Author Topic: Site Security  (Read 485 times)

Offline smfadmin (OP)

  • SMF (internal) Site
  • Administrator
  • Jr. Member
  • *****
  • Join Date: Dec 2014
  • Location: Management
  • Posts: 118
  • Reputation Power: 0
  • smfadmin has hidden their reputation power
  • Last Login:September 05, 2019, 09:54:29 AM
  • Supplied Install Member
Site Security
« on: June 28, 2015, 09:03:51 AM »
guys, i will be looking at improving site security over the next few weeks.

your mail addresses are only available to admins.

we are also protected by the fact that we are small and thus, relatively private.
measure twice, cut once

Offline Narkotikon

  • Honest
  • Sr. Member
  • ****
  • SA_Chat+
  • **
  • Join Date: Jun 2015
  • Location: USA
  • Posts: 1194
  • Reputation Power: 50
  • Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.
  • Gender: Male
  • Last Login:March 28, 2016, 11:31:11 PM
  • Keeping Them Honest
Re: Site Security
« Reply #1 on: June 28, 2015, 11:34:21 AM »
When you say that e-mail addys are only available to admins, do you mean:

1.  that only admins can see e-mail addresses, and regular members can not see them?

OR

2.  that only admins can e-mail other members, and regular members can not e-mail other members?

Transparency is necessary to ensure decent staff members get elected. Members need to know when staff are misbehaving, so members can be informed voters.

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #2 on: June 28, 2015, 04:28:32 PM »
1. only.
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline Narkotikon

  • Honest
  • Sr. Member
  • ****
  • SA_Chat+
  • **
  • Join Date: Jun 2015
  • Location: USA
  • Posts: 1194
  • Reputation Power: 50
  • Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.
  • Gender: Male
  • Last Login:March 28, 2016, 11:31:11 PM
  • Keeping Them Honest
Re: Site Security
« Reply #3 on: June 29, 2015, 09:58:36 AM »
Thanks for clarifying, Chipper. 

Glad that regular members can still e-mail each other.
Transparency is necessary to ensure decent staff members get elected. Members need to know when staff are misbehaving, so members can be informed voters.

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #4 on: June 29, 2015, 11:54:57 AM »
as far as compliance goes, I have enabled PM's for regular users; I can dunp out logs and database tables if need be, for review IF I suspect anything.

I will be following Chopstix's suggestion on Opio - and lock us down.
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #5 on: June 29, 2015, 09:19:17 PM »
the only access to ISPConfig is by a non-standard password for admin - one issue fixed.

note: the Metasploit software (msfconsole) is installed.

may look at locking down ports, too ...
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #6 on: July 04, 2015, 02:36:25 PM »
many ports locked down now.

untested as of yet.

see "iptables" in this forum.
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline david

  • Newbie
  • Join Date: Dec 2014
  • Location:
  • Posts: 4
  • Reputation Power: 2
  • david is new on the scene.
  • Last Login:May 19, 2016, 09:59:00 PM
  • Welcome !
Re: Site Security
« Reply #7 on: July 05, 2015, 08:48:18 AM »
Nark, i have to revise Chipper's reply ... regular members can see email addresses but guests cannot.

it's this way so people can email each other outside the internal messaging systems.
« Last Edit: July 05, 2015, 09:04:49 AM by Chipper »

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #8 on: August 24, 2015, 03:37:13 PM »
fail2ban and Rootkit Hunter version 1.4.2 all installed and config'ed.

did you know ? we get an attack every few minutes. are they drug haters ? no, just opportunistic, predatory software. it really is nasty out there in 'netland !

less apps but they still are on index.html
 
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline Sand and Water

  • Sr. Member
  • ****
  • Join Date: Aug 2015
  • Location: Eastern US
  • Posts: 596
  • Reputation Power: 0
  • Sand and Water has hidden their reputation power
  • Gender: Female
  • Last Login:March 16, 2016, 06:27:41 AM
  • Welcome to our community forum ...
Re: Site Security
« Reply #9 on: August 24, 2015, 07:34:10 PM »
'Morning Chipper :)   I know next to nothing about this stuff, but your comment made me curious:
 These attacks... how does it work?   Does some turd write a program that then goes out & tries to attach itself to whatever it can? 

Also, my understanding is, that the results of such are frequently malicious, but why is it done in the first place (beyond a pride 'lets see if I can break this toy' thing)?

ps. I know I just asked 2 super simple questions with VERY complex answers, so if you're too busy, no worries :)  have a great day/night! s&w
Lose something every day. Accept the fluster
of lost door keys, the hour badly spent.
The art of losing isn't hard to master.
Then practice losing farther, losing faster:
places, and names, and where it was you meant
to travel. None of these will bring disaster.

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #10 on: August 24, 2015, 07:56:48 PM »
internet security is as new to me as it is to you because the smart guys at Opio pointed out my holes only recently.

i don't get it either - why fucking try to be nasty (? !) but i think that their main purpose in life is to "spamadvertise" once they take over a site and they just probe all IP's and try all sorts of "typical" access attempts and try registration-less forums like my first online experience.

for example, one doesn't build the website from a here, no (this is just the forum), i do it through a Linux console. like Microsoft DOS used to look like and running CentOS 6.7 software (like RedHat).

i access the root user using "ssh", then login using my name and password. all some software has to do is try it's luck by emulating what i would do.

now when i first started the site forum by myself, i waived the Registration process and didn't think to modify it then the next few days i had, man 100's of members all saying "CIALIS VALIUM etc. man, i was pissed as i had to delete those fuckers - there are forum bots and crawlers (for Search Engines) and all sorts of automated "processes" going on out there - i had to start banning, then stopping multiple login attempts using ssh and build a basic firewall

the dollar, the root of a lot of evil, is at the heart of it, no fucking doubt.
« Last Edit: August 24, 2015, 09:56:08 PM by Chipper »
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline Sand and Water

  • Sr. Member
  • ****
  • Join Date: Aug 2015
  • Location: Eastern US
  • Posts: 596
  • Reputation Power: 0
  • Sand and Water has hidden their reputation power
  • Gender: Female
  • Last Login:March 16, 2016, 06:27:41 AM
  • Welcome to our community forum ...
Re: Site Security
« Reply #11 on: August 24, 2015, 08:40:36 PM »
Thanks for the explanation :)   My brother runs IT for a global company but he has very little patience for 'kindergarten questions'.  I STILL remember when my daughter was about ten. him telling her in no uncertain terms that she *could* use his 'puter when we visited, but under NO CIRCUMSTANCES could she go to Disney, Nickelodeon, etc.

He tried to explain about firewalls etc, but.. we both adore him, we just know he kinda goes into his own little bubble (muttering to himself etc), when working & WOE UNTO THOSE who interrupt lol. (She of course obeyed his boundaries lol).

Your spamvertising idea makes sense.  I wonder if its only a small fraction who write for malicious reasons & many more do it to prove their skills... hmm each question brings another to mind, like, do programmers worry about the consewuences or discuss the ethics of this with their peers? I don't blame you for being po'd about all that spam!

Lol not enough coffee yet. Thank you SO much for all your hard work (& of course all who help w/this Greek stuff)--obviously we wouldn't be here without it!
Lose something every day. Accept the fluster
of lost door keys, the hour badly spent.
The art of losing isn't hard to master.
Then practice losing farther, losing faster:
places, and names, and where it was you meant
to travel. None of these will bring disaster.

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #12 on: August 24, 2015, 09:59:16 PM »
i'm more open about this stuff ... you are most welcome.

ethics ? that's the billion dollar question ... most techies you can trust but the guys who write this crap do so for financial or personal gain - there's a lot of unfairness out there and disgruntled IT workers and who knows what else ?

all i know is that it has to go ...  :)
Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Offline Narkotikon

  • Honest
  • Sr. Member
  • ****
  • SA_Chat+
  • **
  • Join Date: Jun 2015
  • Location: USA
  • Posts: 1194
  • Reputation Power: 50
  • Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.Narkotikon has got loads of potential.
  • Gender: Male
  • Last Login:March 28, 2016, 11:31:11 PM
  • Keeping Them Honest
Re: Site Security
« Reply #13 on: August 25, 2015, 08:38:13 AM »
Thanks for the explanation :)   My brother runs IT for a global company but he has very little patience for 'kindergarten questions'.  I STILL remember when my daughter was about ten. him telling her in no uncertain terms that she *could* use his 'puter when we visited, but under NO CIRCUMSTANCES could she go to Disney, Nickelodeon, etc.

Just out of curiosity, why didn't your brother want her going to Disney or Nickelodeon?  I find that funny.  Personally I think Disney is evil.  They're like neo-Nazis and ultra-conservative IMO. 

I don't know any of this IT stuff either.  I just try to help out by answering questions, editing things for people, helping to resolve conflicts (when I'm able), and be on the lookout for gay slurs.  Chipper appointed me monitor of gay bashing a while ago.  I don't know if he was serious, but I'm glad to help in that facility.  I will say I've never seen any homophobia in anything I've read so far.  I think our community is generally intolerant to that type of thing. 
Transparency is necessary to ensure decent staff members get elected. Members need to know when staff are misbehaving, so members can be informed voters.

Offline Chip

  • Server Admin
  • Moderator
  • Hero Member
  • ***
  • Administrator
  • *****
  • Join Date: Dec 2014
  • Location: Australia
  • Posts: 6070
  • Reputation Power: 0
  • Chip has hidden their reputation power
  • Gender: Male
  • Last Login:September 15, 2019, 02:35:08 PM
  • Deeply Confused Learner
Re: Site Security
« Reply #14 on: September 29, 2015, 08:26:42 AM »
current /etc/sysconfig/iptables:

# Generated by iptables-save v1.4.7 on Mon Jul 27 09:52:16 2015
*nat
:PREROUTING ACCEPT [1453:78082]
:POSTROUTING ACCEPT [173:14853]
:OUTPUT ACCEPT [173:14853]
COMMIT
# Completed on Mon Jul 27 09:52:16 2015
# Generated by iptables-save v1.4.7 on Mon Jul 27 09:52:16 2015
*mangle
:PREROUTING ACCEPT [21373:4645726]
:INPUT ACCEPT [21371:4645622]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18538:14867372]
:POSTROUTING ACCEPT [18538:14867372]
COMMIT
# Completed on Mon Jul 27 09:52:16 2015
# Generated by iptables-save v1.4.7 on Mon Jul 27 09:52:16 2015
*filter
:INPUT ACCEPT [30:3870]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [266:92933]
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2525 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 873 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
COMMIT
# Completed on Mon Jul 27 09:52:16 2015


Over 90% of all computer problems can be traced back to the interface between the keyboard and the chair !

Tags:
 




TERMS AND CONDITIONS

In no event will d&u or any person involved in creating, producing, or distributing site information be liable for any direct, indirect, incidental, punitive, special or consequential damages arising out of the use of or inability to use d&u. You agree to indemnify and hold harmless d&u, its domain founders, sponsors, maintainers, server administrators, volunteers and contributors from and against all liability, claims, damages, costs and expenses, including legal fees, that arise directly or indirectly from the use of any part of the d&u site.


TO USE THIS WEBSITE YOU MUST AGREE TO THE TERMS AND CONDITIONS ABOVE



Founded December 2014