htaccess is a dot before the name, right? |
| Answer: |
Yes, the dot required in file name here is the instruction http://www.webpress.uz/Alexandr/htaccess/Avtorizatsiya-s-pomoshchyu-htaccess you need to generate the password file with your password. password in file sifrovany |
| Question: |
I understand http auth, I`m going to do when all heal.You are paranoid run a scan?Specify team, I sausuage like this: php ai-bolit.php --mode=2Правильная team?As in this command to specify the folder where to start? |
| Answer: |
the Question referred to the administrator, wait for amp. |
| Answer: |
the scan report maxigoods.com/AI-BOLIT-REPORT-__-463580-09-08-2016_09-11.html |
| Question: |
You tell me what the file is chkrootkitreport.in /var/www/www-root/data/www/ |
| Answer: |
This is a test of the server itself. |
| Question: |
Please write the team how to run maldect in a paranoid mode to scan an entire server, or folders with the site, I`ll be on a bit to clean suspicious files and skanirovaniya |
| Answer: |
please Wait. |
| Answer: |
maldect no paranoid mode. You messed up with aibolit |
| Question: |
Oh, technomak to run ai-bolit in a paranoid mode to scan an entire server, or folders with the site, I`ll be on a bit to clean suspicious files and skanirovaniya |
| Answer: |
specify when you run the-mode=2 |
