Security of Webserver

Are there anyways I can scan my servers IP and let is show me all the vulnerabilities i have...
I want to keep it secure.

Something like the linux software "dont be a dick"...
Is there an online version of this somewhere?

Cheers!
LVL 11
neesterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nicholassolutionsCommented:
what kind of server is it? (what OS?)
nicholassolutionsCommented:
Just as general advice, I would recommend asking this in the Linux Admin TA (or whatever is appropriate for your OS). This really isn't the type of thing that you can just test once then sit back and be sure everything is ok. It really requires a person to be on top of things -- otherwise there would be no such thing as a sys admin ;)

As for testing security vulnerabilities, I doubt anyone has a site or anything where you can do this -- that would basically be considered hacking, since anyone could use it to find out about servers that do not belong to them.

On the other hand, there are some well-known security holes that you can plug up (for example, you shouldn't allow direct ssh login as root; instead you should log in as another user, and then su to root -- that way someone has to find out two passwords instead of one to do real damage to your server). Here's a good place to get started (assuming you're on *nix):

http://forums.servermatrix.com/viewtopic.php?t=4909
http://www.yolinux.com/TUTORIALS/LinuxTutorialInternetSecurity.html

-Matt

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Diablo84Commented:
hackerwatch.org provide a free online port scan, here:

http://www.hackerwatch.org/probe/

but for reasons of security, as Matt mentioned, it will only scan the current computer so you cannot scan a remote IP.

Diablo84
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

iamanindianCommented:
Well...if you want a paid service, you may try with http://www.netcraft.com. They offer such services & a very wel know company in this segment.
Related links:
http://audited.netcraft.com/

Hope this helps.

Regards
WC
nicholassolutionsCommented:
Cool site Diablo ;)
BTW, you can try this on your remote server if you have SSH access:

prompt> lynx http://probe.hackerwatch.org/probe/probe.asp

I just tried on one of mine and it worked fine (you'll have to wait a while for it to finish downloading the page, but it should work eventually).

Matt
neesterAuthor Commented:
Great thanks guys!
I am running some tests now.

The thing is its a Windows server.
Behind a hardware firewall.
So things are looking good from the scans so far.

Cheers!
zariokCommented:
Run your own tests from home or a borrowed connection.

http://www.nessus.org/

ahoffmannCommented:
>  Are there anyways I can scan my servers IP and let is show me all the vulnerabilities i have.
short answer: no
long answer: no
very long answer: there're dozents of tools to do partially what you asked for.
first you have to distinguish which kinds of vulnerabilities you whant to identidy: networ/OS or application or web application in particular
then you can select the proper tools
For network/OS the most common is nmap, but there're some commercial ones too.
For applications there's nmap and nessus, and the commercial ones again.
For web applications (as your PHP suggest) you need specialized tools. nmap/nessus are very weak in this area, whisker and nikto are good starters, but if you want a more complete scan you definitely need commercial ones like AppScan, WebInspect, ScanDo (just to mention a few). Then keep in mind that all of these tools only find simple flaws like XSS, SQL Injection , path traversal, file enumeration etc. etc.. None of them will find flaws in your application itself, like unadequate session management (session hijacking, session fixation, etc. etc.), logical flaws like posibility of user/password enumeration, or semantical like invalid SSL certs.

You see, my list may just name approx. 2% off currently know vulnerabilities, there is a long way to go to "all" as you asked for.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.