I wanted to start a thread about security issues when using shared Linux servers.

I'm just thinking about how to tighten up the security on all my shared Linux accounts.

For starters:

1. how secure is data stored in a MySQL database on the server? Can other users on the server get to see your data? Can people find your database passwords easily?

2. can people get your username and password easily, and get into all your accounts? ie. your POP3 mail username and password might be the same as your account details, and they are sent cleartext each time your mail client checks the server...

3. How has root access to the server? Who are they, and what responsibility level do they have? Are there any procedures in place to keep clients data secure?

Any thoughts?

Cheers.

Some good questions there i will try to answer them as best i can.


1. how secure is data stored in a MySQL database on the server? Can other users on the server get to see your data? Can people find your database passwords easily?

Data is stored unencrypted by default, but some scripts may store the data encrypted, it depends on the script. Check with your scripts developer to see what they do.

Passwords are generally secure unless you make them insecure by using an obvious pass or by accidently making it publicly viewable.


2. can people get your username and password easily, and get into all your accounts? ie. your POP3 mail username and password might be the same as your account details, and they are sent cleartext each time your mail client checks the server...

Ive not heard of anyone obtaining usernames and passwords via hijacking POP3 account logins but i guess technically it would be possible. Its up to you to change your passwords as you see fit. All passwords on the server relating to server operations such as CPanel and the mail server are stored encrypted and are not accessible to the public.


3. How has root access to the server? Who are they, and what responsibility level do they have? Are there any procedures in place to keep clients data secure?

Root access is available to Myself, Angus and datacentre tech staff when needed. All data is secure, however its your responsibility to ensure things like passwords etc are kept updated.

Just on this security related thread, I thought I'd see if the Alpine crew could comment on the neobright server that got hacked on Sunday.

Its been down now for 48 hours getting a system restore. Major bummer for my customers, who of course like to take things out on me.

Do you guys know if the Alpine servers are vunerable as well to the same problems that caused neobright to go down?

(Im assuming you know which neobright server I'm talking about).

Im afraid i have no idea who or what neobright is? are they another webhost?

Im afraid i have no idea who or what neobright is? are they another webhost?


Sorry Snowman, I thought you knew the Neobright server, because when Stingray transfered to Alpine, neobright was the new server at Martin's operation.

Sorry but no idea on that one

As a side issue I am looking at a new server to transfer the Stingray and Koi accounts to so we have full control over them and with a view to improving performance and service for them