Linux, *BSD, Unix... millions of vulnerable servers!

1

Hello,

I just see this video in french https://www.youtube.com/watch?v=0HnC0l0xFXA but command lines are understandable. What to think about HestiaCP? Thank you for your opinions, I must confess that I didn’t necessarily understand how it could concern us directly because I’m not an expert in security or in the world of Linux. I just need to be reassured tonight ^^

2

The biggest issue with Linux / Unix / What ever is that most person don’t have the knowledge how to maintain the server. They install software and forget it about it.

And unless a proper firewall most users have on the home internet connection the often forget that a server is often connected directly to the internet. Also the default username is often “root” With out the use of a strong password. An hacker can enter the server with in a view days / week.

HestiaCP doesn’t change all the weak points. Any server even a server running Hestia needs regular maintenance. The good thing is that Hestia is active and being maintained. And in the last few months multple vulnerabilities have been found and have been patched. (With in a reasonable time).

For example:

  • Fixed a security issue where user password reset keys could potentially be gleaned from system process list - thanks RACK911 LABS
  • No new features introduced with v1.1.1, this is strictly a security/bug fix release.

Luckily all know issues have been patched and fixed. But is is still the users responsibility to keep the software up to date. We can’t change it…

This also counts for any Windows / OSX installs.

The only difference instead of handful developers they have a few 100(0) persons working for them and the are able to focus only on Security.

But even an “save” software means you are full proof against hackers as the software hosted on an server can still cause security issues.

For example if you create an Wordpress site under the “admin” account you decide to use an faulty Wordpress plugin. Users can still gain access the server and execute certain command. That is the reason why you should not use any site under admin account. Shown in the big message when you create a site.

If you connect any computer to the internet you can count on it that an hacker is trying to hack it. Sadly enough :frowning: but it should not a reason to be afraid for it.

3

Thank you Eris for the explanation. I love HestiaCP, and I am very impressed with the work done and I have confidence in this solution. Long life to HestiaCP!

4

Once skipped past all the usual Youtube blah, blah, blah…

  1. file permissions of 000 is pure luser stupidity. Granted it shouldn’t be allowed in the 1st place but nonetheless it’s just plain stupid. Ignorance is not bliss, in this case!
    Why do you think private SSL keys are set to 600, for example?
  2. Permissions of 755 on a directory are never a great idea for ANYTHING that needs some form of protection. I’m an advocate for 750 but many environments don’t like/allow this.
  3. A jailed shell would likely prevent much, if not all that he “demonstrated”.
    (I gave up watching after he started pumping his gums again.)
    Restricting use of shell to those who only actually need it is one of the best/easiest forms of security.
1 Like