LOW COST JAVA PHP MYSQL CGI PERL
HOSTING SERVICE
LINUX WINDOWS CPANEL WHM PLESK
HOSTING PACKAGES
ECOMMERCE HOSTING ASP JSP MSSQL
FRONTPAGE HOSTING
CPANEL WHM RESELLER DEDICATED
SERVER WEB HOSTING

Archive for Server Security

Linux security document.

November 29, 2006 at 11:48 am · Filed under Server Security

I have been checking through the servers a bit, and below is a list of some things that we can tweak on the server. Most of it is related to security and stuff and on Linux server.
Please go through them.1. Exim.
Enable extended logging :
Add the following line in exim, below the first line recommended
log_selector = address_rewrite all_parents arguments
connection_reject delay_delivery delivery_size dnslist_defer
incoming_interface incoming_port lost_incoming_connection queue_run
received_sender received_recipients retry_defer sender_on_delivery
size_reject skip_delivery smtp_confirmation smtp_connection
smtp_protocol_error smtp_syntax_error subject tls_cipher tls_peerdn
\

Fommail Trap
http://void.thunderteam.org/fm-trap.html

For Securing Exim i found this a Good resource
http://www.rvskin.com/index.php?page=public/antispam

2. Httpd :

install mod_security
install mod_dosevasive (causes problem with FP sometimes though)

3. PHP

disable_functions = “system,exec”

eAccelerator for PHP acceleration
http://sourceforge.net/projects/eaccelerator

4. Some small recommended apps

Install BFD from rfxnetworks.net
Install LSM from rfxnetworks.net
APF from rfxnetworks.net ( since we have portsentry not really required )
rkhunter can be found on www.rootkit.nl

5. cpanel script to disable compilers incase we have not done this yet
/scripts/compilers off

6. MYSQL

mysql query cache
vi /etc/my.cnf
query-cache-type = 1
query-cache-size = 100M
100M can be changed according to how busy the server is

7. Securing some binaries

chmod 750 /usr/bin/rcp
chmod 750 /usr/bin/wget
chmod 750 /usr/bin/lynx
chmod 750 /usr/bin/links
chmod 750 /usr/bin/scp
chmod 000 /etc/httpd/proxy/

Comments Bookmark on del.icio.us

CONFIGSERVER FIREWALL!

November 29, 2006 at 11:47 am · Filed under Server Security

FIREWALL:
A simple plug-in appliance that stops spam at its entry point.A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.CSF:
configserverfirewall is an application for cpanel Server running on linux.(RH9, RHE3/4, CentOS3/4, Fedora Core 1/2/3/4/5.)
The csf provides comprehensive, straight-forward, easy and flexible way to configure and secure with more checks to ensure smooth operation.The csf checks the following,

* courier imap and pop3
* ssh
* non-ssl cpanel / whm / webmail (ssl cpanel/whm login tracking support available in EDGE release)

* pure-pftd
* password protected web pages (htpasswd)
* mod_security failures
* POP3/IMAP login tracking to enforce logins per hour
* SSH login notification
* Pre-configured to work on a cPanel server with all the standard cPanel ports open
* Auto-configures the SSH port if it’s non-standard on installation
* Block traffic on unused server IP addresses - helps reduce the risk to your server
* Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
* Suspicious process reporting - reports potential exploits running on the Server

Installing CSF:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you would like to disable APF+BFD (which you will need to do if you have
them installed otherwise they will conflict horribly):

sh disable_apf_bfd.sh

That’s it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

csf is preconfigured to work on a cPanel server with all the standard cPanel
ports open. It also auto-configures your SSH port if it’s non-standard on
installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog.

Uninstallation
==============
Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh

Comments Bookmark on del.icio.us

How to Kill user in Linux

November 29, 2006 at 10:18 am · Filed under Server Security, Web Hosting, dedicated server hosting, linux web hosting

Greetings Guys..!!
Well if you want to kill a user’s process (in unix/linux hosting) or if you want to terminate a user’s process from the shell then you can use the following commands.
If you want the user jason’s process detailsps -aux |grep jason

from the output just kill the process id of that user and that user will be out from the shell without any wall message for him/her.

By other way you can do following.

Task: How to halt/stop user called jason

Type the skill command as follows:
# skill -STOP -u jason

You muse be root to stop other users.

Task: How to resume an already halted user called jason

To send a CONT signal to user jason, type the following command:
# skill -CONT -u jason

Task: How to kill and logout user called jason

To send a KILL signal, type the following command:
# skill -KILL -u jason

Task: Kill and logout all users

The ultimate command to kill and logout all users, type the following command:
# skill -KILL -v /dev/pts/*

Please note that you should send users a warning message or a logout notice using the wall command to avoid data loss.

Enjoy..

Comments Bookmark on del.icio.us

Transferring MySQL database to new server.

November 22, 2006 at 8:22 pm · Filed under MySQL Web Hosting, Server Security

While getting transferred from one host to another you need to take many files with youm one of them is your database (MySQL)

You should backup all your database files before it is transferred. You can do it so using two methods :

1) Using third party tool such as PhpMyAdmin.

2) Using the “dump” tool which comes bundled with MySQL.

Using PhpMyAdmin :

It is a PHP script which gives ability to interact with your database.
To manage and manipulate MySQL databases use the options under the “export” section of PhpMyAdmin. Select the appropriate database and zip up the files; it can save you bandwidth and time.
Now to transferring the database onto the new server: first create a new database, unzip the files and extract the backup then restore your database.
It also lets you mess up the database directly. There is no “undo” or “undelete” in your database. Always exercise caution when working with the database.

Most host have their control panel PhpMyAdmin pre-installed.

Using dump tool :

You have to use different commands at command line environment or UNIX shell environment.

Type command :

mysqldump -u [username] -p [password] –opt [databasename] > backup.sql

this command will take backup of your database.

Now on the new server, you can restore the database by inputting the following command:

mysql -u [username] -p [password]
The options in brackets need to be filled out with the appropriate information, such as the username and password. It is also a good idea to take a “dump” of your database regularly for backup purposes in case the server fails or you have a corrupt database.

Databases for any business play a vital role so to preserve it you should take maximum precautions.

Comments (1) Bookmark on del.icio.us

Cleanfeed

November 3, 2006 at 10:27 am · Filed under Blogging, Server Security, Web Hosting, Windows Web Hosting

It is a spam filter which is used for blocking spam and is generally in collaboration with Usenet news group and is published by Red Hat and is free distributable source. Its main feature is that it can block binary image posts that are available in non-binary news groups and HTML posts.

Cleanfeed can identify duplicate messages which are normally known as spamming sites and domains.Cleanfeed targets only illegal content which is notified by the Internet Watch Foundation.

Comments Bookmark on del.icio.us

Few Tips to on how to secure a VPS

October 23, 2006 at 4:49 pm · Filed under Server Security, Web Hosting

A) To disable Formmail in order to stop spam mails -

1) Command to find Mails -
find / -name “[Ff]orm[mM]ai*”

2) Command to find CGI mails -
find / -name “[Cc]giemai*”

3) To disable form mails -

chmod a-rwx /path/to/filename

this is will disable all the scripts.

B) Root kits should be installed -

- Set a root kit on a cron job, this will show if any one has hacked in the roots.
- Update the roots

1) Command to install chrootkit -

cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44

2) To run chkrootkit -

/root/chkrootkit-0.44/chkrootkit

C) Installation of a root breach detector and warning of any emails -

pico .bash_profile

At the end of the page -

Add,

echo ‘ALERT - Root Shell Access on:’ `date` `name` | mail -s “Alert: Root Access from `the person accessing | awk ‘{print $6}’`” self@mail.com

Thereafter save the changes

Exit.

2) To release an SSH message -

pico /etc/motd

thereafter enter the message

Save changes

Exit

D) Changes to be made in WHM/cpanel to secure server -

Log in to cpanel>Server setup>Tweak settings

a) Domains -

Prevent users from parking/adding domains.

b) Mail -

Prevent pop3 connections loading

c) System -

Jailshell should be used as a default shell for all the accounts.

d) Server setup>Tweak security
1) Enable php open_basedir Protection
2) Enable mod_userdir Protection

e) Server setup>Manage Wheel Group Users
1) Remove all other users except for root and main account users.

f) Server setup > Shell Fork Bomb Protection
1) Enable Shell Fork Bomb Protection

g) Service Configuration>FTP Configuration
1) Disable Anonymous FTP

h) Account Functions>Manage Shell Access
1) Disable shell access

I) Mysql>MySQL Root Password
1) Change root password

j) Security>Run Quick Security Scan>Trojan Horses -
1) The following are not Trojan -
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

Comments Bookmark on del.icio.us

« Previous entries · Next entries »