eno7 is a well known turkish hacker and they are only mass defacing sites for the sake of record and nothing more, they are usually good in defacing php sites, maybe lagbaja's was php

eno7 is a well known turkish hacker and they are only mass defacing sites for the sake of record and nothing more, they are usually good in defacing php sites, maybe lagbaja's was php

What do you mean by "php sites"?

Some forum softwares written in php have had security issues in the past.  But that has nothing to do with php.  Rather, it has to do with the coders.  The forum could have been written in any language by these poor programmers.

Too bad his site was hacked, I guess his webmasters learnt their lesson the hard way. First of all, there are unix hosting plans out there that give you extra application layer filtering in addition to normal router filtering on the network layer, they usually come with an extra price tag, check them out.

Secondly - If you decide to be a web host for serve your site to the public, you have to pay attention to details, you have to know what you are doing, you have to understand the fundamentals of the platform and softwares you are going to use. Security is a continious process and you have to be a step ahead of the game or you will be majorly screwed.

We had a prospective client here in Ghana that wanted to run their Online-banking system and co-locate on our shared web hosting server. They were very conscious about security and as a result hired 3 indian consultants. I went into the meeting before my first class at school, a meeting I thought would have spent 30 minutes took over 3 hours just to convince these guys that we could host their web app. Trust the Indian guys (I guess they were doing their jobs), they asked all the questions in this world and I told them that nothing security wise could penetrate our web server - was I right? - yes. I did my home work and had my company buy the SAGE - BrickServer, a server that has never been broken into, check it out http://www.sage-inc.com/cgi-bin/products_bservii.php.

Hacking is very possible, it takes time if you know what you are doing.

I did my home work and had my company buy the SAGE - BrickServer, a server that has never been broken into,

That is good news to know some banks in Africa are planning on automating their operations.  It's about time.  And I don't blame them for wanting assurance of the highest level of security.

I guess a SAGE - BrickServer is worth it if it's not overly expensive.  But you can achieve the same level of security with linux.  Besides, SAGE - BrickServer is only as secure as the software you run on it.

With linux:

1. Install enterprise version.
2. Turn off absolutely ALL unncecessary services.
3. Configure your software firewall (ipchains).
4. Get a router with built in hardware firewall.
5. Put yourself on security mailing lists.
6. Slap 32+ xter password on your root account.  Basically, a very strong password.
7. Visit hackers' lounges and have them try to penetrate your machine.  Crackers/hackers can be useful too.
8. Do your own hacking, and benchmarking.  Looking out for possible buffer overlows.
9. Visit sites like https://www.grc.com/ to check your sheilds.
10. Have logWatch email you daily activity report.
11. etc.

With adequate testing, you'd have a solid machine that is virtually impenetrable.

It is a wrong move for any bank to out source their web hosting, especially if they plan to do e-banking. They should consult you to help them build there own web hosting and employ application developer to write the e-banking.

It should be fine to outsource hosting, if:

1. The hosting company is reputable.
2. The server is dedicated (colocated).

At the end of the day, outsourcing may be the only way to go in Nigeria, since hosting in-house could get really expensive. Stable electricity, physical security, high speed Internet lines, etc, all are expensive to provide. These things are already available in the isp's facility.

The bank is concentrating on it's local customers. We are a member of the Ghana Internet Exchange, an association that connects all ISPs in Ghana to one another, this means that any body on any ISP network in Ghana trying to get to the bank e-banking system will access it at local traffic which is extrememly fast.

For security - Try hacking into the SAGE-Brick Server - if any one can get in - I personally will give that person $200, it doesn't even have a shell.

The bank outsourced the development of the e-banking portal to an Indian firm, we are hosting the stuff. The SAGE server is between $3000 - $4000.

The hosting is colocated and dedicated.

check your email, sent you my details

For security - Try hacking into the SAGE-Brick Server - if any one can get in - I personally will give that person $200, it doesn't even have a shell.

A machine is only as secure as the software you run on it.

oasis,

Check out the SAGE Brickserver website - they even have a sage brickserver you can try to hack but you will have to register and they will give you about 3-5 days or so.

don't take my word for it - try it yourself

I understand what you are saying about the SAGE Brickserver OS being secure.

But my point is that you still have to run servers on it such as web, email, ftp, scripting, etc.

Weakness can be introduced into the machine that way.  I don't see how the SAGE Brickserver can prevent bad code from running, and hence from being being hacked.

For example, if I write a php code that allows a user to delete his own directory based on his username:

system("rm -fr $username";

What happens if the user decides to choose a username such as /htdocs, and I don't have anything in my code to prevent that?

The code then comes out as:

system("rm -fr /htdocs";

Now, assuming that /htdocs is where all my web documents are served from.  Suddenly, you've allowed a user to delete your whole website due to sloppy code.

I get your point but you see every user has his own directory he has access to.

That's true.  But you're assuming that the permissions would be set correctly always.  People make mistakes, and that is what crackers are looking for.

Besides, my example is only one example. There are tons of mistakes that programmers make when writing code, not realizing the security implications.

So, going back to my point, your machine is only as secure as what you put into it.

Oasis,

look at this, I create a user say oasis

useradd oasis -d /home/oasis/

Under /home/oasis you have other directories i.e

/home/oasis/mail - for mails
/home/oasis/htdocs - for you webfiles and ftp access

There are other users i.e /home/alex but oasis doesn't have access to alex directory because of the permissions as set by unix by default or you can add them yourself.

So what ever oasis does it will only affect his directory, if he decides to create a php script and run rm- rf /root, it would work because he doesn't have that permission. BrickServer takes care of all these.

You mean brickserver wouldn't allow root to change /home permission to 0777?

If it would, then it is possible for someone to inadvertently change the permission to 0777. Agree?

root has all priviledges - but you don't log into the system like that - there is no shell dude. There is a root user all right and once you create normal users, their email, web, ftp and other services account are created. Read about it and you will understand the structure

That is interesting.

I would like to know how applications are installed on it without a shell.

I know that sometimes in order to install an application, you have to change permissions for files/directories. Does brickserver let you change permissions? Please answer that.

I can't answer that because I don't have an authritative answer, I can find out if you like. Secondly - it comes with a special program you install on ur windows or mac and manage the server.

I can't answer that because I don't have an authritative answer

Fair enough.

But my point is clear. Irrespective of how you interact with the machine, you still interact with it anyway. That leaves room for configuration errors, which in turn opens the door for vulnerabilities. There is nothing SAGE Brickserver can do for you in cases of human errors. I don't think I can explain it any clearer than that.

Very true.

they have also hacked ait's website.

haha

I think our website developers need more training on web design.

the ait website is now ok

WHAT'S A TURKISH PERSON GAINING FROM HACKING LAGBAJA'S WESITE? HMMM
JOBLESS PEOPLE

Seun:
Too bad.  Why would they do this? www.lagbaja.net

Browsing during this period must be hell, I mean no picture reference to even support the topic


Screenshot, snipping tool?

Life can be so cruel sometimes but even worst when you have a cheating partner. I got to discover my spouse was having an affair through the help of { remote spy wise @ gm ail c o m } who gave me access to his device remotely without his notice. I got access to all social media apps, call logs and sms and deleted datas and messages too. Do not be a victim to lies and mischief. Get in contact with him and stay safe.