Pages
Categories
- Linux VPS Hosting
- Private Nameservers
- Reliable VPS hosting service
- Virtual Dedicated server
- Virtual Private Server hosting
- VPN
- VPS
- VPS hosting
- Windows VPS Hosting
Archives
Meta
If you want to secure your linux VPS Hosting then you will have to secure the cPanel, WHM and Root of your VPS. Below is an article which will help you to secure your VPS.
************************************************************
1) Checking for Formmail
************************************************************
Hackers use Formmail to send out spam email and this is done with the help of relay and injection methods. You may be in jeopardy if you are using matts script or a version of it.
Command to find pesky form mails:
find / -name “[Ff]orm[mM]ai*”
CGIemail is also a security risk:
find / -name “[Cc]giemai*”
Command to disable form mails:
chmod a-rwx /path/to/filename
(a-rwx translates to all types, no read, write or execute permissions).
(this disables all form mail)
You will have to inform him if a client or some other person on your VPS install form mail that you are disabling their script and give them an alternative.
***********************************************************
2) Root kit checker – [url]http://www.chkrootkit.org[/url]
***********************************************************
Set a root kit on a cron job and check for root kits also. You will know if anyone has compromised with your root if you do this. Get the latest root kit checker by updating chrookit. Try to upload the root kit on your server as hackers and spammers will try to find insecure upload forms on your box and then with injection methods. If he can run it, it will modify *alot* of files, possibly causing you to have to reinstall.
To install chrootkit, SSH into server and login as root.
At command prompt type:
cd /root/
wget [url]ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz[/url]
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
To run chkrootkit
At command prompt type:
/root/chkrootkit-0.44/chkrootkit
Make sure you run it on a regular basis, perhaps including it in a cron job.
Execution
I use these three commands the most.
./chkrootkit
./chkrootkit -q
./chkrootkit -x | more
*********************************************************
Install a root breach DETECTOR and EMAIL WARNING
*********************************************************
Installing a detector and warning at your box will let you know if someone gets the root. You will at least get the hackers or spammers ip address and you will be warned about his presence.
Server e-mail everytime someone logs in as root
To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.
At command prompt type:
pico .bash_profile
Scroll down to the end of the file and add the following line:
echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” “your@email.com”
Save and exit.
Set an SSH Legal Message
To an SSH legal message, SSH into server and login as root.
At command prompt type:
pico /etc/motd
Enter your message, save and exit.
Note: You can use the following message…
ALERT! You are entering a secured area! Your IP and login information have been recorded. System administration has been notified.This system is restricted to authorized access only. All activities on this system are recorded and logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.
********************************************************
Web Host manager and CPANEL mods.
********************************************************
Below are the items which are present inside of WHM/Cpanel and you should change them to make your server more secured.
Goto Server Setup =>> Tweak Settings
Check the following items…
Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts – blackhole
(SET TO FAIL)
Under System
Use jailshell as the default shell for all new accounts and modified accounts
Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.
Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.
Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection
When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.
Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP
Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)
Goto Mysql =>> MySQL Root Password
Change root password for MySQL
Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod
No Comments »
No comments yet.
RSS feed for comments on this post. TrackBack URL