Jump to content

Hackers : VPS Security ?


Abaksoft

Recommended Posts

Hi all,

 

Anyone have knowledge about VPS security ?

1. If you have an importante Database wich is hosting in a folder, and working with your UNIGUI web application, can a hacker take control of :

- your application.DLL ?

- your database ?

 

2. Is it safe to show the url : www.xxx.xxx.x.x\myFolder\myappli.DLL

Where xxx.xxx.x.x is your IP server

 

3. So, hackers can see your IP server !

 

THX.

Link to comment
Share on other sites

Thank you Marlon,

 

Very nice is your page home.

So, it confirm that web attacks are possible !

We have to take care of this.

 

Now my question : even if i hide my VPS IP adresse (Rewrite technics)

can a hacker take control of my VPS server ?

 

Big THX.

Link to comment
Share on other sites

  • Administrators

You must activate a firewall and only leave incoming ports open which you need.

You must also change the default ports. For example, don't keep the remote desktop port at its default value.

 

using security software and anti-viruses which are specially designed for Windows Server OS is useful too.

  • Upvote 1
Link to comment
Share on other sites

You must activate a firewall and only leave incoming ports open which you need.

You must also change the default ports. For example, don't keep the remote desktop port at its default value.

 

using security software and anti-viruses which are specially designed for Windows Server OS is useful too.

Hi,  Farshad!

 

Let's take out discussion about safety in a separate branch of a forum.

There is a wish to see responses of security specialists about check of the created server on vulnerability.

 

 

 

 

Link to comment
Share on other sites

  • 1 year later...
  • 2 weeks later...

Hello vipin,

In addition to what has already been said, you can add

some of techniques that you can improve :

1. Change your default DataBase "masterkey".

2. Even if your folder is stollen, allow runing your program only on your VPS (signature Mac adress etc...)

3. Protect your dll from reverse ingineering (unigui generate a no classical dll...i am testing a solution).

 

Greetings.

Link to comment
Share on other sites

  • 6 months later...

Talking about security,The mere fact that uniGUI is a server centric environment is already an advantage over traditional Delphi desktop applications.

Application security and server security are two different subjects.

I see many people here concerned about html injection,even though its a valid concern ,SQL injection is still much more dangerous.I myself never write SQL statements in my client application (at least when I´m doing my own stuff and tell the rules).

In your client you should only call methods of  a service or stored procedures and work with the resultsets.

Allways use https ,encryption whatever tool you have in your hands.

If it make things slow,you should work in a VPN .

 

Talking about server security,no matter what you do ,you´ll probably never reach the same level of security of a hosting provider,but if you really want to host yourself the best thing is buying a good dimensioned embed Linux appliance(Fortigate,Sonicwall,etc),and make a course to at least understand the basic concepts.

Some of these appliances even have a kind of playgound to fool hackers.

 

Try not to have your database ,and web server in the same machine,make several backups each day,have periodic password changes,policies to do whenever you fire a system administrator and so on.

 

And of course,don´t use the database server,or the web server to surf the WEB.

  • Like 1
  • Upvote 1
Link to comment
Share on other sites

×
×
  • Create New...