Advanced Securing & Hardening Of Linux Server -cPanel
Oct 29, 2009
We have discussed all the basic methods of securing and hardening the server. Lets leave all the basic and general server securing and hardening I have started this to get advance knowledge in securing and hardening of the server so that it will usefull for all the person So i request all to provide all the vaulable tips and suggestions in advance securing and hardening of linux servers I welcome all the comments related to advance securing and hardening of linux servers.
View 5 Replies
ADVERTISEMENT
Nov 23, 2007
1. I don't use nor will I EVER use cPanel (royal POS in my opinion). I might, however, have DirectAdmin installed (not sure yet)
2. CentOS 5, 64-bit edition
3. Apache 2.2 latest, MYSQL 5.1 latest, PHP 5.2 latest
I usually use appears to be super busy and just not able to get the job done. No slight on him, he has a busy work schedule. So I'm looking to go outside of my comfort zone and see other companies to use. I don't think I can use Platinum as I outright refuse to even discuss cPanel as an option. If I want an underperforming, unsecure and incompatible web and database server, I'll run Windows.
So I'm looking for the usual end-to-end hardening package. I'm too lazy to do it myself and I'll forget to do something. Any recommendations out there in WHT land?
View 3 Replies
View Related
Nov 2, 2009
I am concerned as I get several emails containing this like this:
Large Number of Failed Login Attempts from IP xxx.xxx.xxx.xxx
I'm trying to stop it, as obviously, I don't want anyone gaining access to my server.
Any tips for making sure the server is really secure?
View 6 Replies
View Related
May 8, 2009
I am trying to find an application that can listen on a given UDP port, say "6271" and forward all traffic (UDP) sent to that port to another IP (not on the same subnet).
I should not call this forwarding, but instead, cloning (because forwarding usually is only on the same subnet or vlan). The packets should not be modified, (thus IP information in packet ect.)
Is this possible? I have tried some applications such as,
samplicator
View 4 Replies
View Related
Sep 19, 2014
You can edit the nginx directives for the desired vhost at the webserver config. However, it seems like that you can only add basic directives, but not something like that:
Code:
http {
# memcached servers
upstream memcached-servers {
server 127.0.0.1:11211;
}
[Code] ....
How can I do that?
View 4 Replies
View Related
Apr 16, 2009
So I did something terribly dumb early this AM...go me...and I had to reinstall. Yes, it was that bad. Kernel panics, a hoarked up bootloader, nothing in the execution path, etc. Let's just say that between the 2.6.18-128.el5 kernel (I've been reading that there are a lot of reports of file corruption after this update, something I saw as well...) and yum doing something it wasn't supposed to, I'm having to start over. Thank goodness for backups. Anyways, to my questions:
CentOS 5.3 64-bit, clean install, no CP yet. I'm trying to get the base OS clean, simple and hardened before I put DA on there again and restore my websites but I have a few questions since I'm a network dork and normally pay for people to do the extended server hardening for me.
/etc/passwd/ ....
View 1 Replies
View Related
Feb 6, 2008
I have a dedicated server, and want to make it safe...
I once had a HOWTO to do that with things as APF and such, but is there some howto out there that is recent?
View 3 Replies
View Related
Sep 15, 2007
What a few things you would do to boost the security of your VPS? So far I have securing/restricting SSH access, installing chkrootkit and putting up a firewall. Any other things I should do?
Just noticed I put VPS Server Hardening, should be VPS Hardening
View 10 Replies
View Related
Oct 25, 2007
There are many people who sell server hardening for windows and linux and all the packages are pretty much the same. I don't want to give anyone outside access to my server no matter how much they claim to be good, fact is once it's out, it's out.
Is there an online resource with some sort of check list and links for a quality server hardening for windows and linux servers?
I.E. install this, install that, configure this?
Seems that do it yourself is worth the training and $100
View 5 Replies
View Related
Jul 22, 2007
Is there a guide or check list of settings to make on a new box that I can follow to lock it down?
View 1 Replies
View Related
Mar 26, 2009
Since this got lost (google cache of thread discussion so far)
[url]
im reposting because i think it was an interesting discussion.
I'm setting up a cpanel server for the first time. I was wondering if i could harden the default cpanel permissions for the user folders in /home The idea is to prevent users viewing each others files. Please don't suggest the php open_basedir option as its not secure and doesn't work with cgi based file browsers.
Note I'm using suexec/suphp.
currently new cpanel users folders are created with
group and user ownership and the permissions 755
I was thinking if i changed this to 711 would this break anything?
Could i lock this down even more by changing the group ownership to "nobody" and thus have permissions 710.
View 3 Replies
View Related
Nov 27, 2007
I have a Windows 2000 Advanced Server where there's a performance issue with some of the .asp pages that retrieve data from Access databases, (I know Access databases aren't ideal for data). These pages will just get stuck/freeze, and then either suddenly spring back to life, or give a script timeout error 0113.
The largest Access database I've seen is 136MB (is that way too large?)
I will probably move some of the large Access databases onto a different server but before I do:
- Are there any tools you can recommend to diagnose exactly what files / databases are causing the problem. I don't think the Win 2000 performance monitor tools even work.
- Can anyone explain more about the technicalities behind this issue. I expect it has something to do with processes, threads, memory, Access drivers being loaded into memory etc etc. Can anyone tell me what they know to put me in the picture better?
View 1 Replies
View Related
Dec 24, 2008
Other than anti-virus
View 8 Replies
View Related
Aug 15, 2008
We have a linux server running cPanel/WHM and using Exim for mail, we're also using SpamAssassin to label messages as spam. I have made a few modifications to settings and installed things like DomainKeys, but am wondering if I am doing enough.
My objectives are to:
1) Prevent mail users on the server from being inundated with spam, and/or be able to effectively manage any spam that does come through.
2) Ensure that messages that my mail users send out remains as highly deliverable as possible.
3) Make it difficult for third parties to exploit my mail server for their own spamming needs.
Are there any good tutorials out there on this stuff that should at least cover some of my bases? Where should I begin? The only thing preventing me from hiring out the work to someone else is that I'd like to learn how to do it myself.
View 3 Replies
View Related
Jun 26, 2008
I decided to use cPanels backup in a remote FTP server. But before that I want to password protect all the backups so that none unless me can open /restore the backups.
View 3 Replies
View Related
Jun 22, 2008
some recommended docs/tutorials to secure your server? It will be used as a web server, running Cent OS 5 (most likely 64bit)
View 6 Replies
View Related
Mar 30, 2008
Will be getting a new dedicated server. I know that I need to install APF + BFD for sure, but what else would you recommend installing to secure the server? Apache's mod_security module? DOS module? What are the obvious candidates other than APF/BFD?
View 13 Replies
View Related
Apr 2, 2008
I am on the verge of getting my first dedicated server (Win2k3 Standard). Just wondering if someone can point out a few resources to me about how to secure it, what softwares to use, etc.
View 9 Replies
View Related
Jan 30, 2007
For those of us that do not want to try and manage our own servers I have a question to those that already have been managing there servers for a while.
Once we get our server and install our OS and the control panels and have everything up and running then what should we look at doing to our server for security and to keep it secure from the web?
View 5 Replies
View Related
Jul 11, 2007
way to secure a server? I have iptables on my box but havent seen any scripts which i can base my config on.
I have seen that APF seems to be popular, and from the scripts seems quite simple to setup.
I'm not afraid of iptables per se but i would like a script on which to base for cpanel, do any exist?
I also like the simplicity of APF but i am currently running static nat on iptables and wish to maintain this functionality, the server is used as a vpn gateway.
Any ideas or links to base configuration scripts that would be suitable and maintain my static nat? Are there any checklists which i could go against to ensure everything is secure?
View 14 Replies
View Related
Jul 8, 2009
secure a windows server 2003 traffic.
I have one server with a small number of clients <10. The clients have dynamic IPs.
The server hosts a number of public facing websites, email, FTP and remote desktop.
What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?
Is there quick utility that would do this or can you point me to a good example article?
View 10 Replies
View Related
May 29, 2009
I have a lot of experience with VPSs and recently have been working with dedicated servers but my partner and I are going to be providing VPSs and my main concern is securing the node the VPSs will be on. Would I secure it like a normal dedicated server?
I'm worried that if I secured it like I would my dedicated servers it would affect the VPS clients hosted on there. Any assistance is appreciated, even if it's just a recommendation for a management company or single user who could assist us.
View 7 Replies
View Related
Jul 11, 2007
I know how to use basic URL rewriting, but I'd like to redirect URLs like this:
[url]
to this:
[url]
Is that possible to do this with Apache mod_rewrite?
View 4 Replies
View Related
Feb 24, 2007
People have been abusing my web proxy servers to send SPAM emails. I use PHProxy and I have no mail ports open on my server, or any mail scripts. My network is http://privax.us
Examples of emails (I have listed some notes):
My IP: 75.126.48.148
[url]
Received: from mail.anpmall.net ([75.126.48.148]) by mail.anpmall.net with HTTP (Code-Crafters Ability Mail Server 2.55); - Hmm?
----------------------------------------
My IP: 75.126.48.148
[url]
----------------------------------------
My IP: 75.126.48.146
[url]
Received: from 216.154.195.49 ([172.18.12.134]) by vms047.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 - hmm Java?
----------------------------------------
My IP: 75.126.48.148
[url]
I found in logs access to webmail.bellsouth.net at the time of the spamming, so I have blocked use of bellsouth.net on my proxy and banned the IP's. See
[url]
----------------------------------------
These are just some of the spam reports I have, and this is really doing my head in. As mentioned my servers do not have mail ports or mail scripts on them. They use webmin (stripped features) for a control panel.
I really need to find out why my IP is always at the bottom of this. I have asked in this forum before but did not have much luck. I have also contacted security companies to help but they were not sure what is happening.
One theory is the spammers use web based email systems, and when they submit the form the IP (from a PHP POST variable) is my IP because they are running under my proxy. But I have always assumed that if you have an email form and submit it, the server hosting the forms IP gets sent, not the actual persons IP.
That is one theory, but at the end of the day I'm still clueless to how to block this. I have blocked the use of bellsouth.net on my servers but a lot of the spam is coming from anpmall.net as mentioned above.
View 1 Replies
View Related
Nov 8, 2008
Does any one know of any good articles/tutorials on how to harden PHP and Apache on a cPanel VPS?
View 6 Replies
View Related
Jan 12, 2008
I want to restrict ALL port 25 and port 26 email only to users who authenticate first.
I thought it came this way on Cpanel boxes, but yet there's a ton of crap being relayed through my box and getting me on tons of blacklists.
View 0 Replies
View Related