Is absolutely any server crackable?

1 points by id122015 ↗ HN
Id like to know what are the main advanced methods of cracking a server, as a list, for the purpose of protecting our servers better. (ie. bruteforce, sql injection.. may not be that advanced ) For example, if i had a simple server responding with a static file on port 80 and strong passwords, would that server be crackable ? Some say firewall is useless, but assume everything had a basic configuration.

Im asking this question because I just found a cracked website that I use from time to time, its front page mentions the name of the team who cracked it. I searched the name of crackers and I found many other websites or pages cracked.

This website I accessed was one of those website with tools where you submit a domain and it gives you details about the website. The owner must have much more experience than myself, and Im not even sure if he knows. Maybe I should check again and try to contact him. I dont know how to offer rescue in such a case..

3 comments

[ 3.8 ms ] story [ 18.7 ms ] thread
You can never guarante for 100% it's secure, anyone who does is lying to sell you crap... For example, if a site is hosting static content, perhaps there's a vulneraiblity in the sever itself (request handler maybe of the webserver, or the operating system, or even the hardware...)

If you want a good web server, take one thats tried and tested (maybe apache or so) as they already have alot of bugfixes in place, run it on a good hardened linux box. (i like gentoo, but otheres can be hardened aswell... ;)) And monitor it for intrustions constantly so if it occurs, you can react accordingly and in a timely manner.

Network segmentation etc., everything adds up and makes things harder for an adversary.

Remember: anyone who says it's 100% secure lies to sell you crap, thats the main thing i guess... :) good luck!

oh and additionaly, if you get pwnt, rm -rf the thing after you identify what occured and start over taking this into consideration... don't restore a backup and get owned again....