Portal Home > Knowledgebase > Articles Database > Server Security Question from a Newbie?
Server Security Question from a Newbie?
Posted by The Last Don, 06-05-2012, 08:52 PM |
I am a graphic designer. I setup my clients server. This is the first time I have setup a server. I am a designer, not an IT tech professional. This process has given me a major headache, especially the security side.
Can someone please tell me if my server has been hacked and translate the following logwatch message? in regards to security.
I am also looking for a company to provide security for this server. Does anyone know of a good and affordable company?
I appreciate any help!
Logwatch message:
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Tue Jun 5 04:02:03 2012
Date Range Processed: yesterday
( 2012-Jun-04 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: ip-208-109-97-69.ip.secureserver.net
##################################################################
--------------------- Named Begin ------------------------
**Unmatched Entries**
client 208.109.96.8 query (cache) 'ns.kelebids.com/A/IN' denied: 3 Time(s)
client 208.109.96.8 query (cache) 'ns.kelebids.com/AAAA/IN' denied: 4 Time(s)
client 208.109.96.8 query (cache) 'ns.kelebids.info/A/IN' denied: 4 Time(s)
client 208.109.96.8 query (cache) 'ns.kelebids.info/AAAA/IN' denied: 4 Time(s)
client 208.109.96.8 query (cache) 'ns.kelebids.net/A/IN' denied: 4 Time(s)
client 208.109.96.8 query (cache) 'ns.kelebids.net/AAAA/IN' denied: 4 Time(s)
client 208.109.96.9 query (cache) 'ns.kelebids.com/A/IN' denied: 4 Time(s)
client 208.109.96.9 query (cache) 'ns.kelebids.com/AAAA/IN' denied: 4 Time(s)
client 208.109.96.9 query (cache) 'ns.kelebids.info/A/IN' denied: 4 Time(s)
client 208.109.96.9 query (cache) 'ns.kelebids.info/AAAA/IN' denied: 4 Time(s)
client 208.109.96.9 query (cache) 'ns.kelebids.net/A/IN' denied: 4 Time(s)
client 208.109.96.9 query (cache) 'ns.kelebids.net/AAAA/IN' denied: 4 Time(s)
max open files (1024) is smaller than max sockets (4096): 8 Time(s)
using default UDP/IPv4 port range: [1024, 65535]: 8 Time(s)
using default UDP/IPv6 port range: [1024, 65535]: 8 Time(s)
zone 97.109.208.in-addr.arpa/IN: zone serial unchanged: 4 Time(s)
---------------------- Named End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (ca.4.be.static.xlhost.com): 4 Time(s)
unknown (218.61.196.98): 1 Time(s)
Invalid Users:
Unknown Account: 1 Time(s)
su:
Sessions Opened:
(uid=0) -> kelebids: 2 Time(s)
su-l:
Unknown Entries:
session closed for user popuser: 36 Time(s)
session opened for user popuser by (uid=0): 36 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
209.190.4.202 (ca.4.be.static.xlhost.com): 4 times
Illegal users from:
218.61.196.98: 1 time
Received disconnect:
11: Bye Bye : 4 Time(s)
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user adam : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 292G 4.3G 273G 2% /
/dev/sda1 99M 12M 82M 13% /boot
/dev/sdb1 294G 97M 279G 1% /disk2
---------------------- Disk Space End -------------------------
|
Posted by TravisT-[SSS], 06-05-2012, 09:27 PM |
From those logs no you have not been hacked just a lot of attacks but logwatch does not provide a very good way of keeping tabs on what is really going on with the server. However, some basic security would be a good idea =)
|
Posted by The Last Don, 06-05-2012, 10:11 PM |
Thank you for your time
|
Posted by stebaker, 06-05-2012, 10:51 PM |
Since you aren't to familiar with security on a server I suggest going with someone like platinumservermanagement
|
Posted by jankocharlie, 06-06-2012, 03:03 AM |
there are various support companies available. You can try supprotpro or servaxnet for this.
Your datacentre ( godaddy I believe ) should also have a security plan that can be purchased.
|
Posted by TravisT-[SSS], 06-06-2012, 10:45 AM |
I would personally trust an actual server security group over GoDaddy or someone of that kind.
|
Posted by puretiger, 06-10-2012, 06:44 AM |
Hi
I just obtained a VPS myself and wasn't sure on how to setup and configure the security and firewall settings (CSF) and so I signed up with PlatinumServerManagement, have been with them for a couple of days now and I have to say their real value for money, they have setup and tweaked everything for me so the server runs at it's best and when I've run into a problem or needed something installing on the server they have done it and to be honest they have done it pretty fast.
I have it setup to email me when someone logins in as root and as soon as I submit a ticket within about 5-10 minutes they've login in and resolved the issue.
I would signup with them $30 is not a lot of money for piece of mind.
Thanks
|
Posted by Server Management, 06-10-2012, 02:31 PM |
I would start looking for a server management provider ASAP to get this secured and safe for you.
|
Add to Favourites Print this Article
Also Read