How I can secure my server from vulnerabilities and threats and ddos attack? How can I find my server is compromised or hacked?
Which ports I should check, what commands I should fired on shell prompt? which softwares you will recommend.
I have a unmanaged server, and i want to have it secure harden.. how do i do it?
View 5 Replies View RelatedI have a cPanel dedicated server and have a lot of spam attacks on this server. It's getting so bad that our IP is being added to Yahoo & AOL blacklists and my emails are bouncing to these accounts.
Is there anyone on here who can do a thourough check on our server and install anything necessary to stop this kind of activity?
my VPS provider just rebuilt my VPS after many hack attacks.
From some days I am getting emails from firewall that someone login to my VPS/mySQL using SSH.
I don't know what they do, but they don't disturb any account. Only some downtime feel during this. But last night my VPS stop working so my provider rebuilt VPS.
how I can secure my VPS now. I have Cpanel installed.
How to best secure WP from any attacks, hack attempts and others?
View 4 Replies View RelatedI believe that my site is being DDoSed against, and I'm wondering how I can prevent this from happening.
I'm running CentOS 5.3.
Are there any server side scripts of PHP scripts that could be used to dynamically block out IP's that are consuming too many resources on the VPS?
I am getting these types of reports in my nightly reports:
=================
sshd:
Authentication Failures:
unknown (bips131.bi.ehu.es): 212 Time(s)
mail (bips131.bi.ehu.es): 4 Time(s)
news (bips131.bi.ehu.es): 4 Time(s)
root (bips131.bi.ehu.es): 4 Time(s)
unknown (swplinux02.swp.ewr.qwest.net): 1 Time(s)
Invalid Users:
Unknown Account: 213 Time(s)
Two nights ago:
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (195.251.109.21): 413 Time(s)
root (195.251.109.21): 108 Time(s)
webadmin (195.251.109.21): 18 Time(s)
root (200.55.193.59): 16 Time(s)
daemon (195.251.109.21): 8 Time(s)
ftp (195.251.109.21): 5 Time(s)
root (218.19.69.193): 4 Time(s)
Invalid Users:
Unknown Account: 413 Time(s)
===============
My VPS support said I could try:
-alternate sshd port
-require key access
-selecting client ip access
-rate limit incoming sshd syn packets per src address
However, I need some help understanding the best way to address these so that these brute force attacks aren't successful.
Are there any good tutorials or tools for Serer Hardening on CentOS?
Additionally, any good Host based IDS units along those lines?
I just got about 10 centos vps servers. are there any programs that will do most of the hardening or security for me?
View 13 Replies View Relatedon making my CentOs VPS system more secure?
View 5 Replies View RelatedA user joined our live chat and said if we didn't cancel a domain on our server, he will send us a DDOS attack, and he did so and also did this morning.
Is there anything I can do to prevent this or possibly punish him?
Every time i use Dovecot secure IMAP server with Sieve support.I can not receive emails note. Upgraded from 11.5 to 12
Jun 18 08:03:36 CO6302 postfix/qmgr[1523]: 284FAA0E86: from=<my@gmail.com>, size=1943, nrcpt=1 (queue active)
Jun 18 08:03:36 CO6302 postfix-local[2036]: postfix-local: from=my@gmail.com, to=the@domain.com, dirname=/var/qmail/mailnames
Jun 18 08:03:36 CO6302 postfix/pipe[2035]: 284FAA0E86: to=<the@domain.com>, relay=plesk_virtual, delay=336, delays=335/0.01/0/0.19, dsn=4.3.0, status=deferred (temporary failure. Command output: lda: Error: user the@domain.com: Error reading configuration: Invalid settings: postmaster_address setting not given lda: Fatal: Internal error occurred. Refer to server log for more information. 4.2.1 Message can not be delivered at this time )
[code]...
I have used the patch : [URL] .... to disable ssl v3.
After I applied the patch getting error below when i try to send email via horde webmail:
There was an error sending your message: Could not open secure TLS connection to the server.
Roundcube can send mails well but horde not. Otherwise since applied the parch i can't get mails from gmail and maybe other providers i don't know yet.
Acunetix says my site has 28 XSS vulnerabilities?
For example it says calendar.pl is vulnerable and it was able to set a javascript alert as the variable calendar_view.
How can I fix this?
Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. A browser execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
This vulnerability affects /cgi-bin/calendar.pl.
The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application
Attack details
The POST variable calendar_view has been set to >"><ScRiPt%20%0a%0d>alert(398096611151)%3B</ScRiPt>.
[url]
Upgrade if this affects you.
how to protect Linux Server from Ddos Attack (Botnet, Loic)
View 2 Replies View RelatedCan someone tell me the exact ssh commands to harden /tmp /var/tmp /dev/shm & /proc?
View 5 Replies View Relatedway to harden php .. i got more lessons explane how can i do it but for php 5.x and my php Version now is 4.4.6 ..
View 3 Replies View Relatedif i can create 2 VPS with completely different OS such as CentOS5 and Windows 2003 Std.
The main server will be running CentOS with HyperVM.
I want to update CentOS from:
Code:
Version Parallels Plesk v12.0.18_build1200140606.15 os_CentOS 6
OS CentOS 6.6 (Final)
to CentOS 7.
What steps I need to do to install CentOS 7?
Which protocol I should use for performing a backup of important server files and folders. I do make a snapshot but i found that's not enough.
My Centos 6.6 has ProFTPD configuration setup only for webhosts so no root access. I came across SCP, but don't know how to secure that like a Pro. I have also heard about SSHFS for linux.
Cacti version 0.8.6i has vulnerability: [url]
Solution: [url]
How can I "harden" my server?
And what exactly does harden mean?
I have been trying to identify why mi server has high load cpu, suddenly CPU load suddenly jumps, from 1 to 40 and until 110
If I restart mysqld and apache, the cpu gets back to normal, until this happen again
My server is
GenuineIntel, Intel(R)Core(TM) i5-2400 CPU @ 3.10GHz
VersionParallels Plesk Panel v11.0.9_build110120608.16 os_CentOS 6
CentOS 6.4 (Final)
CentOS 6 x64 Processor: Intel Core i5 - 3.10 GH
I already installed FAIL2BAN and DDOS DEFLATE without lock. I have CloudFlare Enabled.
When there is a high CPU load, I have checked netstats, and I don't identify many ips connected, so I think it could be an internet script (or virus).
I will paste the result of
ps fax
command, in a moment of high cpu load
I have a fresh server running CentOS 6 (final). I am trying to install Plesk 11.5.30 but i am experiencing some problems. When i run the plesk-installer i get this message:
Your host name must resolve to the correct IP address of your server, unless you are using network address translation (NAT).
Please quit Parallels Installer, fix the host name resolution problem, and then try installing again.
You can skip the hostname check and continue the installation, however, in such a case, the installer cannot guarantee successful installation.
Now, in my /etc/hosts file i have this:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Is this correct? Or do i need to add/change something else?
My server is in the clound.
I have a brand new A8i server from 1&1 that has crashed twice today and could only be rebooted through the 1&1 control panel (not Plesk). Out of the blue the server is not accessible from the Plesk CP and is not responding to pings. I have looked through the logs and do not see anything that stands out (I am not very Linux savvy). Is there somewhere specific that I can look that would tell me why it is locking up/crashing? I have only had the server about 2 weeks and am only running email on it (no websites besides webmail and Plesk CP). It is possible that there is a hardware issue, but I cannot have 1&1 check it until after hours tonight.
Server is an 8 core Intel Atom 2.6GHz with 8GB RAM.
Just got this email
Quote:
Dear Customers,
Multiple security vulnerabilities were discovered in hyperVM and Lxadmin/Kloxo. It is recommended that you update your hyperVM/Kloxo systems to the latest version, as soon as possible.
Details of the vulnerabilities will be posted in the coming days in our forum.
On hyperVM or Kloxo master, Run:
/script/upcp
Lxlabs Support Team
I have a issue when i try to start the DNS bing server over my vps with Centos 7 and plesk 12 its shows me this error
Error: Unable to make action: Unable to manage service by dnsmng: Empty error message from utility. ('--start', 'dns')
I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]"
Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level.
Now I have plenty of blocked IP ranges all over the world.
What would be the best way to avoid from those kind of attacks ?
there are some game types out there that are not protected from any type of udp flood attack. I have been doing a lot of work (my servers are linux) and blocked this by coding a bash script running every second checking tcpdump for the amount of current UDP connections and blocks the ip witch has more than a certain number of current UDP connections. This works perfeclty, but it firewalls the ip AFTER the attack started.
I am really interested into blocking this attack fully. Limiting the number of current connections (UDP) from an ip to a certain amount to block this attack totally. I have been looking around a lot and have had no luck. From what I have found, there is no way to do this with iptables or ipchains. It is possible for TCP though, but I could not find it for UDP. Could anyone help me out here.
Just to let you know, I do run a firewall, but it would never pick up this type of attack unless it was major. This is more like a game type bug (firewall thinks the packets are fine, player packets going to the game server).
i am getting hundreds of theses in my mail log each day, trying different names etc and want to put a stop to them and auto ban the ips.
I have APF
