ConfigServer Security & Firewall Settings
Feb 15, 2009How I can enable the following options on my VPS:
LF_HTACCESS
PT_SKIP_HTTP
PT_ALL_USERS
How I can enable the following options on my VPS:
LF_HTACCESS
PT_SKIP_HTTP
PT_ALL_USERS
When we use the ConfigServer Security&Firewall have you noticed the packet loss because of of the firewall?
Check check your IP or website you will the loss of packets
[url]
Is there an solutions for these problems?
Disbale the firewall and check you will not get any loss of packets
I heard that CSF firewall will block the ips but still its useful to install? or is there any other method to stop to automatically block the ips from csf? Just want to know about it.
View 14 Replies View RelatedI have the following config:
Centos 4.7 Final
Apache 2.2
PHP 5.2.9 (suphp / suhosin disabled)
MySQL 5
Server: Dual Xeon, 4GB Memory
I'd like input on the most optimal settings overall
php.ini
Quote:
; Memcache Section
extension = memcache.so
memcache.allow_failover = 0
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
max_execution_time = 300
max_input_time = 600
memory_limit = 256M
httpd.conf
Quote:
RLimitMEM 473331029
RLimitCPU 240
ErrorLog logs/error_log
DefaultType text/plain
AddType text/html .shtml
ServerLimit 1000
KeepAlive On
MaxKeepAliveRequests 64
KeepAliveTimeout 1
MinSpareServers 5
MaxSpareServers 15
StartServers 30
MaxClients 850
MaxRequestsPerChild 64
HostnameLookups Off
UseCanonicalName Off
my.cnf
Quote:
[mysqld]
local-infile=0
datadir=/var/lib/mysql
skip-locking
skip-networking
safe-show-database
query_cache_limit=2M
query_cache_size=128M ## 32MB for every 1GB of RAM
query_cache_type=1
max_user_connections=350
max_connections=600
interactive_timeout=10
wait_timeout=28800
connect_timeout=20
thread_cache_size=128
key_buffer=512M ## 128MB for every 1GB of RAM
join_buffer=8M
max_connect_errors=20
max_allowed_packet=32M
table_cache=1024
record_buffer=8M
sort_buffer_size=4M ## 1MB for every 1GB of RAM
read_buffer_size=4M ## 1MB for every 1GB of RAM
read_rnd_buffer_size=4M ## 1MB for every 1GB of RAM
thread_concurrency=8 ## Number of CPUs x 2
myisam_sort_buffer_size=64M
server-id=1
collation-server=latin1_swedish_ci
[mysql.server]
user=mysql
old-passwords = 1
[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
open_files_limit=8192
It looks like a change was made to the firewall settings (I think this was done by .net microsoft patch).I have manually added mysql-nt to the firewall ruleset, and this has allowed MySql to talk to the application. (Wordpress websites are now working)I still get the same error when i try to log in to the control panel.
ERROR: PleskMainDBException
MySQL server has gone away
0: common_func.php3:637
reconnect()
1: common_func.php3:600
db_connect()
2: auth.php3:134
Is there a list of firewall rules that need to be in place to allow Plesk to work?
This is my list (from my head) of things to install or do on a webhosting server to enhance security (not in any particualr order):
- rkhunter.
- chkrootkit.
- secure /tmp and similars.
- install mod_security.
- install mod_deflate.
- change ssh port.
- disable root login.
- install and tweak apf.
- install bfd.
- setup logwatch.
- add know "bad" IPs to apd list.
- enforce long and secure passwords.
- syctl.conf Hardening
- Mod_LimitIPConn
- System Integrity Monitor
- System Priority
- Process Resource Monitor
- Port Scan Attack Detection
- In php.ini, disable:
exec,system,passthru,readfile,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,popen
- Prevent Apache and bind to show their versions.
Just have some questions regarding server settings and security
1) What will happen if
Open_basedir in php.ini is changed to
Open_basedir = /home:/tmp
?
2) What will happen if all hosted users in passwd file are set to /sbin/nologin ???
Dose it effect running the web site?
What are the effects if
Sync if set to /sbin/nologin default is /bin/sync
shutdown if set to /sbin/nologin default is /sbin/shutdown
halt if set to /sbin/nologin default is /sbin/halt
news if set to /sbin/nologin default is empty
netdump if set to /sbin/nologin default is /bin/bash
Mysql if set to /sbin/nologin default is /bin/bash
mailman if set to /sbin/nologin default is /bin/bash
cpanel if set to /sbin/nologin default is /bin/bash
3) How to make /bin/bash in passwd file is the default path for each new user added (automatically) in cpanel/whm server
4) What is the effect if base64_encode and base64_decode if been added in disable functions?
5) How to secure host.conf and nsswitch.conf to prevent DNS lookup poisoning and also provide protection against spoofs?
6) How to secure the system configuration file sysctl.conf to prevent the TCP/IP stack from syn-flood attacks?
7) What is ClamAV and how to disable it?
After upgrading to Plesk 12 the FTP connection has become very slow. Mode Security, Fail2Ban and Plesk Firewall have been enabled, the security is set to force sFTP and maximum security and in /etc/proftpd.d/ a conf file has been added to set the passive ports that have been opened in the Plesk Firewall (60000 to 62000)
Turning off the Mod Security does not solve the slow connection.
What can we do to detect the cause of the problem?
This very well could be the most positive review I have or ever will give.
First let me start by explaining what ConfiServer does. They offer a wide range of services such as securing cPanel along with installing multiple scripts to an "Anti-Spammer/Exploit Service". In addition to this they even offer tons of free software such as a firewall, explorer, mail manager etc.
Besides offering great free things such as their software, they offer great services.
I have used both their cPanel Server Service Package and their Anti-Spammer/Exploit Service, both I couldn't be more happy with for the following reasons:
1. Saw a decrease in spammers and hackers.
2. Made the server more secure
3. Was done fast
4. Before they install your services they will ask you questions that will allow you to pick and choose what they do in case there is something you don't want done or already did yourself.
5. Their software is all around great. The explorer makes accessing files much easier than before, and, the firewall locks out anyone just going ahead and guessing at passwords.
The only downside that I have found is with the firewall, and that is customers being blocked because they forgot their login information. However, that isn't ConfigServer's fault and I could easily just turn that off if I didn't want it.
Bottom Line: I highly recommend ConfigServer
i have question from who has install ConfigServer Mail Manage .
and what does this script do?
is it good in share server?
what about server with only admin user?
and how can i install it on my cpanel/whm?
[url]
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
how to set up dns correctly as I have been trying for over a day now and not succeeded!
The situation is that I am using whm/cpanel. I have a domain hosted with godaddy that I want to point at my vps space. I have entered the nameservers into godaddy, and it now shows the placeholder page when I go to my domain.
I have set-up a user with ftp access to my main domain in whm, and uploaded an index page to test.
If I type in my domain name it goes to the godaddy placeholder page, if I type in the IP address it goes to an apache 'great success' page, and if I go to the same IP but with the users name added, it goes to the index file I uploaded.
I have played around with dns zones and A records but cannot get the index page to show when I enter my main domain name.
Does the following setting of PHP look normal in a shared hosting environment?
disable_functions ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec ini_alter,system,passthru,shell_exec,leak,listen,chgrp,apache_setenv,define_syslog_variables,openlog,syslog,ftp_exec
Our business is in the middle of changing to a Exchange based Email Platform which will be take effect in a few months, NOT NOW but planning ahead I'm trying to help with the DNS issues behind the scene. The current Host and Registerar is flarehosting. However I have just transferred the Domain Name to my NAMECHEAP account and need to take over the DNS Controls. I want to make SURE this is done without ANY downtime for the company (website, current email system). After contacting the current host for correct settings I have 3 things I need help with.
newerafinance.com 208.21.164.25 (Used for Domain)
mail.newerafinance.com 208.21.167.4 (Used for WebBased Email AND pop/smtp)
MX is mail2.uploadmysite.com
I was told with the above info I need to setup ARecords, CNAME, and URL Redirect and MX records. Before I try this myself I’d like some help with how this should be setup.
Exchange server will up at a future date so we need the current Email system to remain the same. Half of our users use pop/smtp and other half web based email.
Now my site online users went more that 200,my max client is 200 now server load slow can i increase the max client to 250,
View 5 Replies View RelatedI have IIS on my computer and I want to start using a php driven forum (SMF) on my web site. Before I upload the files I need to check the following settings are on:
the engine directive must be On.
the magic_quotes_sybase directive must be set to Off.
the session.save_path directive must be set to a valid directory, or empty.
the file_uploads directive must be On.
the upload_tmp_dir must be set to a valid directory, or empty.
I cant find anywhere within IIS where these directions maybe found. Can anyone point me in the right direction?
I am being rejected by Hotmail when sending mail from my VPS. I want to send mails from punbb and OSCommerce, with various website hosted on one VPS/Cpanel/LAMP solution. And with sendmail or SMTP, it'a always the same : passing almost every ISP except Hotmail/Gmail. I also always get this part in my email header regardless of which website i'm sending email from :
Code:
Received: from host.locker4adream.com ([74.200.75.7])
by host.locker4adream.com with esmtpa (Exim 4.68)
So I think it's the host.locker4adream.com part that makes me rejected. Because it's almost the only line in the email header that is different when I am using Outlook/Thunderbird to send mail. This ip (74.200.75.7]) is mine and I never spammed or anything.
So i asked my host ro add rDNS. And I added this line to my DNS zone on my mail domain:
Code:
lockeradream TXT "v=spf1 mx a ptr ip4:74.200.75.7/32 ip4:74.200.81.156/32?all"
I am really out of solutions! Can anyone tell me if the SPF record stated above is ok?
I'm running a pretty large site that brings in about 80k unique each month, what would be a good setting to lower sync floods settings in csf configuration?
View 1 Replies View RelatedI have a dedicated server and have 5 IP addresses in all.
3 IP addresses i am using already.
I want to give 2 IP address to a site, i have created DNS for that site:
ns1.domainname.com
ns2.domainname.com
for both NS i have given 2 spare IPs.
Now i want to edit the DNS of that domain name, which section i edit of the DNS in WHM and in which field what i write?
Is there a way to make it only paypal verified people can order?
View 5 Replies View RelatedI have over 200 bots or whatever they are are simply using over 200 differebt Ips to take down the site and they were sucessful to slow it down but now its working fine but with high loads I installed Dos_deflate and dos_evasive but can someone recmannd me the best dos_evasive settings to prevent these kinds of attacks
View 5 Replies View RelatedI cannot compile software from source because:
Code:
/usr/bin/uname -p = unknown
/bin/uname -X = unknown
/bin/arch = i686
/usr/bin/arch -k = unknown
/usr/convex/getsysinfo = unknown
hostinfo = unknown
/bin/machine = unknown
/usr/bin/oslevel = unknown
/bin/universe = unknown
PATH: /usr/kerberos/sbin
PATH: /usr/kerberos/bin
PATH: /usr/local/sbin
PATH: /usr/local/bin
PATH: /sbin
PATH: /bin
PATH: /usr/sbin
PATH: /usr/bin
PATH: /usr/X11R6/bin
PATH: /root/bin
I have bought a dedicated server with FDC servers and installed a script. Initially everything was working fine but now the site is not accessible. Everything is alright with the script installed but looks like there is some issue with the DNS settings. When I ping the IP address (it's dedicated ip address) it gives me an error. When I Ping the domain name, it just closes the window after few mins. Can someone experienced with WHM help me to fix the DNS settings? Of course, I am ready to pay for your help (though i might not have a very higher budget)
View 5 Replies View Relatedmod_evasive settings?
I cant find out the setting which would ban all bad IPs and will nto ban normal ones.
I'm having some issues with my vps hosting account. Awstats started showing ebay and yahoo as the most visited sites with that traffic originating from Hong Kong.
access_log has entries like this:
59.40.127.21 - - [07/Sep/2007:01:14:31 -0600] CONNECT 216.39.53.2:25 HTTP/1.1 200 13238
58.61.195.123 - - [17/Sep/2007:04:40:30 -0600] GET [url]HTTP/1.1 200 13216 Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
I contacted support and their response included:
- Most likely what is happening is that someone has mis-configured their computer so that it thinks your site is ebay.
- not malicious, site hits would be in millions if malicious. We can setup filtering if it continues.
Well it continues... and after some testing I find that I can telnet to port 80 to my servers IP with apache stopped and issue a - GET [url] HTTP/1.0 - and get yahoo's site.
This action doesn't show up in my access_log obviously because apache is stopped. So I'm now at the WTF stage. When I try the same thing with apache started and using domain name I get my sites main page but according to the access_log this person in HK is getting something else (different size).
I disabled and updated everything I could through their control panel and nmap shows ports (21,22,25,80,110,143,442,873) open, no UDP. I tried filtering but the HK host is dynamic.
- phpMyAdmin 2.9.2
- MySQL 4.1.9
- perl 5.8.7
- php 5.2.1
- roundcube 0.1.2
Can anyone offer some info as to what might be going on? I'm waiting to hear back from my host but it took them a while last time.
I came to WHT to get some help about what I asked above but kinda got lost reading the endless info on this site. Almost have me convinced that I "need" a dedicated server and I could spin off some hosting biz on the side... :/
whether if its a good diea to enable these settings for eAccelerator?
eaccelerator.shm_max
eaccelerator.shm_ttl
eaccelerator.shm_prune_period
There are scripts which are accessed once a day and i guess i shoudl set to prune those scripts which arent accessed for a few hours or so?
1. For a Virtuozzo based VPS of 256MB guaranteed RAM and 512MB burst RAM:
vmguarpages065,5362,147,483,647
= 256MB
privvmpages89,894117,964131,072
= 460MB / 512MB
oomguarpages46,34665,5362,147,483,647
= 256MB
Does the above indicate that the burst is actually up to 460MB or 512MB?
Does it also mean that 256MB is guaranteed even in out of memory situations?
2. For a Virtuozzo based VPS of 512MB guaranteed RAM and no burst RAM:
vmguarpages 0 67,584 2,147,483,647
= 264MB
privvmpages 82,870 131,072 139,264
= 512MB
oomguarpages 37,507 52,224 2,147,483,647
= 204MB
This seems to indicate there is 264MB guaranteed RAM and 512MB burst RAM. But the 204MB does not seem to tie in. Does this indicate that although 264MB is guaranteed, in an out of memory situation, only 204MB is guaranteed?
Does the second example seem right for a 512MB VPS? Or does it seem to be incorrectly setup?
For some reason some clients including my own test account have not been able to receive emails correctly. Basically if I send email to an external add such as Yahoo, Gmail, AOL etc, they receive them fine. However all incoming mail is blank for all clients? I mean blank as it there is no time or date stamp, no sender details unless you look in the header and the title just displays unknown?
Has anyone an idea why or how this could have happened?
I've even tried these with all spam filters off etc. I think the mail prog is qmail.
I want to shift my mail to Google Apps (standard version). Currently my DNS is pointed towards 1and1 dedicated servers (having problems with 1and1 mail services). Want to keep hosting with them but change the Email to Google apps.
The Registrar of the domain is Netfirms, Inc.
My current Settings for nameservers in Nefirms CP are:
ns29.1and1.com
ns30.1and1.com
Google Instructed me to verify first by creating a CNAME, which I did in Netfirms control panel.
'googlexxxxx.mydomain.com' Pointing to 'google.com'
DONE.
Google gave me the MX records to enter in the Netfirms panel.
ASPMX.L.GOOGLE.COM
ALT1.ASPMX.L.GOOGLE.COM
DONE.
It's been more than 24 hours, neither MX updated not that CNAME lookup 'googlexxxxx.mydomain.com is propogating.
What I am supposed to do here? I am waiting here for last 24 hours. I think that I have to set up these settings with my registrar (Netfirms) rather than it has to do something with 1and1?
Any suggestions?