Jump to the document body.
You are here: Home | Business
Ethical Hacking

My first own Business ...

In 2006 I founded my first business, developing websites, hosting them on my dedicated server, auditing and managing partner and customer's servers. warpfactor.net was online 2006 up to 2011.

At this time I also developed modules and plugins for the OpenSource CMS Joomla! as a freelance member of the japanese company NinjaForge. This work teached me the MVC pattern and OOP. Ninja Security, a plugin able to check all incoming data for suspicious payloads was my work.

I also had a site where I pusblished my modules, plugins and recent security news about Joomla! and other modules listed in the Extension Directory. joomlakom.de was online 2007 up to 2011.

The Dedicated Servers ...

Unfortunately the consiousness about network and especially website security was not at this high grade of focus as it is today. For that reason my business crashed in 2011, because I payed more attention on security than the competitors did. Hence this took more time during development and naturally it was a bit more expensive.

A lot of tenants of so called Root Servers that do not really know how to manage a Linux system, do often make use of web based server managing systems such as Plesk, cPanel or Java based systems.

In my opinion it is not a good idea to do so. I had to audit a number of machines and quite often I was able to inject shell commands on a web based system, got a reverse shell, did a little privilege escalation and owned the box. Not even chroot jailed, or running an OpenSSH server with the SUID Bit set. This is the first thing I do: Search for those files and check, if the owned user is allowed to sudo. ☠️

A lot of suiss cheese, as we Germans say. Oh my, so many weapons out there! The servers get owned and are used for further criminal activity. This is definitely a fact one should take care of, especially in the ages of Ransomware Attacks.

My Challenge ...

You want to run an adequate and efficient business?
You have to avoid unnecessary and unexpected expenses?
So my words are:

  • You need a hardened system.
If you can't do it on your own, do an investment for professionals like me. You will get a system with actual software, recently installed security updates and as an additional gift maybe a performance boost, due to disabled unnecessary services.

Please keep in mind: Security is not for free. If you do think about contacting me to throw an eye at your server setup, my salary is at €120 per hour.

Please keep also in mind: If it can be proven that your server was misused and base for criminal activity causing financial damage to anyone, you will have to

  • prove you are not the criminal subject and
  • pay the compensation.

And the most important thig definitely is:

  • Your reputation will irreversibly be damaged.