Advanced Securing & Hardening Of Linux Server -cPanel

Oct 29, 2009

We have discussed all the basic methods of securing and hardening the server. Lets leave all the basic and general server securing and hardening I have started this to get advance knowledge in securing and hardening of the server so that it will usefull for all the person So i request all to provide all the vaulable tips and suggestions in advance securing and hardening of linux servers I welcome all the comments related to advance securing and hardening of linux servers.

View 5 Replies


Linux Server Hardening

Nov 23, 2007

1. I don't use nor will I EVER use cPanel (royal POS in my opinion). I might, however, have DirectAdmin installed (not sure yet)

2. CentOS 5, 64-bit edition

3. Apache 2.2 latest, MYSQL 5.1 latest, PHP 5.2 latest

I usually use appears to be super busy and just not able to get the job done. No slight on him, he has a busy work schedule. So I'm looking to go outside of my comfort zone and see other companies to use. I don't think I can use Platinum as I outright refuse to even discuss cPanel as an option. If I want an underperforming, unsecure and incompatible web and database server, I'll run Windows.

So I'm looking for the usual end-to-end hardening package. I'm too lazy to do it myself and I'll forget to do something. Any recommendations out there in WHT land?

View 3 Replies View Related

Securing A Cpanel Server

Nov 2, 2009

I am concerned as I get several emails containing this like this:

Large Number of Failed Login Attempts from IP

I'm trying to stop it, as obviously, I don't want anyone gaining access to my server.

Any tips for making sure the server is really secure?

View 6 Replies View Related

Linux Advanced Networking: Forwarding / Cloning UDP Traffic

May 8, 2009

I am trying to find an application that can listen on a given UDP port, say "6271" and forward all traffic (UDP) sent to that port to another IP (not on the same subnet).

I should not call this forwarding, but instead, cloning (because forwarding usually is only on the same subnet or vlan). The packets should not be modified, (thus IP information in packet ect.)

Is this possible? I have tried some applications such as,


View 4 Replies View Related

Plesk 12.x / Linux :: Advanced NginX Directives For Vhost (memcached)

Sep 19, 2014

You can edit the nginx directives for the desired vhost at the webserver config. However, it seems like that you can only add basic directives, but not something like that:


http {
# memcached servers
upstream memcached-servers {

[Code] ....

How can I do that?

View 4 Replies View Related

Hardening My Server

Apr 16, 2009

So I did something terribly dumb early this AM...go me...and I had to reinstall. Yes, it was that bad. Kernel panics, a hoarked up bootloader, nothing in the execution path, etc. Let's just say that between the 2.6.18-128.el5 kernel (I've been reading that there are a lot of reports of file corruption after this update, something I saw as well...) and yum doing something it wasn't supposed to, I'm having to start over. Thank goodness for backups. Anyways, to my questions:

CentOS 5.3 64-bit, clean install, no CP yet. I'm trying to get the base OS clean, simple and hardened before I put DA on there again and restore my websites but I have a few questions since I'm a network dork and normally pay for people to do the extended server hardening for me.

/etc/passwd/ ....

View 1 Replies View Related

Server Hardening

Feb 6, 2008

I have a dedicated server, and want to make it safe...

I once had a HOWTO to do that with things as APF and such, but is there some howto out there that is recent?

View 3 Replies View Related

VPS Server Hardening

Sep 15, 2007

What a few things you would do to boost the security of your VPS? So far I have securing/restricting SSH access, installing chkrootkit and putting up a firewall. Any other things I should do?

Just noticed I put VPS Server Hardening, should be VPS Hardening

View 10 Replies View Related

Server Hardening

Oct 25, 2007

There are many people who sell server hardening for windows and linux and all the packages are pretty much the same. I don't want to give anyone outside access to my server no matter how much they claim to be good, fact is once it's out, it's out.

Is there an online resource with some sort of check list and links for a quality server hardening for windows and linux servers?

I.E. install this, install that, configure this?

Seems that do it yourself is worth the training and $100

View 5 Replies View Related

Hardening A Win '03 Server

Jul 22, 2007

Is there a guide or check list of settings to make on a new box that I can follow to lock it down?

View 1 Replies View Related

Cpanel /home Permission Hardening

Mar 26, 2009

Since this got lost (google cache of thread discussion so far)
im reposting because i think it was an interesting discussion.

I'm setting up a cpanel server for the first time. I was wondering if i could harden the default cpanel permissions for the user folders in /home The idea is to prevent users viewing each others files. Please don't suggest the php open_basedir option as its not secure and doesn't work with cgi based file browsers.

Note I'm using suexec/suphp.

currently new cpanel users folders are created with
group and user ownership and the permissions 755

I was thinking if i changed this to 711 would this break anything?

Could i lock this down even more by changing the group ownership to "nobody" and thus have permissions 710.

View 3 Replies View Related

Windows 2000 Advanced Server Performance

Nov 27, 2007

I have a Windows 2000 Advanced Server where there's a performance issue with some of the .asp pages that retrieve data from Access databases, (I know Access databases aren't ideal for data). These pages will just get stuck/freeze, and then either suddenly spring back to life, or give a script timeout error 0113.

The largest Access database I've seen is 136MB (is that way too large?)

I will probably move some of the large Access databases onto a different server but before I do:

- Are there any tools you can recommend to diagnose exactly what files / databases are causing the problem. I don't think the Win 2000 performance monitor tools even work.

- Can anyone explain more about the technicalities behind this issue. I expect it has something to do with processes, threads, memory, Access drivers being loaded into memory etc etc. Can anyone tell me what they know to put me in the picture better?

View 1 Replies View Related

Hardening Windows Server 2003

Dec 24, 2008

Other than anti-virus

View 8 Replies View Related

Mail Server Hardening Tips

Aug 15, 2008

We have a linux server running cPanel/WHM and using Exim for mail, we're also using SpamAssassin to label messages as spam. I have made a few modifications to settings and installed things like DomainKeys, but am wondering if I am doing enough.

My objectives are to:

1) Prevent mail users on the server from being inundated with spam, and/or be able to effectively manage any spam that does come through.

2) Ensure that messages that my mail users send out remains as highly deliverable as possible.

3) Make it difficult for third parties to exploit my mail server for their own spamming needs.

Are there any good tutorials out there on this stuff that should at least cover some of my bases? Where should I begin? The only thing preventing me from hiring out the work to someone else is that I'd like to learn how to do it myself.

View 3 Replies View Related

Securing Cpanel Backups

Jun 26, 2008

I decided to use cPanels backup in a remote FTP server. But before that I want to password protect all the backups so that none unless me can open /restore the backups.

View 3 Replies View Related

Securing Your Server

Jun 22, 2008

some recommended docs/tutorials to secure your server? It will be used as a web server, running Cent OS 5 (most likely 64bit)

View 6 Replies View Related

Securing The Server ..?

Mar 30, 2008

Will be getting a new dedicated server. I know that I need to install APF + BFD for sure, but what else would you recommend installing to secure the server? Apache's mod_security module? DOS module? What are the obvious candidates other than APF/BFD?

View 13 Replies View Related

Securing A Win 2k3 Server

Apr 2, 2008

I am on the verge of getting my first dedicated server (Win2k3 Standard). Just wondering if someone can point out a few resources to me about how to secure it, what softwares to use, etc.

View 9 Replies View Related

Securing A Server

Jan 30, 2007

For those of us that do not want to try and manage our own servers I have a question to those that already have been managing there servers for a while.

Once we get our server and install our OS and the control panels and have everything up and running then what should we look at doing to our server for security and to keep it secure from the web?

View 5 Replies View Related

Securing Server - Iptables Or APF

Jul 11, 2007

way to secure a server? I have iptables on my box but havent seen any scripts which i can base my config on.

I have seen that APF seems to be popular, and from the scripts seems quite simple to setup.

I'm not afraid of iptables per se but i would like a script on which to base for cpanel, do any exist?

I also like the simplicity of APF but i am currently running static nat on iptables and wish to maintain this functionality, the server is used as a vpn gateway.

Any ideas or links to base configuration scripts that would be suitable and maintain my static nat? Are there any checklists which i could go against to ensure everything is secure?

View 14 Replies View Related

Securing Server Traffic- IPSEC

Jul 8, 2009

secure a windows server 2003 traffic.

I have one server with a small number of clients <10. The clients have dynamic IPs.

The server hosts a number of public facing websites, email, FTP and remote desktop.

What I want to do is make port 80 respond to all web requests but lock all other services down so that they only respond to my 10 clients. I was thinking some certificate or VPN solution but I've ruled VPN out as I don't have a firewall or VPN so would I be able to do this with IPSEC?

Is there quick utility that would do this or can you point me to a good example article?

View 10 Replies View Related

Securing A VPS Node Versus A Dedicated Server

May 29, 2009

I have a lot of experience with VPSs and recently have been working with dedicated servers but my partner and I are going to be providing VPSs and my main concern is securing the node the VPSs will be on. Would I secure it like a normal dedicated server?

I'm worried that if I secured it like I would my dedicated servers it would affect the VPS clients hosted on there. Any assistance is appreciated, even if it's just a recommendation for a management company or single user who could assist us.

View 7 Replies View Related

Advanced URL Rewriting

Jul 11, 2007

I know how to use basic URL rewriting, but I'd like to redirect URLs like this:


to this:


Is that possible to do this with Apache mod_rewrite?

View 4 Replies View Related

Advanced Spam

Feb 24, 2007

People have been abusing my web proxy servers to send SPAM emails. I use PHProxy and I have no mail ports open on my server, or any mail scripts. My network is

Examples of emails (I have listed some notes):

My IP:

Received: from ([]) by with HTTP (Code-Crafters Ability Mail Server 2.55); - Hmm?


My IP:


My IP:

Received: from ([]) by (Sun Java System Messaging Server 6.2-6.01 - hmm Java?


My IP:

I found in logs access to at the time of the spamming, so I have blocked use of on my proxy and banned the IP's. See


These are just some of the spam reports I have, and this is really doing my head in. As mentioned my servers do not have mail ports or mail scripts on them. They use webmin (stripped features) for a control panel.

I really need to find out why my IP is always at the bottom of this. I have asked in this forum before but did not have much luck. I have also contacted security companies to help but they were not sure what is happening.

One theory is the spammers use web based email systems, and when they submit the form the IP (from a PHP POST variable) is my IP because they are running under my proxy. But I have always assumed that if you have an email form and submit it, the server hosting the forms IP gets sent, not the actual persons IP.

That is one theory, but at the end of the day I'm still clueless to how to block this. I have blocked the use of on my servers but a lot of the spam is coming from as mentioned above.

View 1 Replies View Related

Hardening PHP And Apache

Nov 8, 2008

Does any one know of any good articles/tutorials on how to harden PHP and Apache on a cPanel VPS?

View 6 Replies View Related

Exim Hardening

Jan 12, 2008

I want to restrict ALL port 25 and port 26 email only to users who authenticate first.

I thought it came this way on Cpanel boxes, but yet there's a ton of crap being relayed through my box and getting me on tons of blacklists.

View 0 Replies View Related

Copyrights 2005-15, All rights reserved