-1

I got hacked yesterday, and for some reason i think this thing I've been doing on my servers over and over might have some disadvantages, Might this question be deprecated but i need simple answer as this practice i used to do, and in case it's bad why there are answers got a lot of upvotes for this practice?

sudo chown www-data:www-data /var/www -R
cd /var/www
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 755 {} \;

so i just need something as simple as these commands to protect my server. Thanks

The question is marked as duplicated but it's not my compromised server is over, i'm talking about another server and specific subject.

john
  • 58
  • 4

3 Answers3

5

i just need something as simple as these commands to protect my server.

The only minimal effort command that will protect your server is "poweroff" or similar.

Good security takes a serious amount of effort and simply copying commands from the internet without understanding them won't help you.

HBruijn
  • 84,206
  • 24
  • 145
  • 224
4
sudo chown www-data:www-data /var/www -R
cd /var/www
sudo find . -type f -exec chmod 664 {} \;
sudo find . -type d -exec chmod 755 {} \;

is bad because the user the webserver is running under should not have write access to anything under the doc root. If there is a flaw in the software then one can usually write/change arbitrary files (e.g. index.php) which make compromising the web servers incredibly easy.

[Why have] answers got a lot of upvotes for this practice?

The solution solves the problem but the security implications are ignored.

Even (some) web host providers recommend this terrible practice. Why? They make more money this way even given the number of sites that get compromised (and noticed by the customer that they are compromised).

Mark Wagner
  • 18,428
3

Server security is a multifaceted issue. Since many processes on your server CAN be compromised in some way, it is important to run your updates, eliminate unused services and then do security on what is left.

You can have a rock solid apache, mysql, ssh configuration, but if you are running a Wordpress server that has security holes, you are going to get hacked - repetitively. You can grep through looking for exec commands, base64_decode, but if you don't understand coding, then you may not see where you are vulnerable.

fail2ban may be a good starting point since it will teach you what to look for in log files to know if you are getting hacked.

If you must run insecure apps because you are a startup and simply can't afford the alternative, make sure you sandbox your environment by utilizing separate VPS servers and make frequent backups. Then practice your restore process till you know you can get everything back up and running.

Alan
  • 553