Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Surely there is much more to it than always having the very latest updates of the web server application and other software.
Google unfortunately does not offer web hosting. If only they did, every site could benefit from whatever it is that google does and is so successful against hackers.
How can I have protection as effective as google's at any other hosting provider?
Ulysses_: Google offers web/email and many hosting solutions. Like sites.google.com for web hosting.
We should discuss what "hacking" or "cracking" really means in case of Google.
Google user accounts has been hacked as users might have bad passwords. So then hackers can access email/photos/google plus and other services. So just one password and you get lot's of things. And this happens all the time. Fortunately you can activate two-way verification so username/password combination is not enough to have access (www.google.com/settings/security).
But if you meant hacking maintenance account then it's completely different thing. There is separate management network where you can not access from Internet. There are routers, other networking equipment and servers. So hackers can not get in there unless they physically access Google site and there access special rooms where server/network management is done. So there's very high security control to get access into these rooms.
Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists.
That is besides all the 'we weren't hacked, it was XXXXXXX' (e.g. 'DNS Glitch' or "human Error') google has had over the years. I wouldnt be suprised if at least one of them was caused by hacking....google is hardly going to publicise it if I'm right about that.
Quote:
Originally Posted by Ulysses_
There would have been a message from the hackers bragging about it, on google.com or another google site.
Ummm....google has been p̶r̶o̶v̶e̶d̶ rumoured to remove search results they dont like, or downlist them to the point where you'll need to check page number 134 of search results to see it.
Even if thats not the case, why assume that 'hackers' are going to be loudmouthed idiots? Not everybody who does stuff like that talks about it.
Quote:
Originally Posted by Tobler
There are routers, other networking equipment and servers. So hackers can not get in there unless they physically access Google site and there access special rooms where server/network management is done. So there's very high security control to get access into these rooms.
Might not be what the OP is/was worried about, but if you can access data physically, the end result is no different from accessing data over a network IMO.
sought access to the Gmail accounts of human rights activists.
This sounds like some government was involved. But google is in bed with the US government already. Maybe some dictatorial regime has agents inside google who made it possible.
So maybe a less known hosting company is less likely to have been infiltrated? Which such company might have just as good network security or better?
It is my Professional Estimate and Personal Opinion that Google gets 'hacked' more than is thought.
I asked google safe browsing to show me
stats for one of Google's Address Space says
"Over the past 90 days, we found 45 site(s) on this network, including, for example, sabhot.com/, google.com/, googleapis.com/, that appeared to function as intermediaries for the infection of 78 other site(s) including, for example, feedreader.com/, foto---seksi.blogspot.com/, www.jazaan.com.googlepages.com/."
stats for Google.com
"Over the past 90 days, google.com appeared to function as an intermediary for the infection of 26 site(s) including ]www.jazaan.com.googlepages.com/, heartfailuresolutions.com/, stroupecondoblog.com/."
The topic could have read "Why don't google webservers ever get defaced?"
Remember that the intrinsic nature of any (non-static ...) web site is that it consists of software. Even if the site itself is completely static, it's still running on software. Anytime a digital computer is involved, the possibility for exploitation exists.
I think that you really have to bear in mind, though, that computer-exploitation is very much a "crime of opportunity" situation. Your choice of host (yes, even Google) is not going to be a source-of security, nor a loss-of it. How you configure and keep-up your site, will be. There are millions of sites out there, and exploiters probably don't care about "yours" vs. anybody else's. (If they do, then what I'm saying doesn't apply anymore.) If you have taken reasonable precautions to keep your doors locked and your front-porch swept and the newspapers aren't allowed to accumulate out by the mailbox, you're not going to be "the easiest pickin's" and that might make all the difference.
The problem is I do not know anything I can do to prevent hackers from hacking into my site, other than use strong passwords, keep my software up to date, keep the pc where I type the passwords free from keyloggers, and keep my login link to the site secure.
But hosting companies should know a lot more than that, for their side of things, is that not so? Aren't there any with a good security reputation?
Let's say I take an existing blogging application script (is wordpress open-source?) and install it, what backdoors are there in such an application for me to close?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.