Results 1 to 7 of 7
  1. #1
    Join Date
    Nov 2003
    United Kingdom

    Post How-to Protect your Server. The Basics! (cPanel)

    Well I take NO credit for the scripts provided herein I merely hope to share some things I have found to help me when I setup my VPS...

    First of all we need to install a firewall, even if you don’t start this service this nifty script do's a security audit for you...

    To install ConfigServer Firewall
    SSH into your root and then "cd" into the main directory (normally "cd ..") and now follow the script below
    rm -fv csf.tgz
    tar -xzf csf.tgz
    cd csf
    If you would like to disable APF+BFD (which you will need to do if you have
    Them installed otherwise they will conflict horribly)

    That's it. You can then configure csf and lfd in WHM, or edit the files
    directly in /etc/csf/*

    Now login to cPanel root (WHM)
    and scroll down to the bottom on the left pane and at the bottom you will see a link for ConfigServer Security & Firewall
    Now by default your firewall wont be active which is a good thing as we don’t want any problems as of yet.
    Now click Check Server Security

    Now there might be quite a few items in here you should check. Most items will have a comment next to them and give you a complete guide on how to modify that item that’s come up "Warning"

    For shared web hosting I strongly recommend that you make sure the PHP & SSH tabs are all "Ok" status as this is the man source of problems within a exploit.

    At the bottom you should be shown a score.
    0 to 15 > Wet Paper Bag
    16 to 31 > Dry Paper Bag
    32 to 47 > Wooden Box
    48 to 63 > Brick Wall
    64 to 68 > Reinforced Concrete
    My server is "65" and I cannot push to score "68" as I will not modify some of the items I know are ok. However each server you configure depending on what setup should try and fall above a "48" score!

    Now, once you have sorted most of those and have got a nice score its time to sort the firewall out. Click the Firewall Configuration
    And read each and every item to understand its properties!

    That’s it, once you have done this you can turn your firewall on and depending on what setup you have I recommend you keep to Low profile!

    For more help visit


    SSH login message

    (By default I have this set only to the root user and no shared accounts. but it’s up to you what you do...)

    Top create a login message login via root with your favourite SSH client (PuTTY!!)
    and type this
    pico /etc/motd
    Now type your message here to warn users about your AUP etc..
    Now type Ctrl+X then hit Y and enter
    Saved and all done!


    Another good trick is to have rkhunter check your server for rootkits!

    Yes this tutorial is already out there but you should use it!
    SSH into root
    tar -zxvf rkhunter-1.2.8.tar.gz
    cd rkhunter-1.2.8
    Now cron this!
    pico /etc/cron.daily/
    chmod +x /etc/cron.daily/

    Now update..
    rkhunter --update
    and finaly do a scan!

    /usr/local/bin/rkhunter -c

    There may be some sectors that show as Bad but this should’nt concern you unless it states on results you have a rootkit!

    If you have any findings or extra tweaks please post them in here.

  2. #2
    Join Date
    Dec 2006

    * rhunter update script...

    Here's the rkhunter one-liner I use:
    PHP Code:
    VERSION=1.2.9;echo Installing rkhunter v$VERSION...&&echo -n Downloading...&&wget --quiet$VERSION.tar.gz done&&echo -n Extracting...&&tar zxf rkhunter-$VERSION.tar.gz&&echo done&&echo -n Installing...&&cd rkhunter-$VERSION&&./ 2>&1 >/dev/null&&echo done&&echo -n Updating rkhunter...&&/usr/local/bin/rkhunter --update 2>&1 >/dev/null && /usr/local/bin/rkhunter --update 2>&1 >/dev/null &&echo done&&echo -n Running hash updater...&&chmod +x ../ && ../ -t /tmp 2>&1 >/dev/null&&echo done&&echo -n Cleaning up...&&cd ..&&rm -rf rkhunter-$VERSION* &&echo done 
    The script will update the rkhunter hash files, you won't see anymore false alerts, hopefully.

    p.s. sorry for necro'ing the post

  3. #3
    Join Date
    Apr 2005
    Wow, thanks for this, this came in really handy!
    Zach E. -
    Shared Web Hosting, Reseller Hosting, Cloud VPS & Dedicated Servers
    UK: 0800 138 3235 ❘ USA: 1-800-995-8256

  4. #4
    It's also a good idea to edit your SSH config and change the port to a high number and set it to protocol2.
    * Rock solid shared & reseller UK webhosting. No downtime™ *
    Now offering fully managed VPS servers

  5. #5
    Join Date
    Dec 2002
    Amsterdam/Rotterdam, NL
    Quote Originally Posted by Jeff - Exceed
    It's also a good idea to edit your SSH config and change the port to a high number and set it to protocol2.
    Or better yet, restrict access on the SSH port to only specific IPs. Changing the port to a high number doesn't help much really, if someone wants to find out the port number it only takes a simple portscan.

  6. #6
    Join Date
    Apr 2005
    And set it to only accept Privkey authentication instead of passwords.
    Zach E. -
    Shared Web Hosting, Reseller Hosting, Cloud VPS & Dedicated Servers
    UK: 0800 138 3235 ❘ USA: 1-800-995-8256

  7. #7
    it's so improtent to protect our computer.fireproofing wall is you think so?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts