Hi I want to know that i have purchased a new dedicated server and i dont know which security softwares should i install in my server to avoid abuse or hackers cant access my site I mean i want to make my server as secures as much possible I know about apf fireweall Will u plz post the names of all security softwares Thanks
I assume yours is Linux Sohusin APF and BFD Chrootkit Rootkit Hunter Clamav I think these are the basics that should be installed.
Yes its linux . Are there any other which should be installed as well mod_security, DDOS deflate, There are also installed in my server Thanks all savvy experts for their time
Consider an IDS, binary monitoring and also consider extra mod_security rulesets and logging. Also consider securing your control panel.
The only thing you need is a well configured netfilter/iptables firewall. Beside this: remove all services you don't need. Everything else is not required for your case. Of course ssanz gave a good advice, IDS (intrusion detection) is a powerful thing. For an Expert! Everyone else will find himself overwhelmed by all those messages an IDS can generate on a well populated server.
I am using APF, DDos Deflate and few others here is the link to setup it on your server. You can install Mod_security & clamav, by logging in to your WHM and then go to Main >> cPanel >> Manage Plugins you will find them there, just select them and press " Save" Hope it will help. -Regards.
snort and nessus combined plus mod_security, plus a few others - if you really want peace of mind on your own dedicated server. I just went thru all that above on my expanded dedicated server ( from 1 to 3 for my single site ) 1. Nessus to do security scans 2. snort to do IDS/IDP 3. mod_security of course for various rules to see how many "wrong" data packages hit your site and dropped by snort - may be have a look at my tonights little blog post on that topic. most will recommend much less why ? because most never took the time to SEE all that arrives at a dedicated server - and for many as long as they dont know - they "belief" all is fine - untikl one day site hacked. have a look at the site hacked section of DP forum to see them all whining when its too late ... it's well worth to invest some time to understand ALL available security enhacing / protecting features and learn them ALL. it's something you do ONCE in a full lifetime. site security implemented is just like loosing your virginity. once done all else is but fun! as of today, I just almost finished my security topic / after 11+ yrs of web publshing ) and have spent many hudnred hrs surfing, learning, studying and testing my new servers. there is no ultimate server security but there might be a point where automated hacker scripts may fail and a hacker personally may waste too much time to bipass all security measures and he may prefer to search for another site easier to crack. another most important factor ALWAYS is the selection of scripts and software you install. that is a decision you make BEFORE installing. always google for scriptname security alert replace above "scriptname" with the name of script / software in mind see if there are known vulnerabilities and if so if they have been solved properly by developers or persist over time unsolved. haivng security in mind and valueing your own peace of mind, sometimes ( in my case definitely ) I prefer NOT to install certain gadgets and fancy features simply to avoid any additional security problems and to keep all slim and tight - as secure as possible by having all as simple and goal-oriented as possible. learn from LARGEST sites - there is a reason why Google and alikes rarely have fancy gadgets across all sites and pages. how many hackers will you have ? how many DID u have already on your newly purchased dedicated server ? don't know ? have a look at your log files /var/log/messages /var/olog/warn /var/log/apache2/error_log /var/log/apache2/access_log run log files on your local PC using tail -f /var/log/messages etc to watch them chmod ALL 000 unless all configured and secured shut down services unconfigured until you have time to fix services such as mail ( rcpostfix stop ) apache, etc and first install and secure all properly, then open your services to the world adapt paths as needed to your system you definitely have hackers BEFORE YOU stat to think of hackers. NOW these seconds is the very best time for hackers to place rootkits and other malicious code inside your site - entire phishing sies ... because NOW most likely all your site is WIDE open to all, mostly unconfigured, mostly no real passwords, etc the very first visitors to arrive on a new virgin dedicated server before site / domain name is up and running always are hackers ! then Google then all else - and sometimes the site owner. then when all real security is UP - you start using iptables, APF, etc but first you secure the virgin site removing/solving actual vulnerabilities rather than just hide them behind firewall ( iptables etc !!! ) that's why we use a full nessus scan on UNsecured site and solve all, before hiding all fully secured site behind firewalls.
The first step to secure a dedicated server is install a APF or CSF firewall. CSF is good. see this: http://mysql-apache-php.com/basic-linux-security.htm dont forget to run ssh on different port as you might face heavy attacks on port 22.
Hi, We can optimize your server and secure it completely within 1 day. After that, you will receive a complete detailed report explaining all the operations that we made. The price is $49 one time payment. Please send a PM if you are interested. Thanks