Knowledgebase

Portal Home > Knowledgebase > Articles Database > Server Security Question from a Newbie?


Server Security Question from a Newbie?




Posted by The Last Don, 06-05-2012, 08:52 PM
I am a graphic designer. I setup my clients server. This is the first time I have setup a server. I am a designer, not an IT tech professional. This process has given me a major headache, especially the security side. Can someone please tell me if my server has been hacked and translate the following logwatch message? in regards to security. I am also looking for a company to provide security for this server. Does anyone know of a good and affordable company? I appreciate any help! Logwatch message: ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Tue Jun 5 04:02:03 2012 Date Range Processed: yesterday ( 2012-Jun-04 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: ip-208-109-97-69.ip.secureserver.net ################################################################## --------------------- Named Begin ------------------------ **Unmatched Entries** client 208.109.96.8 query (cache) 'ns.kelebids.com/A/IN' denied: 3 Time(s) client 208.109.96.8 query (cache) 'ns.kelebids.com/AAAA/IN' denied: 4 Time(s) client 208.109.96.8 query (cache) 'ns.kelebids.info/A/IN' denied: 4 Time(s) client 208.109.96.8 query (cache) 'ns.kelebids.info/AAAA/IN' denied: 4 Time(s) client 208.109.96.8 query (cache) 'ns.kelebids.net/A/IN' denied: 4 Time(s) client 208.109.96.8 query (cache) 'ns.kelebids.net/AAAA/IN' denied: 4 Time(s) client 208.109.96.9 query (cache) 'ns.kelebids.com/A/IN' denied: 4 Time(s) client 208.109.96.9 query (cache) 'ns.kelebids.com/AAAA/IN' denied: 4 Time(s) client 208.109.96.9 query (cache) 'ns.kelebids.info/A/IN' denied: 4 Time(s) client 208.109.96.9 query (cache) 'ns.kelebids.info/AAAA/IN' denied: 4 Time(s) client 208.109.96.9 query (cache) 'ns.kelebids.net/A/IN' denied: 4 Time(s) client 208.109.96.9 query (cache) 'ns.kelebids.net/AAAA/IN' denied: 4 Time(s) max open files (1024) is smaller than max sockets (4096): 8 Time(s) using default UDP/IPv4 port range: [1024, 65535]: 8 Time(s) using default UDP/IPv6 port range: [1024, 65535]: 8 Time(s) zone 97.109.208.in-addr.arpa/IN: zone serial unchanged: 4 Time(s) ---------------------- Named End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: root (ca.4.be.static.xlhost.com): 4 Time(s) unknown (218.61.196.98): 1 Time(s) Invalid Users: Unknown Account: 1 Time(s) su: Sessions Opened: (uid=0) -> kelebids: 2 Time(s) su-l: Unknown Entries: session closed for user popuser: 36 Time(s) session opened for user popuser by (uid=0): 36 Time(s) ---------------------- pam_unix End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 209.190.4.202 (ca.4.be.static.xlhost.com): 4 times Illegal users from: 218.61.196.98: 1 time Received disconnect: 11: Bye Bye : 4 Time(s) **Unmatched Entries** pam_succeed_if(sshd:auth): error retrieving information about user adam : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/sda3 292G 4.3G 273G 2% / /dev/sda1 99M 12M 82M 13% /boot /dev/sdb1 294G 97M 279G 1% /disk2 ---------------------- Disk Space End -------------------------
Posted by TravisT-[SSS], 06-05-2012, 09:27 PM
From those logs no you have not been hacked just a lot of attacks but logwatch does not provide a very good way of keeping tabs on what is really going on with the server. However, some basic security would be a good idea =)
Posted by The Last Don, 06-05-2012, 10:11 PM
Thank you for your time
Posted by stebaker, 06-05-2012, 10:51 PM
Since you aren't to familiar with security on a server I suggest going with someone like platinumservermanagement
Posted by jankocharlie, 06-06-2012, 03:03 AM
there are various support companies available. You can try supprotpro or servaxnet for this. Your datacentre ( godaddy I believe ) should also have a security plan that can be purchased.
Posted by TravisT-[SSS], 06-06-2012, 10:45 AM
I would personally trust an actual server security group over GoDaddy or someone of that kind.
Posted by puretiger, 06-10-2012, 06:44 AM
Hi I just obtained a VPS myself and wasn't sure on how to setup and configure the security and firewall settings (CSF) and so I signed up with PlatinumServerManagement, have been with them for a couple of days now and I have to say their real value for money, they have setup and tweaked everything for me so the server runs at it's best and when I've run into a problem or needed something installing on the server they have done it and to be honest they have done it pretty fast. I have it setup to email me when someone logins in as root and as soon as I submit a ticket within about 5-10 minutes they've login in and resolved the issue. I would signup with them $30 is not a lot of money for piece of mind. Thanks
Posted by Server Management, 06-10-2012, 02:31 PM
I would start looking for a server management provider ASAP to get this secured and safe for you.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
tons of php proceses !! (Views: 611)
MySQL GRANT as cPanel User.. (Views: 456)
Restrict ICMP in Windows Firewall (Views: 476)
Merchant and SSL reseller? (Views: 488)
This mod_security rules (Views: 460)

Language: