-5

I want to give some small jobs to freelancers who would have FTP access to my websites hosted on my server.

I heard that sometimes it's possible they put malevolent scripts and software on the server, so that it runs from it even when the project is done.

Is there any way to avoid this and to check what processes are running, to ensure there is nothing that's running that shouldn't be there?

Thank you!

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
Aerodynamika
  • 176
  • 1
  • 1
  • 7
  • 1
    You seem to be upset that you haven't been provided an in depth, specialized technical answer to your question, but your question lacks the requisite depth, detail or context for which to provide a specialized technical answer. You haven't even stated what operating system you're dealing with. Point of fact; your question sucks. – joeqwerty Dec 06 '14 at 18:06
  • If you want better answers then ask better questions. – joeqwerty Dec 06 '14 at 18:06
  • i did state in the tags that it's linux, that information should be enough to help me. but you choose to instead spend your time on teaching me a lesson. thank you! the lesson taught: never come back here again. – Aerodynamika Dec 06 '14 at 18:07
  • 1
    `I'm running Windows. Can you help me?` - Do you see what I'm getting at here? – joeqwerty Dec 06 '14 at 18:08
  • i asked a very specific question: 'check what processes are running', provided the context (my concern for security) and the operating system. you obviously chose not to read my question but to take a mentoring tone with somebody who is not as experienced as you are. obviously you have issues, but i'm not going to be the one to deal with them, sorry. – Aerodynamika Dec 06 '14 at 18:09
  • 'Check what processes are running' - top. Are they malevolent? This is a very broad question, and is highly dependent on what the malevolent process is. Also, linux is "just the kernel", there's a lot more to an os than that, meaning that your specific setup/environment may change the appropriate answers. – austinian Dec 06 '14 at 18:22
  • 2
    A malicious person could leave a script on your server without causing a running process. It could be in cron, or triggered via a HTTP request. Your question is way too broad. – ceejayoz Dec 06 '14 at 18:30
  • @ceejayoz thank you. how could i make my question more specific? what information is needed? my concern is broad, that's why the question is broad. your answer makes me think that maybe it's a good idea to check all the files that are on the server for integrity to avoid them getting triggered externally... – Aerodynamika Dec 06 '14 at 18:33
  • @austinian could you please tell me which information about the server is needed to make my question more specific? thank you! – Aerodynamika Dec 06 '14 at 18:33
  • 3
    Frankly, you're asking the wrong question. Fundamentally, **do not** give users you don't trust access. Have them work on a *development* instance or their own local development environment, and have them check their code into source control. Have you or someone you trust review and deploy their code. – ceejayoz Dec 06 '14 at 18:39
  • @deemeetree I'd recommend you read a book or something on *nix security and also setting up a shared web hosting server. The scope of your question is much too large for this format, as there are entire books written to answer this very question. – austinian Dec 08 '14 at 14:47

1 Answers1

6

  1. Don't hire people you don't trust.

  2. If you have to hire untrusted people, don't give them access to a production server. Give them a temporary development environment and then when their work is done, you deploy it to the production server.

  3. If you are asking questions like "how do I check what processes are running", you probably have no business running this server. Use a shared hosting service.

EEAA
  • 108,414
  • 18
  • 172
  • 242
  • Thank you for a very arrogant and obvious answer, but I was seeking for a more specialized technical advice... And I do have businesses running on this server for more than 12 years already. It's just that I'm not an expert with the server stuff, that's why I asked the question here. – Aerodynamika Dec 06 '14 at 17:55
  • 2
    *`I was seeking for a more specialized technical advice`* - You've provided no **specialized** information in your question. Are we to play 20 questions with you regarding the operating system, application stack, etc., etc.? Here's a question for you. See if you can provide any **specialized** technical advice: `How do I make my car drive better?` – joeqwerty Dec 06 '14 at 18:02
  • @joeqwerty funny how instead of looking into the post you try to teach me a lesson. it's written there: LINUX. very easy. – Aerodynamika Dec 06 '14 at 18:08
  • 1
    @deemeetree this is a more useful, expanded version of the real answer, which is "that's not possible." How many billions of dollars are spent on anti-virus, to do **exactly** what you're asking (check for and block malicious code), and how many new viruses and undetected rootkits are found every year? For that matter, last week, there was a story about a newly discovered LPT malware package that's been around since 2002. – HopelessN00b Dec 06 '14 at 18:08
  • @deemeetree Linux is not an operating system – MDMarra Dec 07 '14 at 05:00
  • @MDMarra also did not miss a chance to stop by and kick a newby with his foot. Ok, so *nix be it then. Happy? – Aerodynamika Dec 07 '14 at 10:50
  • 1
    No. I'm not kicking you. Centos 6 is an Operating System. Ubuntu 14.10 is an Operating System. Both have a Linux kernel and both behave rather differently in many cases because of the vastly different userland – MDMarra Dec 07 '14 at 12:44