You’ll find this funny but I’m pretty serious. Need my own servers "hacked"

This topic contains 6 replies, has 5 voices, and was last updated by  Triban 6 years, 7 months ago.

  • Author
    Posts
  • #8428
     TheUsD 
    Participant

    Topic pretty much says it all but there is more too it.

    I’ve setup a file hosting server for my friends, family, and my small business and I would like to see how vulnerable it is to the outside world. I’m also wanting to see if any of the users would be able to “hack” their way into another users files on the server.

    I’m using win7 ult 64-bit the software running the FTP server is Wing FTP enterprise edition. The software supports FTP, FTPS(FTP with SSL), HTTP, HTTPS, and SFTP(FTP with SSH) and allows me to create user accounts which I can control their folders, directories, disk quota, bandwidth and etc..
    Since I cannot find a suitable program that will auto-backup files (you can add a suggestion for a good client here, lol) I’ve been having them create a connection via “add a network connection” in computer, have them put in the server/user info.

    Since I’m a noob with software on that level (I’m a computer repair tech and have a small background in networking) I’m not even sure how my clients are even connecting, I suppose its just a standard FTP?

    Last concern:
    I know this site is for EH and everyone here is a “good guy” but I’m a realist and realize that I can’t just ask anyone to “hack” or attempt to “hack” my server so since I just can’t allow anyone here, how would I go about finding someone to be able to see if they can hack the FTP server and gain access to anyone’s files?

    Even if you cannot help me, thanks for your time.

  • #52905
     TheUsD 
    Participant

    I know double posting is a big turn off to getting your question answered, but is what I asked wrong for me to ask or should be put into another location?

    I was clueless where to start looking and this seemed to be a good idea at the time.

  • #52906
     ziggy_567 
    Participant

    What you’re asking for is called a penetration test. There are lots of people on this forum (myself included) that are professional penetration testers and get paid to do exactly what you’re asking for.

    If you’re interested in having a quality penetration test done, it won’t come free. I would suggest doing a little research on Google to find a reputable consulting firm to contact about your needs. Call around to a few of them to get an idea of what services they provide and an idea of what the price would be. The numbers and services will vary greatly depending on the firm you contact, so shop around and find the best fit for your needs.

    Good luck!

  • #52907
     TheUsD 
    Participant

    Thanks for the advise, I’ll do some research and see what it brings me. And since I have your slight attention, can you PM me with your company info in case I do not find something that fits my needs?

  • #52908
     Don Donzal 
    Keymaster

    Moving thread.

    Don

  • #52909
     Anonymous 
    Participant

    “Thanks for the advise, I’ll do some research and see what it brings me. And since I have your slight attention, can you PM me with your company info in case I do not find something that fits my needs? “

    why not you do it? Google and see what it will take you to carry on the task.It is part of learning.
    Good luck!

  • #52910
     Triban 
    Participant

    First question, have you hardened your server to the best of your abilities/knowledge?  Have you covered the Security 101 basics?
    renamed default admins?
    disabled guest?
    use complex passwords?
    disable unneeded services?
    installed AV and configured it?
    enabled the client based firewall and configured it?
    Fully patched on both the Operating System and applications?
    Ensure any local service/user accounts are running with least privilege access?

    If you have done all of that, then you might be ready for a pen test.  And like Xtophertaito suggested, give it a go yourself, you will learn a lot.  Also another good idea is to grab something like OpenVAS or Nessus Community edition and run some vuln scans against your system.  Google on the critical/high findings to learn how to fix them.  Good luck!

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?