I had that happen, once. It was fairly odd, because all it would do is input some script tags linking to something on a spammy bank’s site. I never looked at what the script wrought, but I imagined it was an ad of some sort.
I had thought it was some sort of PHP injection or something that let them rewrite the file. As it turned out, they had somehow gotten the FTP password. I changed that, and nothing more happened.

It seemed strange to me that they had full access to all my files and only inserted a bit right at the end. Wouldn’t it have been better to load a completely new site with some advertisements for them?
The only reason I had found out was that Google mailed me and told me that my site was trying to make their spiders execute malicious code. Oops!

Just a few thoughts on the ones you posted:
2. Or better yet, disable root login
3. Disable FTP and only allow SFTP
6. Authorized keys are secure–but only as secure as the physical security to getting to your personal computer that has the keys on it.
—
And how about some more!
11. Install fail2ban on Linux. It will ban connections from IPs that have multiple unauthorized attempts in a row.
12. Change your SSH port
13. Set your IP Tables to only allow the ports and types of connections you need (HTTP, SSH, SMTP, etc)
14. Subscribe to your operating systems security mailing list to find out when security patches are available.
15. Only allow MySQL connections from localhost

In a shared hosting environment where there are other users on the same machine as you, file permissions are of critical importance. It can be trivially easy for somebody else to modify your data/code if your permissions are set to world writable, or if they are group writable and belong to the wrong group.

For PHP in shared hosting environments, make sure your PHP code runs as your own user (using PHP-CGI or such). If your PHP runs as the same user as everybody else, they can likely read and/or write to your files.

If you find that you’ve been hacked you have to seriously consider the possibility that:

1. the code you have written is the vulnerability
2. the hacker has installed a back door to get back into your system

If either of those are the case, then you could do everything listed in this article and in the comments and you wouldn’t have fixed anything. The hacker could still get back in.

These days, almost all hackers get in because you haven’t upgraded the apps you have installed, you have a security hole in your own app, or your password has been compromised. You should definitely secure your server using tips like this, but you also have to write secure web app code. Your code takes into consideration SQL injection attacks and malicious file names right?

After being hacked, if you can, it is best to wipe out your server OS and start over from scratch from a hopefully clean backup of your site/app.

Another useful note: if your entire site/web app is version controlled with git or svn or whatever… you can easily run status/diff against your site and see any new files or files that have been changed. That will instantly let you spot any shenanigans with your code/file data. (It won’t however help you with database data or system files.)

You can also change the port in which SSH is accessible, which blocks nearly all attempts from that direction.

Thx very much for that list! Since I am more User Interface guy there are some really new things there for me :)

cheers,
Thomas

I would suggest not using the root account at all – use sudo to divy up priviledges to various accounts, and lock the password for root. Allowing only certain users to ssh in and forcing login by publickey also does wonders.

For my ftp setup, I have users chrooted into their home directories, and then I’ve mounted (with —bind) directories they need to access into their ~, so they can access only those folders. Pretty nifty.

Wow! Thanks for the info.. Speaking of hacking, my email address, ym and twitter account is hacked by a single hacker..Selling some stuff that can drop your weight. I am only using my personal computer, so i guess nobody had took advantage with my email or other accounts left un-logged out.. I am just wondering if it is safe to engage in online banking?? I am also worried with my online bank accounts..thanks.

Thanks.

This is a nice site!!

A good selection of tips, changing your security of your root from SHA1 to Blowfish is also a good idea.

Hi there,
Obviously, these are some of the most important and prominent tips that provide higher level of security to any web hosting server.
Thanks for sharing these effective tips…………….

you can also shutdown the machine and go get some sleep :-)