hello I'm running a dedicated server, i had dr. web running but i disabled it and uninstall it. should i do something or install a security product? or it's safe the way it's running now? thank you my plesk provide my with an option of installing: Kaspersky antivirus module should i do that? I'm afraid that my server might be hacked
Is your dedicated server Windows? If it is, then install the anti-virus. If it is Linux, don't bother about AV. Install the open source OSSEC (to monitor your logs, files, etc) and monitor your sites remotely for malware/hack/errors with sucuri.net
Glad i got your blog address i have few questions if i may please: -how do i change root admin password for SSH? -how can i use keys? thanks for the help again and again RHS-Chris^
To change the root password, you need to be logged in as the root user in a ssh session, then issue the change password command: passwd root Code (markup): It will ask you for it twice to confirm. To setup ssh keys, you need to generate a public / private pair. I like to use PuttyGen for this. Here is a link as well for more info.
--------------------- SSHD Begin ------------------------ Failed logins from: Illegal users from: hello RHS-Chris, do you think that somebody is attempting to break my password? 986 time is too much.. what do you think? thanks.
I think you need to move your SSH port to something non-standard. This will stop people/bots from trying to brute force it. I did write a couple of articles about SSH security a while back as well. First One Second One Hope they help, Chris
how can i edit /etc/ssh/sshd_config using putty? because after browsing to this file using putty: i cannot modify in it, i can just go up,down,left and right.. thanks for the help again.
You have to go into insert mode to edit the file, hit INS. Once done editing, hit ESC, then :wq to save.
1. Install csf firewall. 2. harden your SSH server harden your SSH against brute force logins. just run on different port other than 22. check this out: http://mysql-apache-php.com/basic-linux-security.htm
Install Rkhunter also, this will help protect your server from rootkits by running a daily scan. You should also customise your CSF rules to prevent DDoS and failed logins.
as stated above, changing the port and using CSF are some steps you should first take. you shouldn't have anyone trying to hack your SSH.
In general, you need to turn off all unused serviced (for example, pop, ftp) and it's a good idea to change ssh/RD ports.
Why did no one tell him to run "yum update" ? Wouldn't be best to have his server services up to date?
There's many things to consider when running a dedicated server that's exposed to the Internet. I'd say the most important starting points are: Don't start services you don't need. Disable such services. Keep your system up to date. Install a firewall package like CSF.
Most of the self-help tools you will find on the web are geared to server hardening. While server hardening is a good place to start, you really have to focus on ongoing security efforts. In my experience, most hacks are due to people not updating their web applications. If you have installed blog software, shopping cart, forum or other off-the-shelf software, I recommend you join the software vendors mailing list and stay atop of updates. I generally find that attackers or bots get into servers through outdated web applications. After they gain entry, they attempt to exploit the OS. So if you are not updating your OS, there is a risk that they can gain root level access. Once they have root, you typically have to restore the system. So in addition to server hardening, I generally recommend ongoing system updates and monitoring of your web applications.