Results 51 to 73 of 73
-
11-23-2005, 11:03 PM #51Junior Guru Wannabe
- Join Date
- Nov 2004
- Posts
- 54
Originally Posted by ShieldTech
/etc/init.d/apf stop
iptables -F
rm -Rf /etc/apf
rm -Rf /etc/rc.d/init.d/apf
rm -Rf /var/log/apf_log
rm -Rf /var/log/apfados_log
rm -Rf /usr/local/sbin/apf
/sbin/chkconfig --level 345 apf off
-
12-13-2005, 10:59 PM #52Newbie
- Join Date
- Dec 2005
- Posts
- 10
Another good thing to check periodically is what binaries are setuid root (I apologize if this has already been mentioned; 50+ replies in this thread):
find / -user root -perm -4000 -print
Review it on a periodic basis and if anything crops up that you know you aren't using, disable it, remove it, etc.
-
01-06-2006, 06:06 AM #53WHT Addict
- Join Date
- Sep 2005
- Posts
- 145
Restrict SSH Access
To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.
SSH into server and login as root.
Note: You can download Putty by Clicking Here. It's a clean running application that will not require installation on Windows-boxes.
At command prompt type: pico /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
-------------------------------------------
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
-------------------------------------------
Uncomment and change
#Port 22
to look like
Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)
Uncomment and change
#Protocol 2, 1
to look like
Protocol 2
Uncomment and change
#ListenAddress 0.0.0.0
to look like
ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)
Note 1: If you would like to disable direct Root Login, scroll down until you find
#PermitRootLogin yes
and uncomment it and make it look like
PermitRootLogin no
Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.
Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.
Now restart SSH
At command prompt type: [b]/etc/rc.d/init.d/sshd restart[b]
Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.
Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.
----
root@server [~]# pico /etc/ssh/sshd_config
-bash: pico: command not found
-----
anyone have idea on this ?
-
01-06-2006, 06:11 AM #54WHT Addict
- Join Date
- Sep 2005
- Posts
- 145
my friend told my try use nano instead of pico , is there any deference between nano and pico ?
-
01-06-2006, 06:11 AM #55Junior Guru Wannabe
- Join Date
- Apr 2004
- Location
- UAE
- Posts
- 62
try: nano /etc/ssh/sshd_config
-
01-06-2006, 06:14 AM #56Junior Guru Wannabe
- Join Date
- Apr 2004
- Location
- UAE
- Posts
- 62
It's just an editor defined in the server to edit your plan text. You can define any other editor instead; every editor has its own functions. But how to re-define another editor? I don’t know.
-
01-06-2006, 06:51 AM #57WHT Addict
- Join Date
- Sep 2005
- Posts
- 145
Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.
after changing ssh port, I SUPPOSE to create new namsever other than ns1.abc.com ns2.abc.com ?
Or it an OPTIONAL ? what the advantaged of it ?
I'm really confusing here
-
01-18-2006, 05:51 PM #58Junior Guru Wannabe
- Join Date
- Feb 2003
- Location
- Atlanta
- Posts
- 81
true?
Originally Posted by 000000000
It contradicts the settings for individual accounts discussed here:
http://www.webhostingtalk.com/showthread.php?t=473272
Curious,
Terry
-
01-19-2006, 08:37 PM #59Web Hosting Guru
- Join Date
- Mar 2004
- Location
- London, UK
- Posts
- 299
Originally Posted by bigscanner
http://www.configserver.com/free/fail.html
- Vince
-
01-31-2006, 06:21 AM #60Junior Guru
- Join Date
- Dec 2005
- Posts
- 207
Thanks everyone!
Awesome thread!
EXTREMELY useful!
I could go on...LOL.
-
02-22-2006, 04:27 AM #61Junior Guru Wannabe
- Join Date
- Oct 2005
- Posts
- 72
What does it mean if I installed APF but after using it for a bit.. it blocks ALL traffic? What am I doing wrong?
-
03-09-2006, 12:00 AM #62Newbie
- Join Date
- Aug 2001
- Posts
- 7
I try to edit the .bash_profile and it says "Could not open file for writing: Permission denied.". Chmod is set to -rw-r--r--. I tried to chmod it and it says "changing permissions of '.bash_file': Operation not permitted.
HELP!
-
03-30-2006, 12:45 PM #63Newbie
- Join Date
- Mar 2006
- Posts
- 5
Originally Posted by 000000000
-
04-01-2006, 11:38 PM #64Newbie
- Join Date
- Apr 2006
- Posts
- 10
Wow, I'm amazed at the quality info on this board, you guys now what you are talking about big time. I just got PMON up and running ... thanks for that rasputinj.
-
04-02-2006, 05:48 AM #65New Member
- Join Date
- Mar 2006
- Posts
- 3
How about anti spam issues
Dear all,
Good day guys.
Is there any skill regarding antispam to learn ?
Thanks
-
04-02-2006, 06:41 AM #66Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
Originally Posted by ejc••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
04-02-2006, 11:45 AM #67Newbie
- Join Date
- Apr 2006
- Posts
- 10
I just turned on antispam about 2 weeks ago on my main site. I might recommend turning on the spam box for about a week or two, just to make sure you aren't getting any false positives. I can say that in the last two weeks, I have had not a single false positive for spam, and I am confident soon to turn of spam box and just let it do its thing. Bye Bye spam!
misterdmc
webmaster
http://www.123hostingsolutions.com
-
04-02-2006, 11:50 AM #68Newbie
- Join Date
- Apr 2006
- Posts
- 10
I just turned on antispam - spam assassin - about 2 weeks ago on my main site. I might recommend turning on the spam box for about a week or two, just to make sure you aren't getting any false positives. I can say that in the last two weeks, I have had not a single false positive for spam, and I am confident soon to turn of spam box and just let it do its thing. Bye Bye spam!
misterdmc
webmaster
http://www.123hostingsolutions.com
-
09-23-2006, 04:29 PM #69WHT Addict
- Join Date
- Mar 2006
- Posts
- 102
super but when i start APF my server stop 5 mins block everything !
-
09-26-2006, 04:19 PM #70Newbie
- Join Date
- Sep 2006
- Posts
- 11
Note 1: If you would like to disable direct Root Login, scroll down until you find
#PermitRootLogin yes
and uncomment it and make it look like
PermitRootLogin no
-----------------------------------------------------------------------------------------------------
i did the permitrootlogin to no but i can still logging with root ?? any idea's ?
Regards
Khaled Mohesen
-
09-26-2006, 06:48 PM #71Quality Web Hosting Matters
- Join Date
- Mar 2006
- Location
- Servers
- Posts
- 1,590
Hello yes you need to restart ssh daemon :
# service sshd restart
Thanks.█ QHoster.com - Web Hosting with DDoS Protection | Shared & Reseller in Europe/North America
█ Linux/Windows RDP VPS 13 Locations : UK, US (5 states), Mexico, Canada, Bulgaria, Lithuania,
█ Italy, France, Germany,Netherlands, Switzerland, Rissia, Singapore | OpenVPN/PPTP Enabled
█ INSTANT | PayPal, Skrill, Payza, Bitcoin, WebMoney, Perfect Money, Ukash, CashU, paysafecard
-
09-30-2006, 04:12 PM #72WHT Addict
- Join Date
- Mar 2006
- Posts
- 102
APF Blocks All the traffic..!! What is wrong
-
09-30-2006, 11:36 PM #73Arbeitsloser
- Join Date
- Mar 2005
- Location
- Cardboard box
- Posts
- 1,027
Originally Posted by crzy