Is absolutely any server crackable?
Id like to know what are the main advanced methods of cracking a server, as a list, for the purpose of protecting our servers better. (ie. bruteforce, sql injection.. may not be that advanced ) For example, if i had a simple server responding with a static file on port 80 and strong passwords, would that server be crackable ? Some say firewall is useless, but assume everything had a basic configuration.
Im asking this question because I just found a cracked website that I use from time to time, its front page mentions the name of the team who cracked it. I searched the name of crackers and I found many other websites or pages cracked.
This website I accessed was one of those website with tools where you submit a domain and it gives you details about the website. The owner must have much more experience than myself, and Im not even sure if he knows. Maybe I should check again and try to contact him. I dont know how to offer rescue in such a case..
3 comments
[ 3.8 ms ] story [ 18.7 ms ] threadIf you want a good web server, take one thats tried and tested (maybe apache or so) as they already have alot of bugfixes in place, run it on a good hardened linux box. (i like gentoo, but otheres can be hardened aswell... ;)) And monitor it for intrustions constantly so if it occurs, you can react accordingly and in a timely manner.
Network segmentation etc., everything adds up and makes things harder for an adversary.
Remember: anyone who says it's 100% secure lies to sell you crap, thats the main thing i guess... :) good luck!