Well, as some of you may know, I recently opened up a thread asking about the security of a web hosting company, and an overall server. I decided to do a bit of research, and have actually run into a few useful tips. As I learn, I will be updating this thread, in hopes of sharing acquired knowledge.
Passwords
Make sure that you do not use the same password in any one of your scripts, servers, administrative areas, or even Support sessions. If the same password is used, the whole business could easily be hijacked, through the identification of only one password.
Email Support/ Conversations
Verify all clients, and ask them to identify themselves. Unless they do so, do not carry out any of their requests. This is to ensure that client accounts are not compromised.
If a client provides a false bit of information, make sure you email them back, and ask them to correct it. Also, you may need to ask for passwords or other bits of personal information. This is to ensure that the "hacker" does not run a simple whois scan on the domain, and use the information they get to identify themselves as the rightful owner of the account.
Firewall
Firewalls could be used to block incoming and outgoing attacks. When your server is compromised, which willl happen on most occasions, the hacker will upload iles in roder to set up a daemon or their own service. To prevent this, a firewall with both egress and ingress could be adapted.
Also, software firewalls could be used in order to diminish the pesky monthly fee addon. However, on a very busy server, where CPU and System memory is valuable, a hardware firewall could be adapted.
Backups
Everyone knows what it feels like to lose hours, or even hundreds of hours, of work. Do this for yourself, and more importantly, for your clients. It is up to you to backup client data. If a hacker does take control, who knows what they could do. A backup is always in place.
Home Directory
log into putty and go ahead and run the following commands
Or
Code:
CD /
chmod 755 home
PHP
In many cases, PHP can be very risky. All php scripts should be tested for vulnrabilities, while the php installation itself should be used to block out common attacks.
Code:
open off
safe_mode = On
safe_mode_gid = Off
open_basedir = directory
safe_mode_exec_dir = directory
expose_php = Off
register_globals = Off
display_errors =Off
log_errors = On
error_log = yourfile
enable_dl off
allow_url_open off
Apache
mod_security - a filter that can watch all requests to see if they match a rule and react by logging or denying the request.
suEXEC -
http://httpd.apache.org/docs/1.3/suexec.html - This should explain it.
DDoS
mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.
Know your Server
Make sure that you know everything about your server, and that you are not left in the dark about anything. Checkout processes and familiarize yourself with them. This will ensure that you notice any silent processes installed by a potential hacker. Also, this may help you identify viruses, and potent resource consumers.
Familiarizing yourself with your server also allows you to recognize slower speeds, CPU usage, and an increase in Bandwdith usage, which could all be signs of a haccking attempt, DDoS, or a Brute Force.
.
