Hello, I have my own vps and I am needing some security tips.. I have CSF and LBD installed and running. But I don't no what else i would need installed.. I have heard that mod_security is good but i have also heard that it has problems with vbulletin. So if anyone could give me a hand with that i would be gratful I would also like some help on how to prevent/stop ddos attacks as I have already had one attack on my site. And how to stop sql injections and other security risks. Thank you
To prevent SQL injections and other types add this to your php.ini (you might have to remove some rules if it breaks sites): disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" Install chkrootkit on daily crontab, install rkhunter, setup LSM to notify you of new ports opened... I dunno, there is a bunch :>
I suggest you change the port of your SSH... from 22 to a random high(more than 10000) port number... In case of DDoS.. well, you can't handle DDoS since you're only in a VPS. but you can contact your host and ask for DDoS protection, some hosts include DDoS protection in their packages. The best way to prevent DDoS, is to stop pissing script kiddies off, lol.
No, it's not true. mod_security can't protect DDOS. Only specialized servers can protect it to a certain extent. You must pay high for it.
mod_security will work fine and will protect the DDOS to some extent we tried it in one of our server, but everything depends on what kind of scripts you use in the site
having mod_security running will infact hurt you in case of a dos attack. mod_security slows down every request, and a dos attack that makes hundreds of requests per second will take advantage of that. mod_security is nothing more then a IDS (intrusion detection system). It's designed to stop intrusions before they reach your web application. It will not provide any defense against ddos.
This number 1 thing to do is securing your folder chmod /home and all users so that people with local premissions can't enter them trough a php shell if you need help hit me up i helped alot of people securing there things =].
You can feel the same performance downgrade when you use PHP IDS for filtering every POST and GET request. http://php-ids.org I've also seen those IDS might trigger false alerts and unfortunately issue 403/406 requests. Visitors are then unable to purchase your products or something like that. I'm seen this scenario in a shopping site. My practice is to use appropriate filter functions like htmlspecialchars, and type checking like is_int ..etc.
The only effective ways to fight against DDoS attacks aren't going to be things you'll be capable of doing from your VPS. In the case of a small attack, you may be able to configure your firewall to bounce some of the data back. For larger attacks, your VPS provider will have to use their own DDoS mitigation techniques. I agree with that was said about changing the port that SSH runs on--this will divert many brute force login attempts. The biggest tip I can provide is to use key based login instead of a password to access SSH. The added security gained from this is huge.
key based login (RSA key authentication) won't be good if your laptop has been compromised or stolen.
Check with your VPS company they may offer some security package, if you use LXadmin control panel it is having lot of security features.