Does The Use Of Partitions Prevent Hackers From Getting Access To The Linux Server
May 7, 2007Does the use of partitions prevent hackers from getting access to the entire Unix server?
View 2 Replies
ADVERTISEMENT
How Prevent Hackers Away
Feb 21, 2007I am giving few tips on securing your server against hack attempts. You must check these inspite of other securities like firewall, rootkits detectors etc.
1. Most Important, do not disable safe_mode under php.ini. If any customer asks to disable it, turn it off on his account only, not on whole server.
As most of the time attack is done using shellc99 (phpshell) script. In case safe_mode is off on server and there are public dirs with 777 permission, he can easily hack through.
2. Compile apache with safe mode as well.
3. In cpanel under tweek settings, turn on base_dir, if someone requests to turn off, turn it off on his/her account only. As using phpshell one can easily move to main server dirs like /etc, /home.
4. Do not allow Anonymous Ftp on your server. You can turn it off from ftp config under WHM Service Configuration. If its allowed, one can easily bind port using nc tool with your server and gain root access. Always keep it disabled.
5. Make sure /tmp is secured. You can easily do that by running this command /scripts/securetmp using ssh. But do make sure, /tmp is secured. Else one can upload some kind of perl script in /tmp dir and can deface or damage all data on the few/all accounts on your server.
keeping your server secure from hack attempts.
Partitions On Linux
Aug 2, 2009I have a linux server with cPanel and 500GB Disk Space. After investigating I think I would have the following partitions.
/
/boot
/home
/dev/shm
/tmp
/usr
/var
how much to allow to each partition. I will be using the server for hosting accounts, shared and resellers.
Also what would you recommend the swap file size be?
Apache :: Prevent Access To Files
Mar 6, 2014When a user enters the whole url to a file on the webserver he/she can view this file. I want to prevent this and only allow access to the files from within the application (under apache). How can I do that? I already tried:
<Directory /var/www/html/folder/files>
order deny,allow
allow from localhost
</Directory>
This works BUT the file also isn't viewable from within the application anymore.
Creating VPS Partitions On Dedicated Server For My Own Use
Apr 26, 2009more experience Linux users to partition my dedi into VPS. I have an Intel Quadcore 2.4 Ghz, 500GB HDD, 2GB DDR RAM, dedicated server with a max 100mbit connection and 2000GB BW/mo. It has Centos 5.3 (centos-release-5-3.el5.centos.1) installed on the server and I want to install the DirectAdmin CP soon.
I'm not a reseller or webhost and don't intend to become one. This server is for my exclusive use.
I want to use half the server to run virtual instances of a Windows 2008 server and a KDE or similar Linux virtual desktop using FreeNX as well as a 4PSA VoIP Now or similar software. The other half of the drive will be to run my businesses websites, mailserver, a DNS server, etc.
I have six IP addresses for this server that can be used to this end and will host at least three websites (under separate domain names) and one or two blogs for which I will install requisite software.
I understand that the RHEL 5 embedded virtualization software will allow me to partition the server into VPS for various purposes.
Here are the outputs from ckdisk -l and parted -l respectively for the current HDD partitions.
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 60801 488279610 8e Linux LVM
[root@denprivatevaert ~]# parted -l
Model: ATA ST3500320AS (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number Start End Size Type File system Flags
1 32.3kB 107MB 107MB primary ext3 boot
2 107MB 500GB 500GB primary lvm
Error: Unable to open /dev/md0 - unrecognised disk label.
For the DA install, so I don't have to try to figure out where things are, I'd like to use their more complex partition structure as follows:
/boot 40 meg
swap 2 x memory
/tmp 1 Gig. Highly recommended to mount /tmp with noexec,nosuid in /etc/fstab
/ 6-10 Gig
/usr 5-12 gig. Just DA data, source code, frontpage.
/home rest of drive. Roughly 80% for user data. Mount with nosuid in /etc/fstab if possible.
I will install dovecot to be able to create SSL access to my webmail so don't need a '/var' directory.
What I want to know is:
1) Should install virtualization and partition the drive prior to having DA installed?
2) How do I best partition the drive into VPSes so I can run distinctly different virtual instances of different OS and/or programs on the VPS as well as use half for websites, blogs, servers, etc.?
3) What else do I have to keep in mind when doing this?
I'd appreciate any positive, useful response and information on getting this done and I'd like to try to get this done by Monday or Tuesday of next week so DA can be installed on the appropriate partition.
Partitions For New Server :: Error Message Is Not_enough_space
Apr 15, 2008I just installed a new server with partitions below
# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 470889384 2015312 444568408 1% /
/dev/sda1 101086 28075 67792 30% /boot
/usr/tmpMnt 290503 10289 265214 4% /tmp
However, in HyperVM, it shows
VolGroup00 465.53 GB 465.53 GB
/(VolGroup00-LogVol00) 25.7 GB 459.85 GB
And I could not create vps on each. Error message is not_enough_space[].
I have searched on lxlabs board, and seems I need another partition for data?
Apache :: Mod Rewrite Rule To Prevent Access To Specific Page?
Jun 25, 2013This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:
I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.
So the URLs I'm trying to rewrite are:
- Server1.domain.com/PortalWeb/Example.portal
- Server2.domain.com/PortalWeb/Example.portal
- Server3.domain.com/PortalWeb/Example.portal
So, I would like to redirect the above URLs back to the 'root' of the website. ie: server1.domain.com. Here is my rewrite rule:
RewriteRule ^(.*)/Example.portal$ http://$1 [NC]
So, the rule is matching correctly to URLs that contain Example.portal, however the back reference from (.*) does not seem to map to $1.
Hackers On My Server
May 1, 2009Twice in about a week mabey 2 weeks my server provider has sent me spoof abuse messages on accounts on my server. These phising pages first linked to a bank then paypal, these phising pages that were placed were on 2 diffrent accounts and the accounts belong to people ive known for a very long time and they wouldnt have any idea how to do this so i know its a hacker getting in somhow.
How can I stop this from happening? Any programs that I can run on the server?
Heck even which log files do I check to see where these attacks are coming from would help as I could block the IP's .
I'm running cpanel as well if that helps, i use CSF .
I dont want to have to move servers as that would take a very long time for me.
My Server Attack By Hackers
Nov 7, 2009two of my website on the server was changed by the hackers.How did they do it?
View 7 Replies View RelatedPlesk 12.x / Linux :: Access To Server Over SSH Forbidden
Aug 4, 2014Since one of my scripts was not working fine I came up with enabling
" Home>Subscriptions>tld>Websites & Domains>Web Hosting Access = > Access to the server over SSH : forbidden to /bin/sh "
Is it safe or not?
Plesk 12.x / Linux :: Prevent IP In Emails
Sep 27, 2014I use CentOS 5.5, Plesk 12 and Atmail. When I log in to
webmail.example.com
by browser and send emails to others, my home computer IP is attached to emails as X-Origin. I even used Thunderbird to send emails and same issue happens.
How can I prevent Qmail or (Atmail) to add my home computer IP to X-Origin? I am even OK if the server IP is attached to emails rather than home IP.
Plesk 11.x / Linux :: Cannot Ssh Or Login To Server - Access Restricted
Apr 13, 2015I cannot SSH or login into Plesk Admin panel. Once I tried SSH, it says 'connection refused'. Once I tried login into admin panel, it says 'Error: Access for administrator from address 'xxx.xxx.xxx.xxx' is restricted in accordance with IP Access restriction policy currently applied.
Tried restarting the plesk server too. Nothing seems working.
Plesk 11.x / Linux :: No Access Because Server Redirects To Its Hostname
Mar 10, 2013I enter one of my IPs or the hostname belonging to this IP, followed by the Plesk port, and I get redirected to the "main" hostname of the server, which was set in Plesk. But at this moment that hostname is used by another server (my old server) and so I'm redirected to the other server and cannot access Plesk on the new server.
I don't know why Plesk reacts like this, because it did not on the old server. Here the problem more detailed:
I'm just configuring my new server with Plesk 11. My old server uses Plesk 10. On my old server / in Plesk 10 I have the following scenario:
- I have several IPs (10)
- Each IP is used for a different domain
- Each IP has it's domain as the reverse entry (configured outside of the server/Plesk)
- Each IP is set to "Dedicated" in Plesk
- I set Plesk to listen only on one of these IPs (and different port)
- Several domains are created in Plesk, but not a domain for my Plesk IP
- The server's name is one of the domains (required for mails not being recognized as spam)
- The hostname of the Plesk IP is one assigned by my provider (something like x-x-x-x.xyzservers.com)
- Entering the IP of Plesk redirects to the "Plesk hostname"
=> Plesk can be accessed by using x-x-x-x.xyzservers.com:myport
And under Plesk 11 (here comes the problem):
- Still several IPs (but less: 4)
- One IP should be used for Plesk, one for domain X, one for domain Y and the last one for the other domains
- Reverse entries are x-x-x-x.xyzservers.com for Plesk IP, domain X/Y for two other IPs and the main domain for the last IP
- Plesk IP and the two single domain IPs are configured as dedicated, the last one as shared
- At this point I did not configure any domains in Plesk
- Server's name is the same as my old server (the main domain)
=> Entering any IP with the Plesk port redirects to the servers hostname, e.g. my main domain, which is still on the old server.
=> Result: I cannot access Plesk!
Of course I could just change the hostname of the server via SSH (just have to find out how to do this), but why does Plesk react in another way now? Or is the problem that I cannot change Plesk to listen on only one IP?
Plesk 12.x / Linux :: Prevent Use Of Local Mailserver
Nov 12, 2014We set up a Plesk 12 server for web hosting purposes only.
All mail-related services, exception from "smtp server" and "Plesk milter" are disabled or uninstalled.
For specific domains, we want to prevent the useage of the php mail function with "localhost" to avoid problems with outgoing spam by unsecured scripts. Instead, we want to force webmasters to use external smtp servers.
Is there any directive or setting on domain-level that we allow for this limitation?
Plesk 12.x / Linux :: How To Access Backup (Server Repository) Via FTP Client
Oct 22, 2014I host a number of large sites (20GB+) on my VPS server running Centos6 and Plesk Panel 12. Due to the large sites I don't want to keep multiple backups on the actual server because it would take too much disk space. When I create a backup to the server's repository all is good, but when I click the green arrow to download the backup it takes a long time and then it fails with a timeout error. On some smaller sites it takes a while but eventually downloads the tar.
So my question: Is it possible to access the Server Repository via FTP? How and where would I set this up? Presumably it would be a better way to download these large archive files?
Plesk 12.x / Linux :: SSH Access To Server With Hosting Username It Disconnects
May 18, 2015When I try to SSH to server with hosting username it disconnects and says in secure.log:
May 18 14:33:40 mail sshd[22764]: error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
I run Plesk 12, sepolicy is Permissive.
Plesk 12.x / Linux :: CLI Database Server Settings - Access Control
Jun 10, 2015i would like to change the access control for datebase users via CL: command: /usr/local/psa/bin/database --update-dbuser web1_presta -server localhost:3306 reply: The database user was successfully updated. examination: mysql> select host, user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | web1_presta |
| localhost | web1_oxid |
| localhost | web1_presta |
| localhost | web1_shopware |
| localhost | web1_wp |
+-----------+------------------+
Only when using the GUI:
home -> Subscriptions -> Website & Domains -> Databases -> Users -> web1_wp -> Access control
-> from Allow remote connections from any host
-> to Allow local connections only
is also the user adjusted:
mysql> select host, user from mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| localhost | web1_oxid |
| localhost | web1_presta |
| localhost | web1_shopware |
| localhost | web1_wp |
+-----------+------------------+
Plesk 12.x / Linux :: Setup VPM Tunneling - Access Samba Share From Server
Aug 18, 2014I have a rented VPS with 2TB of disk space and a plesk license in order to host the sites that i develop and my sites, and found myself with around 1.8TB of free space, plesk samba management and plesk vpn management but with few missing pieces for my idea. My idea was to setup vpn tunneling between my laptop and desktop to plesk server and access samba share from the server like they were in my LAN.In the firewall I have opened only the classic mail and web ports (obviously plesk access too).
View 2 Replies View RelatedPlesk 12.x / Linux :: Save Access Logs Of Websites On External Server
Oct 24, 2014I want to save the access logs of our websites on an external server. If I do this now with the default setup, the gets overwritten every day. The desired file name format whould be: websitedomain-tld-access-2014-10-24.log
How can I tell Plesk to do this and how can I make sure the statistics keep working?
On our other servers we use rotatelogs for this.
Plesk 11.x / Linux :: Prevent Panel Users To Change Their Password
Sep 25, 2014I am looking for a way to prevent panel users i created to change their passwords.
When i try to edit user roles, i can check/uncheck capabilities, but nothing on user password change.
I've tried to search information on this but both Google and this forum are flooded by "users password change" regarding "Horde", which i don't use.
Plesk 12.x / Linux :: Prevent 502 Error For All Sites When Changing Configs
Nov 19, 2014I have a Plesk 12 server running that works great. But the problem is that whenever one of my shared hosting customers changes something out a domain or subdomain, all the other sites on the server give a 502 error.
The reason why is clear to me: apache is reloading its config while nginx is still active, but sees apache as being down and therefor throws a 502 error.
Is there any way to prevent this from happening? Because it's happening a lot and people are sending in 'site down' reports while there's actually nothing wrong with the server or their site.
Recovering NTFS Partitions
Mar 5, 2009I have a Vista machine. I have installed CentOS 5.1 by selecting the C: (Active partition) and formatting it as ext3 partition. Then after installation, in the Hardware > Hard disks, it is showing only one NTFS partition. But actually I have 4 NTFS partitions. When I try to mount that partition using ntfs-3g, I am getting "/dev/sda3: permission denied" error.
View 2 Replies View RelatedCentos + Cpanel And Partitions
Mar 31, 2008I have an dedi with 2 x 250 gb hd's with raid-1.
Now I just have one partition / for whole drive.
Should I re-install and make proper partitions?
Which partitions you recommend??
I will backup to a local folder /cpbackup and rsync from there to nas.
Very Large Disk Partitions - Practical Limit
Aug 5, 2009We're outgrowing our current bulk storage system and I'd like to solicit opinions.
With 2 TB disks and a 16 disk array, it's possible to have a single 28 TB volume (after deducting RAID5 parity overhead and a hot-spare disk). I've seen arrays from Aberdeen with 48 and 96 disks, for nearly 200 TB. Windows supports up to 256 TB per volume when 64K cluster sizes are used.
Our backup system uses a ton of storage space, and it would be far more convenient, and more efficient from a utilization standpoint, to access that space as a single volume.
Breaking it up into smaller chunks, such as 2 TB each, means we have to make a "best guess" on balancing actual need.
For example, if we assign 25 servers to each 2 TB volume for backup storage purposes, some volumes might only see 800 GB of consumption (remaining 1.2 TB allocated but not used) while other volumes might get 1.6 TB used (remaining 400 GB allocated but not used). Key concept: wasted space, because we have to over-estimate need to assure adequate headroom.
From the opposite viewpoint, if we had a sudden increase in need that exceeded the available space allocated to that volume, we'd have to move that server to a different volume. Key concept: increased admin workload to monitor and re-balance distribution as needed.
Now if we used one giant volume, there would be no guesswork, no "allocating more than we think is needed" for a bunch of small volumes. All servers share one huge common pot.
But there has to be a practical limit from a system-overhead standpoint. Our backup sets consist of a few multi-gigabyte files, so using 64K clusters will not cause much waste from slack space.
I'd like to get your opinions on maximum disk volume sizes from a practical standpoint.
Set Up Cpanel Users To Use Different Partitions (home Dirs)
Dec 1, 2007Is it possible to specify where your CPanel user's data is stored?
Let's say I have four hard drives without RAID, I have hard drive one on /home, hard drive two on /home2, hard drive three on /home3, and so on. Is it possible to setup users on the different partitions to spread out disk usage?
To explain further, I would like to set it so maybe one reseller account was using /home2, then another was using /home4, and another using /home.
Any ideas on how to go about splitting up user's data across seperate partitions?
How To Prevent Nobody To Move In Server
Jun 13, 2009i have my own box for my forum .. now i shared my box with friend's , but in reall they a freak friend's , just to be in safe brother, am looking to know what function i can disable in php.ini or any problem/tool to prevent anybody / attacker * nobody* permission to move in the server via his shell script..
as we know some attacker's use them own php-shell to hack site's * shared hosting *, so they can move to any account after they know the user account name * /etc/passwd * .. so as i say before is there any good functions to prevent these attacker to move in the server? so i can disable it .. or install any good tool * else modsecurity * in the system to prevent them *nobody* of that?
My Server Was Hacked -- How To Prevent This
Oct 2, 2007My server was recently hacked and I'm looking ways to secure it in the future. I use the server to host my own websites.
It was hacked to be a spam server. I traced the new files the hackers added to my "upload" directory, which is where my site members upload pics. I had set the directory to chmod 777. Could someone hack that directory solely from it being its rights being 777?
The site was custom developed in PHP, and looking through it myself, I couldn't find any security issues. But then again, I may not know what exactly to look up.
I would appreciate any general tips to protecting a server, as well as general tactics hackers use to hack a server and PHP site.
Prevent Users To Run Phpproxy On Server.
Dec 31, 2007is there any way to prevent users to run phpproxy or any proxy script on server (server is Linux / whm )?
View 2 Replies View RelatedIrc :: Prevent My Clients To Send DDOS On My Server?
Jun 15, 2009I`am starting a irc company and i need help on some things:
1 - How can i prevent my clients to send DDOS on my server?
2 - How can i increase security ?
3 - Some one have a good firewall or iptables rule for ddos protection (software)
4 - Some one have the scripts like `getegg` `getpsybnc` ?
How To Prevent Spam Email In Delicated Server/vps
Jul 2, 2008how can I restrict how many emails can be send per domain base? I know hostgator and hostmonster can restrict their email per hour base on their domain name...
View 2 Replies View Related