Page 5 of 13 FirstFirst ... 2345678 ... LastLast
Results 101 to 125 of 309
  1. #101
    I found APF to be quirky... but that's just me. CSF runs lean and mean and does way better than APF did on my box. I'd recommend combining CSF/LFD with MailScanner (through Chripy's site HERE.) Great way to go.
      0 Not allowed!

  2. #102
    Join Date
    Oct 2007
    Location
    http://www.Lundro.AL
    Posts
    18
    any one have use lynis
    http://www.rootkit.nl/projects/lynis.html


    i have a ask for u whats the best anti rootkit
    rootkit hunter or chkrootkit or zeppoo.net or a new anti rootkit
    Last edited by etusha; 12-11-2007 at 02:02 PM.
      0 Not allowed!

  3. #103
    Frynge, awesome tutorial!
      0 Not allowed!

  4. #104
    Spam Assassin
    Spam Assassin can take up a lot of memory and make it really hard to host just a few sites on a VPS, but there is a way around this...

    Login to WHM as root, scroll down to "cPanel 10.8.1-R15" (it may be slightly different depending on what version you are using) then goto "Addon Modules" and install "spamdconf". Once it's done, refresh the WHM page, scroll down to "Add-ons" on the nav bar and then click on 'Setup Spamd Startup Configuration". Set "Maximum Children" to "2". Then hit Submit. Wait a few seconds (15-30, but usually less) for exim to restart and you're done .
    whm 11.11 and cpanel 11.16 don't seem to have this option, where would I be able to find it?
      0 Not allowed!

  5. #105

    root logins stopped working

    Hello,
    I had to recompile apache now root logins are no longer being emailed to me. I pico .bash_profile and the email and everything is there. Any ideas on how to fix this? thanks,
      0 Not allowed!

  6. #106
    Join Date
    Sep 2007
    Posts
    39
    if i done this steps will my security be perfect??
      0 Not allowed!

  7. #107
    Quote Originally Posted by hero525252 View Post
    if i done this steps will my security be perfect??
    Perfect security doesn't exist, a proper hardening of your server(s) will help in 99.5% of security threats

    for a perfect security you have to unplug your server from network, unplug from power and lock it in a safe (dont lost the key or combination)
      0 Not allowed!

  8. #108
    Join Date
    Oct 2007
    Location
    http://www.Lundro.AL
    Posts
    18
      0 Not allowed!

  9. #109
    Join Date
    Dec 2005
    Posts
    3,110
    Quote Originally Posted by hero525252 View Post
    if i done this steps will my security be perfect??
    Although this thread does have some very good information & advice, there is more that can be done to improve the security of your server.

    If you are hosting something which is mission critical to security you could always consider hiring a management company to do a once-over hardening on your machine or VPS in this case. The main key to security is to ensure all packages on the server are kept upto date, and to monitor the content of your accounts.

    or burn it
    - I guess that works too
      0 Not allowed!

  10. #110
    Join Date
    Feb 2007
    Posts
    148
    Hi,

    Can somebody let me know the exact steps how to harden /tmp on a VPS?

    Regards,
      0 Not allowed!

  11. #111
    Join Date
    Dec 2006
    Location
    California
    Posts
    20
    Quote Originally Posted by zwtint View Post
    Hi,

    Can somebody let me know the exact steps how to harden /tmp on a VPS?

    Regards,
    mount -t tmpfs -o noexec,nosuid tmpfs /tmp/
      0 Not allowed!

  12. #112
    Quote Originally Posted by zwtint View Post
    Can somebody let me know the exact steps how to harden /tmp on a VPS?
    Do not think of it as a skill or a trade (as with many other tips around) you need a basic understanding of Unix (file system, superstructure, executables, suid bits...) and things like this would come natural. Anyone running their own server without an operator really should, and easily could learn this.

    With jiggerbit's answer you are still unsure what it really does, and if you break functionality of some other system component... It always comes back to the basics.
    Last edited by nixadm; 01-29-2008 at 07:03 AM.
      0 Not allowed!

  13. #113
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Hello all,
    My forum's can sometimes be quite laggy, and I'm not sure why. Load times are averaging at 2+ seconds. I'm on VPS hosting (I have 512Mb of memory - server stats are here).

    My forums are getting the same amount of people online as usual (e.g. a bit before peak time: "Users Online: 73 Guests, 41 Users over 15 minutes").

    I've carried out the optimisation tips mentioned here (i.e. I've changed the relevant settings in my.cnf and httpd.conf).

    However I'm not sure what's causing this lag. I use SMF as my forum software, which is a very reliable and speedy software (other forums with millions of posts run SMF fine; I only have 800,000 posts).

    Upon inspection, I found out that certain queries are lagging like mad:

    DELETE FROM yabbse_sessions
    WHERE last_update < 1201713265
    in /home/tauonli/public_html/forums/Sources/Load.php line 2180, which took 7.59983802 seconds.
    SELECT data
    FROM yabbse_sessions
    WHERE session_id = '2ab5abd09a2bbebd79065efe0af790e4'
    LIMIT 1
    in /home/tauonli/public_html/forums/Sources/Load.php line 2110, which took 12.86598301 seconds.
    REPLACE INTO yabbse_log_boards(id_msg, id_member, id_board)
    VALUES
    (1058514905, 1, 1)
    in /home/tauonli/public_html/forums/Sources/MessageIndex.php line 140, which took 2.8114779 seconds.


    UPDATE yabbse_topics
    SET num_views = num_views + 1
    WHERE id_topic = 60114
    in /home/tauonli/public_html/forums/Sources/Display.php line 174, which took 4.49542999 seconds.



    UPDATE yabbse_members
    SET last_login = 1201723759, member_ip = '88.105.13.104', member_ip2 = '88.105.13.104', total_time_logged_in = 10197033
    WHERE id_member = 1
    in /home/tauonli/public_html/forums/Sources/Subs.php line 556, which took 3.65229011 seconds.



    SELECT
    c.id_cat, b.name AS bname, b.description, b.num_topics, b.member_groups,
    b.id_parent, c.name AS cname, IFNULL(mem.id_member, 0) AS ID_MODERATOR,
    mem.real_name, b.id_board, b.child_level,
    b.id_theme, b.override_theme, b.count_posts, b.id_profile, b.redirect,
    b.unapproved_topics, b.unapproved_posts, t.approved, t.id_member_started
    FROM yabbse_boards AS b
    INNER JOIN yabbse_topics AS t ON (t.id_topic = 60114)
    LEFT JOIN yabbse_categories AS c ON (c.id_cat = b.id_cat)
    LEFT JOIN yabbse_moderators AS mods ON (mods.id_board = t.id_board)
    LEFT JOIN yabbse_members AS mem ON (mem.id_member = mods.id_member)
    WHERE b.id_board = t.id_board
    in /home/tauonli/public_html/forums/Sources/Load.php line 631, which took 15.63650703 seconds.
    Whilst some are completed queries, some are basic queries calling on data from basic table structures.

    Runing ps auxf gets:

    mysql 20172 0.8 13.1 153012 69060 ? Sl Jan29 9:51 \_ /usr/sbin/mysqld
    (0.8% CPU, 13.1% memory)
    nobody 1326 1.0 2.6 56680 13900 ? R 13:00 0:02 \_ /usr/local/apache
    nobody 1515 0.7 2.9 58256 15524 ? S 13:00 0:01 \_ /usr/local/apache
    nobody 1681 0.7 2.6 56388 13636 ? S 13:01 0:01 \_ /usr/local/apache
    nobody 2030 0.6 2.6 56468 13700 ? S 13:02 0:00 \_ /usr/local/apache
    nobody 3104 0.9 2.8 57708 14944 ? R 13:02 0:00 \_ /usr/local/apache
    nobody 3107 0.4 2.4 54824 12660 ? S 13:02 0:00 \_ /usr/local/apache
    nobody 3108 0.7 2.5 55876 13124 ? S 13:02 0:00 \_ /usr/local/apache
    nobody 3367 1.1 2.3 54244 12072 ? S 13:03 0:00 \_ /usr/local/apache
    nobody 3370 0.6 2.4 55500 12672 ? R 13:03 0:00 \_ /usr/local/apache
    nobody 3371 1.0 2.4 54888 12716 ? S 13:03 0:00 \_ /usr/local/apache
    nobody 3384 0.9 3.0 58000 15820 ? R 13:03 0:00 \_ /usr/local/apache
    nobody 3533 0.9 2.4 55276 13024 ? S 13:03 0:00 \_ /usr/local/apache
    nobody 3540 1.0 2.5 56072 13608 ? S 13:03 0:00 \_ /usr/local/apache
    nobody 3588 0.8 2.3 54776 12084 ? S 13:04 0:00 \_ /usr/local/apache
    nobody 3598 3.8 2.6 56260 13704 ? S 13:04 0:00 \_ /usr/local/apache
    nobody 3618 0.0 0.6 47104 3412 ? S 13:04 0:00 \_ /usr/local/apache
    Any ideas on why my forum's are lagging so much would be great
    Thanks,
    Tristan
      0 Not allowed!

  14. #114
    Nice and very useful thread, thanks for posting this!
      0 Not allowed!

  15. #115
    Join Date
    Feb 2003
    Location
    L.A. C.A.
    Posts
    346
    Great thread/article, thanks.
    WLKNS.co - A collection of my programmer thoughts
      0 Not allowed!

  16. #116
    tristanperry

    If you use innodb tables, increase your innodb_buffer_pool_size,
    and increase your query_cache_size and key_buffer_size.

    Good luck.
      0 Not allowed!

  17. #117
    Join Date
    Sep 2004
    Location
    Manchester, UK
    Posts
    22
    Hi there,
    Great post thank you everyone
    I have installed apf on my dedi's and it works great, I have come to install it on my cpanel vps servers and my users report they can not send mail has anyone else had this problem? As soon as I stop apf the mail clears from the que.
    I have made sure these are open in the config file TCP/UDP 25, 110, 143, 465, 993, 995.
    Any ideas?
    Kind regards,
    Rick
      0 Not allowed!

  18. #118
    Join Date
    Feb 2008
    Posts
    39
    what about sql injection thru the cpanel? i got hacked a few times like these.
      0 Not allowed!

  19. #119
    Join Date
    Jan 2008
    Posts
    50
    Great post. Thanks!

    Now I'm sure I'll stick with shared accounts and going to stay away from VPS as long as I can
    =)
      0 Not allowed!

  20. #120
    Join Date
    Mar 2002
    Location
    UK
    Posts
    1,265
    When I use:-
    At command prompt type:
    pico .bash_profile

    Scroll down to the end of the file and add the following line:

    echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com

    Save and exit.
    On my next SSH login I see the errors:-
    -bash :mail command not found
    -bash :echo: write error: Broken pipe
    When I remove the alert all returns to normal.
    cPanel 11.18.3 R21703
    Centos 5

    Any idea why it breaks it?
      0 Not allowed!

  21. #121
    Join Date
    Nov 2006
    Location
    San Francisco
    Posts
    33
    tmp can be secured to be noexec in 1 minute, no reboot required. Nothing can execute there - /var/tmp remains a risk - unless that is mounted separately also:

    /dev/VolGroup00/LogVol02 /tmp ext3 defaults,nosuid,noexec 1 2

    edit the /etc/fstab file, then do a mount -o remount and it will remount /tmp and you are set - just don't be in /tmp when remounting.
    Last edited by greggster; 04-30-2008 at 06:06 AM. Reason: spelling
    Mochabomb - Web Design + Hosting for Geeks
      0 Not allowed!

  22. #122
    Join Date
    May 2008
    Location
    Baghdad
    Posts
    27
    thanx for this nice post
      0 Not allowed!

  23. #123
    Join Date
    Mar 2008
    Location
    Hong Kong
    Posts
    19
    Another great tool against ssh brute force is deny hosts. It uses host.deny file which may be more appropriate for VPSs as the number of iptables rules is usually limited by the VPS provider.
      0 Not allowed!

  24. #124
    Join Date
    Nov 2006
    Location
    San Francisco
    Posts
    33
    Portsentry is one tool that has spared a lot of hacking attempts - I have the same IP's daily trying to get in - here is one way to thwart:

    1. Setup Portsentry (against the recommendations) to scan up to port 65000 or so - I saw a lot of scans start at port 1026 - portsentry is default setup to port 1024, so raised to 65000 and allow 3+ port scans before blocking - that way there are less false alarms or in case someone forgets port 22....
    2. Change your ssh port to the 2000+ range - remember to open your firewall for this new port..
    3. Keep port 22 open on firewall - and now its a honeypot of sort - got to remind users to use the new non-standard port, but script kiddies fall right into it.
    4. Anyone port scanning is only looking to harm, so they get dropped completely for a while and cannot do any more harm. Bye bye.

    Here we see people start on port 1026 a lot - on a typical portsentry install, Squid, VNC and other services lack a layer of protection that FTP, SMTP have - with this setup - not no more:
    From 221.6.145.18 - 2 packets to udp(1026,1027)
    From 221.208.208.86 - 2 packets to udp(1026)
    From 221.208.208.92 - 2 packets to udp(1026)
    From 221.208.208.95 - 2 packets to udp(1026,1027)
    From 221.208.208.97 - 2 packets to udp(1026,1027)
    From 221.208.208.99 - 4 packets to udp(1026,1027)
    From 221.208.208.212 - 4 packets to udp(1026,1027)
    From 222.84.225.189 - 2 packets to tcp(5900)
    From 222.187.221.27 - 4 packets to tcp(7212,8000)
    From 222.216.28.40 - 2 packets to tcp(5900)

    And a word about security through obsecurity - technically a lot of existing security is through obsecurity - just differing levels of randomness - port, 8 character password or 1024 character certificate. If someone knew what port a service is running on, or knew a password, or knew the SSH key - either 4, 8, or 1024 characters - they have access. These random characters is why cracking works. Its only a matter of time before the port/password/certificate is found out if being cracked - even if its 20 years - at some point the attacker quits for an easier target. Again, if we can slow down the hacker, they will move on - or the script will move on. Think car alarms, 3 locks on front the door of an apartment, "The CLUB" - all there to say "move on to an easier target".
    Mochabomb - Web Design + Hosting for Geeks
      0 Not allowed!

  25. #125
    Quote Originally Posted by Apoc View Post
    If you want to do that you should also disable all other functions that enable file execution such as: passthru, escapeshellcmd, popen, pcntl_exec, and I thinkt here might be a few others.
    ok, but tell me where to disable that, where is php.ini file?
      0 Not allowed!

Page 5 of 13 FirstFirst ... 2345678 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •