Well, as some of you may know, I recently opened up a thread asking about the security of a web hosting company, and an overall server. I decided to do a bit of research, and have actually run into a few useful tips. As I learn, I will be updating this thread, in hopes of sharing acquired knowledge. Passwords Make sure that you do not use the same password in any one of your scripts, servers, administrative areas, or even Support sessions. If the same password is used, the whole business could easily be hijacked, through the identification of only one password. Email Support/ Conversations Verify all clients, and ask them to identify themselves. Unless they do so, do not carry out any of their requests. This is to ensure that client accounts are not compromised. If a client provides a false bit of information, make sure you email them back, and ask them to correct it. Also, you may need to ask for passwords or other bits of personal information. This is to ensure that the "hacker" does not run a simple whois scan on the domain, and use the information they get to identify themselves as the rightful owner of the account. Firewall Firewalls could be used to block incoming and outgoing attacks. When your server is compromised, which will happen on most occasions, the hacker will upload files in order to set up a daemon or their own service. To prevent this, a firewall with both egress and ingress could be adapted. Also, software firewalls could be used in order to diminish the pesky monthly fee addon. However, on a very busy server, where CPU and System memory is valuable, a hardware firewall could be adapted. Backups Everyone knows what it feels like to lose hours, or even hundreds of hours, of work. Do this for yourself, and more importantly, for your clients. It is up to you to backup client data. If a hacker does take control, who knows what they could do. A backup is always in place. Home Directory log into putty and go ahead and run the following commands Code: chmod 755 /home Code (markup): Or CD / chmod 755 home Code (markup): PHP In many cases, PHP can be very risky. All php scripts should be tested for vulnrabilities, while the php installation itself should be used to block out common attacks. open off safe_mode = On safe_mode_gid = Off open_basedir = directory safe_mode_exec_dir = directory expose_php = Off register_globals = Off display_errors =Off log_errors = On error_log = yourfile enable_dl off allow_url_open off Code (markup): Apache mod_security - a filter that can watch all requests to see if they match a rule and react by logging or denying the request. suEXEC - http://httpd.apache.org/docs/1.3/suexec.html - This should explain it. DDoS mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etc... mod_evasive presently reports abuses via email and syslog facilities. Know your Server Make sure that you know everything about your server, and that you are not left in the dark about anything. Checkout processes and familiarize yourself with them. This will ensure that you notice any silent processes installed by a potential hacker. Also, this may help you identify viruses, and potent resource consumers. Familiarizing yourself with your server also allows you to recognize slower speeds, CPU usage, and an increase in Bandwidth usage, which could all be signs of a hacking attempt, DDoS, or a Brute Force.
Nice post. I also setup med+high grade ciphers on Apache SSL port, and setup my server to only accept rsa key authentication as a non-root user. I also use a deny-all except configuration for my firewall. One last thing, I have a web application firewall with mod_rewrite, if anyone wants it, please message me.
Nice post mate This is how we can install ConfigServer Firewall Remove the space in the "wget" line above.
One thing I think that you failed to mention is make sure all your software is always updated. I personally also like to use a script called ELS which will make things such as a firewall, BFD, and other things quicker/easier to install. servermonkeys.com/els.php
Turning safe_mode on will kill some of your clients' scripts - no great scripts will run with this on. In addition, they can't dynamically run IonCube as you want to disable enable_dl. You should tweak open_basedir in cPanel's Security Manager. Jay