Those With CSF Installed - Server Security Check Score
May 12, 2009
If you have CSF installed, under its WHM section there is a quick security 'scan' you can run - just wondering what score you have?
I know it's not an infallible test, but the scan does test for some potentially large weaknesses hence why I'm asking here (mainly out of curiosity) what sort of scores people have.
Mine is 103/112 - the rest of the points were mainly for features I didn't want enabled for particular reasons (i.e. one of the recommendations is to force all cPanel visits to be through SSL, a feature which some clients don't want) plus sometimes it says I've got features enabled which are disabled, etc.
View 12 Replies
ADVERTISEMENT
Mar 20, 2008
A friend of mine owns a hosting company and a client of his asked to have mbstring and mysqli installed. What he wants to know is , is there any security risks if he does install that on his server?
Also, he wants to know, if there is not, what how does he go about installing that on the server?
View 4 Replies
View Related
Sep 1, 2007
i have a dedicated server , some one else made the security for me, how could to be sure of its security? how could to be sure of all php functions contain risk are closed or disabled? how could to be sure of there are not any security gap?
way to understand and implement the steps.
View 5 Replies
View Related
Jun 1, 2009
any free tools or affordable tool online to check if a server is secure enough?
View 5 Replies
View Related
Feb 1, 2007
I have a dedicated server and under root i went to Software - Apache Update and on the list i saw GD (version 2.0.15) i am assuming thats GD Library. i checked that and started the build. After everything was done i go back and GD is still unchecked..
View 7 Replies
View Related
Apr 20, 2009
I'm running CSF on a Cpanel server and have questions about new features in CSF
Apache Check
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Results
Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Can someone explain this in laymen terms? I know this is new in Cpanel. I'm already running Apache 2.2, PHP 5.2.9 with suPHP enabled and mod_security as well (these rules: [url]
Also, what exactly are these CSF checks?
Check csf PT_SKIP_HTTP option
This option disables checking of processes running under apache and can limit false-positives but may then miss running exploits
Check csf SAFECHAINUPDATE option
This option closes a window of opportunity that opens when dynamic chain updates occur
View 3 Replies
View Related
Jul 11, 2007
I have 1 VPS from vpsland
Plesk 8.1 , how to check my VPS security?
View 1 Replies
View Related
Jun 28, 2007
Do you know Nobody Check Security Tool? Do you recommend it?
[url]
View 5 Replies
View Related
May 26, 2007
We were able to get the score up to 62/70. Will need the server management company's advice and help to try and get rid of more of the red warnings.
What is your score and which red warnings do you have left? Post them please.
Score: 62/70.
Will ask server management company about these red warnings:
A1. /dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
A2. You should install the mod_evasive apache module from source to help prevent DOS attacks against apache. Note that this module breaks FrontPage functionality
A3. You should modify /usr/local/lib/php.ini and set:
enable_dl = off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in php.ini
A4. On most servers anacron isn't needed and should be stopped:
service anacron stop
chkconfig anacron off
chkconfig --del anacron
Probably going to leave these red warnings for now:
B1. For ultimate SSH security, you might want to consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication. For more information read this article and this article
B2. You should modify /usr/local/lib/php.ini and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
B3. To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable phpsuexec when you build apache/php. Note that there are sideeffects when enabling phpsuexec on a server and you should be aware of these before enabling it
B4. You have package updating disabled, this can pose a security risk as OS vendor and cPanel security updates may not be applied in a timely manner WHM > Update Config >cPanel Package Updates > Automatic
View 2 Replies
View Related
Apr 27, 2009
which OS have you installed on your server, and why?
what features of that OS attracted you to use it.
If you have any other reason like it is the only OS supported by xyz panel, share it, if you want to.
Let's find out most popular OS among WHT users.
View 14 Replies
View Related
Sep 11, 2004
How can I know if server has ImageMagick installed?
View 14 Replies
View Related
Jul 16, 2008
I'm being told that Ioncube needs to be installed on the server.
View 8 Replies
View Related
Apr 21, 2009
any DS provider, well-known and providing good support who does offer DS with Windows 2003 Server installed?
View 8 Replies
View Related
Mar 29, 2008
to know if i have php5 installed on my dedicated server. I know that php4 is working but i dont know if php5 is also installed..
View 5 Replies
View Related
Feb 5, 2008
if it was possible to kill a server running WHMCS by executing the cron.php via cronjob on a remote server once every minute.
I just wanted to see if this was potentially harmful, so I can submit it to Matt without sounding like an idiot...
View 3 Replies
View Related
Aug 7, 2008
I have two servers, one is web server, the other one is mysql server.
I am installing php on web server that does not have mysql installed.
when I do the follows:
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-debug --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-sendmail=/usr/sbin/sendmail
the script tells me error:
configure: error: Cannot find MySQL header files under /usr/local/webserver/mysql.
Note that the MySQL client library is not bundled anymore!
Because mysql installed on another physical server. so how may I fix the problem? can I configure php without "---with-mysql" and "--with-mysqli" parameters? I need my php could access remote mysql server.
View 3 Replies
View Related
Aug 24, 2007
What is the best way to get a list of all the software installed on a Linux server? Are there specific shell commands for this?
View 12 Replies
View Related
Apr 20, 2009
How do I go about finding if a certificate is installed on a Linux machine?
View 1 Replies
View Related
Oct 3, 2008
I have a Windows Server 2003 package installed on a server. I own a number of websites that are being hosted some place else. How do I get my websites set-up to run on my new server?
View 2 Replies
View Related
Jul 23, 2008
what are the standard modules which you normally need to get installed in your server or which you install ? from which you sell hosting to your customer or Which standard modules Is Most Important To Be Installed In Your Dedicated server ?
View 3 Replies
View Related
Jul 5, 2009
i have a dedicated server with rapidswitch. Few days back all my websites stopped working, due to some reason which i was not able to solve.
NOw, i want to backup all the files stored on my server. Each and every file including the database and every file there on my server.
I tried to log in through ssh on filezilla but i was not able to find out all the folders.
I have putty and could login over ssh , but i don't know the commands to backup.
Could, you guys tell me how to get all those files on my local computer.
i also have cpanel/whm installed and that is working.
View 4 Replies
View Related
Oct 21, 2007
we have any server with isp, really perfect service and support.
but now we need to buy 1 server with vps solutions and our isp not offer this solutions.
The support have said that we must buy not managed server and install by ourself.
Now we are not sure if better to buy unmanaged and searc expert to install vps OR buy serve with vps solutions from other isp.
What do you think about this?
View 4 Replies
View Related
May 22, 2014
I are running an Plesk 11.5 on a Ubuntu 12.04 machine. Since days i have problems where i see scripts of phishing sites and mailer scripts installed in the httpdocs directory of various domain.
How I can prevent that people outsiders install this scripts on the server? Where is the bug that allows this?
View 4 Replies
View Related
Apr 10, 2009
I have one client who cannot see my server and all domains on it. I;ve checked if his IP is block or not and I didn't see his IP on the apf deny host file. How to you check IP if it can see my server? I just want to make sure before calling the ISP.
View 3 Replies
View Related
Jun 24, 2009
There use to be a thread on here but because of the wht hack, it didn't get saved...so now I can't go back to it.
It was a command in ssh that printed out a number of connections. Like 12,000 or something.
View 4 Replies
View Related
Apr 1, 2009
What is the best way to check the HDD on new Dedicated server?
I would like to see if there is a bad sectors, etc.
fsck? or ? what is the full command that would do the job the best.
OS is Centos.
View 7 Replies
View Related
