closing open ports at my web server

[ali1]

Hi.
I just port scanned my server,and saw a lot of open ports.The ports that were found open were:

Port 21 File Transfer Protocol [Control]
22 SSH Remote Login Protocol
25 Simple Mail Transfer
80 World Wide Web HTTP
110 Post Office Protocol
I'm extremely concerned about the security of my website.Therefore I want to close these ports.However I would be using the services that these ports provide most of the time,so I'm not sure if I want to close them.Or is it possible that I open them whenever I'm using their services and close them afterwards?If it helps,my host is running Unix,and it allows me to telnet to it using SSH.And,I've bought paid web hosting at WestHost.I use Putty to telnet to my host when needed.

Two more questions,when i noticed the port 25 open,I immediately tried sending an anonymous mail through Telnet.I'm sure most of you would be familiar with how to do that.and it WORKED! This is definitely not something I want.I'd like to disable it somehow.Like most of the other servers that throw up an error when you try to send anonymous mail through it.How do I do that?please keep in mind that I do want to be able to send and receive emails sent to any of my email addresses at my domain name.

Last question,I dont have a brute forcer right now,so I havent checked.But I want to put up a system that would automatically disconnect after 5 or 3 failed login attempts.I once tried to brute force a website that had this system set up and it always disconnected me after 5 failed login attempts.It was a real pain and I couldnt brute force their password.Now that I have my own server to administer,I think that is a really good idea.Any info on how I would do that?
i appreciate your help.
Ali.

[Soda_Popinsky]

If it helps,my host is running Unix,and it allows me to telnet to it using SSH.And,I've bought paid web hosting at WestHost.I use Putty to telnet to my host when needed.

I hope you mean ssh instead of telnet. Is this dedicated hosting? Do you have privledge to make systemwide configurations like you ask? You obviously are paying for the hosting, but does the host allow you to make theses changes?

[d00dz Attackin]

"Port 21 File Transfer Protocol [Control]
22 SSH Remote Login Protocol
25 Simple Mail Transfer
80 World Wide Web HTTP
110 Post Office Protocol"

All those are needed, by them being open means that the server has to send packets through an open port and not a closed one. If it were, you wouldn't be able to view your site or send mail..

Cheers,
d00dz

[ali1]

All those are needed, by them being open means that the server has to send packets through an open port and not a closed one. If it were, you wouldn't be able to view your site or send mail..

I agree,but I'm not FTPing to my website at all times,so i dont see the point of having port 21 open at all times.Similarly,I probably dont need the SSH Remote Login Protocol open at all times.Correct me if I'm wrong,but doesnt having unneccesary services running increase the chances of getting hacked?

I hope you mean ssh instead of telnet. Is this dedicated hosting? Do you have privledge to make systemwide configurations like you ask? You obviously are paying for the hosting, but does the host allow you to make theses changes?

What I meant was that I can use SSH as an alternative to telnetting at my website.I dont know about dedicated but it is using a VPS.I'm using the Value package at WestHost.I'll have to contact them to find out about the rest of the things.I'll post back after talking to them.
thanks.

[Soda_Popinsky]

I have a feeling you are screwed. When you use a webhost, you depend on them for security and configuration. I bet dollars to donuts that your ssh client won't let you do very much except file transfer.

When you own your server, (like being able to kick the server that is under your desk if you wanted to), you have privledge to add and remove services that you want. This server belongs to WestHost, and I can bet that they don't give you root privledges on your own server. You are renting, not owning.

Best bet is to contact them.

[mungyun]

Correct me if I'm wrong, but if you scanned your server, you are scanning your hosts server. They might have those ports open and you don't really need to worry about them because they are the ones to worry about your sites security.

[ali1]

Yea,I think you're right.I just talked to their representative and found out that I'm not using dedicated web hosting.So may be its the host that is running those services.
So that means,I cant get hacked/get a virus unless my host gets hacked too,right?

[Soda_Popinsky]

So that means,I cant get hacked/get a virus unless my host gets hacked too,right?

Correct under a couple conditions-

• Your passwords are safe
• You have static web pages, no php dynamic pages

If you get defaced and were not exploited by the above, then your host is responsible, not you.

[ali1]

I just talked to one of the guys at the server.They asked me what I had at my mind that I wanted to do.They said they'd be better able to assist me if I could tell them what was that I wanted to do.I said I'll get back to them later.What is that I have to do to disable anonymous mailing and auto disconnect after 3 failed login attempts?

[ali1]

i also think its worth a shot to try what I have to do,may be they DO allow that.