aRxS
03-25-2007, 02:47 AM
This server is at layeredtech, I found that I am not using it, thus I might have this server for resell (you will pay to me, and you have all the root access):
Basically the server specs:
Intel Pentium 4 3.6GHz HTT
1024MB RAM
80GB Hard Drive (SATA)
CentOS 4.x
CPanel/WHM Fantastico w/ RVSkins
IP Addresses: 8 (5 Usable)
1500GB Bandwidth
10Mbps Uplink
Just $149/month (unmanaged)
If you want my PSM (http://www.platinumservermanagement.com/) account (for management) just add $29.
Similar configuration at LT costs $149 per month with $49 setup and without cpanel/WHM.
https://order.layeredtech.com/ConfigureServer.lt?method=display&productId=11
TOS and AUP as per layeredtech's.
http://www.layeredtech.com/tos.shtml
http://www.layeredtech.com/aup.shtml
Legal adult material allowed.
No IRC.
No Spam and proxy.
Server has been hardened by PSM:
We've installed CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if your system has been compomised. We've ran CHKRootKit on your system and the output returned clean.
We've installed Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits. We've scanned your system with the Rootkit Hunter and it reported that your system is clean.
APF Firewall has been installed and configured to only allow traffic on the ports that are used.
In addition, we've configured the Anti-DOS function in APF. This additional module helps mitigate and prevent certain types of DOS (denial of service) attacks to your server. A daily cron has been inserted to flush the firewall deny list. This prevents common problems associated with the deny list growing so huge, such as hanging upon bootup, slow down in server performance, etc.
BFD (Brute Force Detection) has been installed. This program works real time in conjunction with APF firewall to block any IP Addresses of users that fail authentication more than 3 times in 10 minutes.
Logwatch has been installed now. This program parses through your server's logs and reports to you via e-mail on a daily basis with tabulated information.
SIM (System Integrity Monitor) has been installed on your server now, this software checks all services 24x7 and restarts them if they are down. An e-mail is dispatched a downed service is detected and restarted.
Apache (HTTPD) web server has been optimized and secured.
MySQL Server has been optimized to perform at it's best under the most common and standard environments.
System Configuration File host.conf has been secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs.
System Configuration File nsswitch.conf has been secured and hardened. We have also optimized it to perform DNS lookups more efficiently.
System Configuration File sysctl.conf has been secured and hardened to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevet other various and similar network abuse.
All of your vulnerable directories (/tmp, /var/tmp, /dev/shm and /usr/local/apache/proxy) have been reviewed and are clean now.
/tmp and /var/tmp have been hardened and secured to prevent the execution of malicious scripts
The old archived logs files that have been rotated located in /var/log have been removed to free up space in the /var partition/directory.
MyTOP has been installed. This is an administrative console based tool for monitoring MySQL threads/processes and performance.
We have setup a root login notification script and logger. This will send an e-mail to 'root' everytime someone logs into your server as root. Also, it will keep track of all logins in a history file located in /var/log/rootlogins
SPRI has been installed now. This program changes the priority of different processes in accordance to their level of importance. You should see at least a 5-20% decrease in the average load level of your server on average.
We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts since they are in the same location on every CPanel server in the world.
!!IMPORTANT!!: If any of your users are using any of those programs, they will no longer work. If you want us to re-enable them, just let us know.
Unused programs have been disabled from the OS of your server. This reduces the chance of being compromised through software exploits on old or deprecated programs.
MultiTail has been installed and gives you the ability to tail (view realtime activity) multiple log files simultaneously.
PHPSysInfo has been installed. This is a GUI (graphical user interface) to your server's vital statistics. You can view it by going to http://0.0.0.0:2086/phpsysinfo-dev/index.php
Replace 0.0.0.0 with your own server's IP Address. You will have to enter your root login information to gain access as it is protected under your root WHM login.
Telnet has been disabled to prevent insecure transmissions of data and passwords, SSH must be used instead of Telnet, and functions the same way.
SSH has been hardened by restricting the SSH Protocol to SSH 2. SSH will function the same way, just more secure.
Fileman (Filemanager developed by gossamer-threads.com) has been installed into WHM with root level permissions. This allows system root files to be edited in an emergency situation when SSH is not accessible. You can access Fileman by going to http://0.0.0.0:2086/fileman/fileman.cgi
Replace 0.0.0.0 with your own server's IP Address. You will have to enter your root login information to gain access as it is protected under your root WHM login.
!!IMPORTANT!! This simulates SSH access, treat it as such, do not use it unless you are familiar with SSH. Moreover, do not execute any commands you are not fluent with. As with SSH, damage can be done if Fileman is not used properly. If you are unfamiliar with SSH, do NOT use this program. It should be left in case of such an emergency.
Again, this file can only be accessed through WHM while being logged in as root.
Shell Fork Bomb/Memory Hog Protection has been enabled. Fork Bomb/Memory Hog protection will prevent users logged into a shell (ssh/telnet) from using up all the resources on the server and causing a crash.
Background Process Killer has been enabled to kill any of the following which are commonly recognized bad processes: BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.
A warning message has been created for the SSH login welcome screen. Any user that logs into your server via SSH, will see a message stating SSH is for authorized users only, and any unauthorized access will be reported to the law enforcement authorities.
Your FTP server software has been upgraded and secured.
We've ran and simulated a basic password scan hack attempt, the results have been emailed to 'root' and a copy of the results have been saved on your server at /root/security/passwordscanner.output
Basically the server specs:
Intel Pentium 4 3.6GHz HTT
1024MB RAM
80GB Hard Drive (SATA)
CentOS 4.x
CPanel/WHM Fantastico w/ RVSkins
IP Addresses: 8 (5 Usable)
1500GB Bandwidth
10Mbps Uplink
Just $149/month (unmanaged)
If you want my PSM (http://www.platinumservermanagement.com/) account (for management) just add $29.
Similar configuration at LT costs $149 per month with $49 setup and without cpanel/WHM.
https://order.layeredtech.com/ConfigureServer.lt?method=display&productId=11
TOS and AUP as per layeredtech's.
http://www.layeredtech.com/tos.shtml
http://www.layeredtech.com/aup.shtml
Legal adult material allowed.
No IRC.
No Spam and proxy.
Server has been hardened by PSM:
We've installed CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if your system has been compomised. We've ran CHKRootKit on your system and the output returned clean.
We've installed Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits. We've scanned your system with the Rootkit Hunter and it reported that your system is clean.
APF Firewall has been installed and configured to only allow traffic on the ports that are used.
In addition, we've configured the Anti-DOS function in APF. This additional module helps mitigate and prevent certain types of DOS (denial of service) attacks to your server. A daily cron has been inserted to flush the firewall deny list. This prevents common problems associated with the deny list growing so huge, such as hanging upon bootup, slow down in server performance, etc.
BFD (Brute Force Detection) has been installed. This program works real time in conjunction with APF firewall to block any IP Addresses of users that fail authentication more than 3 times in 10 minutes.
Logwatch has been installed now. This program parses through your server's logs and reports to you via e-mail on a daily basis with tabulated information.
SIM (System Integrity Monitor) has been installed on your server now, this software checks all services 24x7 and restarts them if they are down. An e-mail is dispatched a downed service is detected and restarted.
Apache (HTTPD) web server has been optimized and secured.
MySQL Server has been optimized to perform at it's best under the most common and standard environments.
System Configuration File host.conf has been secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs.
System Configuration File nsswitch.conf has been secured and hardened. We have also optimized it to perform DNS lookups more efficiently.
System Configuration File sysctl.conf has been secured and hardened to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevet other various and similar network abuse.
All of your vulnerable directories (/tmp, /var/tmp, /dev/shm and /usr/local/apache/proxy) have been reviewed and are clean now.
/tmp and /var/tmp have been hardened and secured to prevent the execution of malicious scripts
The old archived logs files that have been rotated located in /var/log have been removed to free up space in the /var partition/directory.
MyTOP has been installed. This is an administrative console based tool for monitoring MySQL threads/processes and performance.
We have setup a root login notification script and logger. This will send an e-mail to 'root' everytime someone logs into your server as root. Also, it will keep track of all logins in a history file located in /var/log/rootlogins
SPRI has been installed now. This program changes the priority of different processes in accordance to their level of importance. You should see at least a 5-20% decrease in the average load level of your server on average.
We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts since they are in the same location on every CPanel server in the world.
!!IMPORTANT!!: If any of your users are using any of those programs, they will no longer work. If you want us to re-enable them, just let us know.
Unused programs have been disabled from the OS of your server. This reduces the chance of being compromised through software exploits on old or deprecated programs.
MultiTail has been installed and gives you the ability to tail (view realtime activity) multiple log files simultaneously.
PHPSysInfo has been installed. This is a GUI (graphical user interface) to your server's vital statistics. You can view it by going to http://0.0.0.0:2086/phpsysinfo-dev/index.php
Replace 0.0.0.0 with your own server's IP Address. You will have to enter your root login information to gain access as it is protected under your root WHM login.
Telnet has been disabled to prevent insecure transmissions of data and passwords, SSH must be used instead of Telnet, and functions the same way.
SSH has been hardened by restricting the SSH Protocol to SSH 2. SSH will function the same way, just more secure.
Fileman (Filemanager developed by gossamer-threads.com) has been installed into WHM with root level permissions. This allows system root files to be edited in an emergency situation when SSH is not accessible. You can access Fileman by going to http://0.0.0.0:2086/fileman/fileman.cgi
Replace 0.0.0.0 with your own server's IP Address. You will have to enter your root login information to gain access as it is protected under your root WHM login.
!!IMPORTANT!! This simulates SSH access, treat it as such, do not use it unless you are familiar with SSH. Moreover, do not execute any commands you are not fluent with. As with SSH, damage can be done if Fileman is not used properly. If you are unfamiliar with SSH, do NOT use this program. It should be left in case of such an emergency.
Again, this file can only be accessed through WHM while being logged in as root.
Shell Fork Bomb/Memory Hog Protection has been enabled. Fork Bomb/Memory Hog protection will prevent users logged into a shell (ssh/telnet) from using up all the resources on the server and causing a crash.
Background Process Killer has been enabled to kill any of the following which are commonly recognized bad processes: BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.
A warning message has been created for the SSH login welcome screen. Any user that logs into your server via SSH, will see a message stating SSH is for authorized users only, and any unauthorized access will be reported to the law enforcement authorities.
Your FTP server software has been upgraded and secured.
We've ran and simulated a basic password scan hack attempt, the results have been emailed to 'root' and a copy of the results have been saved on your server at /root/security/passwordscanner.output