IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [server]

A server is a machine running a software daemon that is generally accessed over a network by other machines.

565 questions
59
votes
5 answers

Possible to use both private key and password authentication for ssh login?

It seems that they are mutually exclusive, as disabling one gives me the other, and vice versa. Two-factor auth for my ssh servers sounds really nice, so is there any way to accomplish this?
chrisdotcode
  • 693
  • 1
  • 5
  • 6
48
votes
13 answers

DDoS - Impossible to stop?

Is it possible - in theory - to stop1 a DDoS attack of any size? Many people claim it's impossible to stop DDoS attacks and tell me I just shouldn't mess with the wrong people on the internet. But what if, in like 5 years, everyone is able to rent a…
user2173629
  • 589
  • 1
  • 4
  • 3
46
votes
3 answers

How do hosting providers prevent the compromise of one website from causing the compromise of another one?

Could one create a vulnerable website on purpose to attack a server of a hosting provider? So in the question above which I recently asked we came to the conclusion that preventing one vulnerable website opening the doors to all other websites on…
Just van der Veeken
  • 593
  • 4
  • 10
42
votes
9 answers

Is physical security less important with disks on a server being encrypted?

If you could get physical access to a server, you could change the root/admin password even if you did not know the current password. However with encrypted disks, I don't think this is possible (or is it?). So, does this mean physically…
user93353
  • 1,982
  • 3
  • 19
  • 33
34
votes
5 answers

Does changing an uploaded executable's file extension to .png render it safe?

A colleague of mine has a personal website in which he allows users to upload anything within a certain size, but before the actual upload he checks to see the file extension: if ( $type == 'image/gif'){ $ext = '.gif'; } elseif ( $type ==…
Mister Verleg
  • 501
  • 5
  • 7
31
votes
3 answers

Could a VPS provider have access to the content of their users?

Could a VPS provider like DigitalOcean have access to the content of their users? In their terms of service they do not mention anything related to this question, but could they theoretically have access (e.g., via a backdoor)? Apart from a possible…
cgcmake
  • 488
  • 1
  • 4
  • 8
30
votes
13 answers

Is a server infrastructure fundamentally possible which the smartest person can't breach?

TL;DR: Perhaps I've gone overboard with my question's detail, but I wanted to be sure the question was clear since the topic seems very broad. But here it is. The word "smartest" is meant fundamentally, not literally. Is a server infrastructure…
J.Todd
  • 1,300
  • 1
  • 10
  • 20
30
votes
3 answers

Does password-protecting a server's BIOS help in securing sensitive data?

I'm running a server of which I protected the BIOS with a password. One doesn't have to enter this password before booting, but before entering the BIOS setup. I just did this from routine. However, there aren't really interesting settings in the…
user21287
30
votes
2 answers

Creating user specific authentication methods in SSH

I have configured sshd on an Ubuntu server to use key authentication and it is working fine. I had to disable password authentication for key authentication to work. Server is always accessed via remote terminals or putty. Now all user accounts…
Hrish
  • 411
  • 1
  • 4
  • 6
26
votes
5 answers

Are duplicate SSH server host keys a problem?

I'm doing an assessment of a small network that is using a good bit of virtualization. They have cloned some of their linux machines after generating their SSH server host keys. So the servers all have the same host key. I'm certain this is bad, but…
user896117
  • 361
  • 1
  • 3
  • 5
24
votes
6 answers

Is it fundamentally possible to validate that an unmodified version of your client connects to your server?

Is it fundamentally possible to validate that an unmodified version of your client connects to your server? I was just thinking about the idea of having my client-side app hash its own source code and sends that as a key to the server with any…
J.Todd
  • 1,300
  • 1
  • 10
  • 20
20
votes
2 answers

What are the negative aspects of creating fake security footprints?

My take on reducing the risk of being hacked on products and installation have often been to create false footprints. From my own experience, the servers I've spent most time (and hate) on hacking have been those that have claimed to be something…
Simply G.
  • 518
  • 3
  • 12
19
votes
4 answers

Global Blackout is a myth?

In order to shut the Internet down, anonymous claimed that putting-down the 13 root DNS servers of the Internet and therefore disabling the HTTP Internet, the most widely used function of the Web, would do the job. Those servers are as follow: A …
Tawfik Khalifeh
  • 2,532
  • 6
  • 22
  • 27
18
votes
3 answers

What is the most secured SMTP authentication type?

Say you have to choose only one among the following authentication types for your own SMTP server: LOGIN, PLAIN CRAM-MD5 DIGEST-MD5 NTLM/SPA/MSN Which one would you recommend for optimal security? PS: The list is the authentification types given…
user123456
  • 520
  • 1
  • 4
  • 13
18
votes
3 answers

PHP malware on server - but helpless in identifying the malicious code

I am new to this community, so please forgive me if my question is stupid. I discovered that my server got hacked, and found several PHP files on it. I haven't been lazy and tried my best to detect what the file actually was doing, but im really…
Tom
  • 454
  • 3
  • 11
1
2 3
37 38