Hello everyone! A few years ago a position opened up at a company I've been freelancing as a PHP developer. They asked me if I wanted to learn how to administrate our web servers. Back then I had little to no experience and while scary, it sounded like it could be a lot of fun. I decided to accept it and the old admin tought me how their servers worked, what they were using and how they set up new websites etc etc. All good, now 2 years later, I'm kind of stuck in the same routines and I feel like we haven't really been moving forward. I was hoping that some of you guys could criticize our setup and point me in the right direction as to where to go now. Our servers consist of; 5 Web servers all running Ubuntu 12.04 updated 1 Backup server Web server info: Running Apache and Mysql, all new customers are added to the server using adduser and assigned to the group sftp which grants them SFTP access to their home directory. Backups are done through a cronjob which runs rsync nightly and are saved in different folders on our backup machine depending on what date they were stored. SQL backups are also done the same way. My thoughts; I feel like there has to be some kind of better ways to manage our users, I've lately been starting to look at a hosting control panel such as cPanel or Froxlor. Also, the way we do backups feels like while it works, is not the best way to do it. Are there any risks included here? Updating servers; I feel absolutely terrified in updating our servers, when I had just started I ran a security update and all our vhosts were wiped, resulting in me working 24 hours non stop just looking for the sites server names and setting them up again. What's the best way to run updates? Is Ubuntu 12.04 at any risk? How often do you guys update your web servers? I've lately ran all the security updates on our servers, but are now thinking about upgrading to the latest Ubuntu version as well. May I lose my users and all my SFTP settings, php.ini settings, vhosts, etc etc if I upgrade? Hacked websites; This is probably a pretty complex topic but I will ask a few brief questions here. We have had a few websites that are running common CMS getting hacked, and sending thousands of emails getting 1 of our servers blacklisted at 1 time. I fixed this through running some scans using grep and then disabling sendmail on the server (we have another mail server which I do not administrate) and deleting all suspicous files. Sometimes the websites stay clean, sometimes I have to go back and clean them again, searching harder. What are some basic security measures I should take versus common CMS that our customers are using? Final words; Thanks for reading my thoughts and questions. A little bit more about us; We are a small company that develops websites for smaller companies/charities. We host most of our customers on our server, but we always let them host it elsewhere if wanted. Any tips on what I should read, or any courses I can take that will improve me as a server admin? Regards, T.A PS. Sorry for any bad spelling or confusing word choices as I am not a native english speaker.
Well. The setup sounds very basic - it sounds a bit like it's "the path of least resistance" taken, and not really providing much for the customers, for instance. I'm assuming the users at least gets access only to their own root-folder, and can't acceess other users files on the same server? Same goes for via sftp. (A bit unsure if you're providing shell access to users). You should more or less force your users to update software running on their account - deprecated versions etc. won't do, and are a security nightmare. cPanel, or hosted wordpress or similar solutions might make it easier to do a site-wide update, for instance. You're not mentioning anything like a firewall or load-balancer (the latter is probably not needed for the setup you're using, but... there must be something limiting what goes out and in to servers?) As long as you keep the server software (Apache, PHP and MySQL) up to date, and make sure you patch security vulnerabilities, running on Ubuntu 12.04 isn't the worst. I'm sure you'll get more input from other users.
Thanks for your reply. The firewall is not on my playground but I've been told we have a solid firewall. We rarely have any downtimes and the websites run smooth for the most times (except for 1 time when we had a hacked website that were trying to send out 1000s of emails every second). The users does not get shell access, only ftp access to their own root-folder. A big problem is that we are not a web hosting company, but rather a web designer company that hosts the sites we make on our own servers, which kind of makes the updates on the web sites our problem, but a very hard one to deal with since we have 100s+ of Joomla & WP sites.