This topic has been written primarily for Linux (cPanel) VPS/Dedicated Servers. However most content will be useful on any Linux VPS/Dedicated Server.
If you have a VPS or Dedicated server you can use some of the methods below to secure and optimize your server.
Disclaimer: Although great care has been put into the below tutorial myself nor this site is responsible for any loss or damages as a result of using this guide. You should consult your host if you are unsure of what you are doing.
--------------------------------------------------------------------------
Kernal
With VPS servers you do not have access to kernal, this is good in some ways, because if you don't have access to it, neither do hackers or spammers (which limits what they can do). It's also bad in a way because you do not have control of it.
Check for Form mail Form mail is used by hackers and spammers to send out spam email, by relay and injection methods.
Command to find Form mails:
PHP Code:
find / -name "[Ff]orm[mM]ai*"
CGIemail is also a security risk:
PHP Code:
find / -name "[Cc]giemai*"
Command to disable form mails:
PHP Code:
chmod a-rwx /path/to/filename
(a-rwx translates to all types, no read, write or execute permissions - this disables all form mail)
If a client or someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.
Root Kit Checker - http://www.chkrootkit.org/ Check for root kits and even set a root kit on a cron job. This will show you if anyone has compromised your root. Always update chrootkit to get the latest root kit checker. Hackers and spammers will try to find insecure upload forms on your box and then with injection methods, try to upload the root kit on your server. If he can run it, it will modify a lot of files, possibly causing you to have to reinstall.
To install chrootkit, SSH into server and login as root.
As command prompt type:
PHP Code:
cd /root/
wget [url]ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz[/url]
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
To run chkrootkit at command prompt type:
PHP Code:
/root/chkrootkit-0.44/chkrootkit
Make sure you run it on a regular basis, perhaps including it in a cron job.
Execution - 3 Commands
PHP Code:
./chkrootkit
./chkrootkit -q
./chkrootkit -x | more
Install a root breach detector and email warning When someone accesses root you will be warned quickly by installing a detector and warning at your box. You will get the IP address of the person accessing your server.
To have the server e-mail you everytime someone logs in as root, SSH into the server and login as root:
At command prompt type:
PHP Code:
pico .bash_profile
Add the following to the end of the file:
PHP Code:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" [email]your@email.com[/email]
Save and exit.
To set a SSH legal message, SSH into server and login as root.
At command prompt type:
Enter your message, save and exit.
Example Message:
PHP Code:
You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.
This system is restricted to authorised access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.
Restrict SSH Access To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.
SSH into server and login as root.
Note: You can download Putty by Clicking Here (http://www.chiark.greenend.org.uk/~sgtatham/putty/). It's a clean running application that will not require installation on Windows-boxes.
At command prompt type:
PHP Code:
pico /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
PHP Code:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment and change
to look like
(choose your own 4 to 5 digit port number (49151 is the highest port number)
Uncomment and change
to look like
Uncomment and change
PHP Code:
#ListenAddress 0.0.0.0
to look like
PHP Code:
ListenAddress 123.123.123.15
(use one of your own IP Addresses that has been assigned to your server)
Note 1: If you would like to disable direct Root Login, scroll down until you find
PHP Code:
#PermitRootLogin yes
and uncomment it and make it look like
PHP Code:
PermitRootLogin no
Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.
Note 2: You can also create a custom nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.
Now restart SSH
At command prompt type:
PHP Code:
/etc/rc.d/init.d/sshd restart
Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.
Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.
After SSH has been redirected, disable telnet.
Disable Telnet
To disable telnet, SSH into server and login as root.
At command prompt type:
PHP Code:
pico -w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type:
PHP Code:
/etc/init.d/xinetd restart
Disable Shell Accounts
To disable any shell accounts hosted on your server SSH into server and login as root.
At command prompt type:
PHP Code:
locate shell.php
Also check for:
PHP Code:
locate guardservices
Note: There will be several listings that will be OS/CPanel related.
Examples are:
/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.
Disable identification output for Apache This will help you prevent unauthorised people finding out your Apache version ie. hackers.
To disable the version output for proftp, SSH into server and login as root.
At command prompt type:
PHP Code:
pico /etc/httpd/conf/httpd.conf
Scroll (way) down and change the following line to
PHP Code:
ServerSignature Off
Restart Apache - At command prompt type:
PHP Code:
/etc/rc.d/init.d/httpd restart
Web Host manager and cPanel mods
These are items inside of WHM/cPanel that should be changed to secure your server.
Goto
Server Setup =>> Tweak Settings
Check the following items...
Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behaviour for new accounts - blackhole
(set this to FAIL to reduce server load)
Under System
Use jailshell as the default shell for all new accounts and modified accounts
Go to [b]Server Setup =>> Tweak Security[b]
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.
Goto
Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.
Goto
Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection
When setting up Feature Limits for resellers in
Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.
Go to
Service Configuration =>> FTP Configuration
Disable Anonymous FTP
Go to
Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)
Go to
Mysql =>> MySQL Root Password
Change root password for MySQL
Go to
Security and run Quick Security Scan and Scan for Trojan Horses often.
The following and similar items are not Trojans:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod
Update OS, Apache and CPanel to the latest stable versions. Firewall - APF:
http://www.webhostgear.com/61.html
Submit Your Article 
Forum Rules 
FAQ 
About Us 
