Results 1 to 15 of 15
  1. #1
    Join Date
    Sep 2005
    Posts
    480

    1 Time Hardening Checkup

    There are quite a few good management companies recommended here for monthly management but we are actually looking for a reputable company to do a 1 time hardening + checkup on our server (CentOS + cpanel). Not sure if these are 2 separate things but would like to get some opinions on who we should check out. Any feedback on who & why would be great!

    Thanks!

  2. #2
    Join Date
    Dec 2007
    Posts
    161
    mod : i think this would be better in the offers / advertising section under employment
    if ($life == "fair") {exit;}else ($life = "1") {$reality_sets_in = 1;
    $server_cost = relative";
    $shared_host = $bye - $bye;}

  3. #3
    Join Date
    Oct 2004
    Location
    Shimonoseki
    Posts
    2,101
    Since it is cPanel, I recommend PSM
    They are charging monthly, but you can cancel subscription after a month, and it will still be a lot cheaper than other companies' one-time fee.

    and you will have a whole month if anything goes wrong, or if you want to install other things.
    Closed for winter...

  4. #4
    Join Date
    Sep 2005
    Posts
    480
    Thanks. Keep the recommendations coming please.

  5. #5
    Join Date
    Jun 2006
    Posts
    405
    PSM would be a good choice as already stated and having the entire month to make sure are setup the way you want would be good. You could always tell them what you are doing to so they do not think it is bad service related.

  6. #6
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,951
    Quote Originally Posted by natsh View Post
    mod : i think this would be better in the offers / advertising section under employment
    He doesn't appear to be looking for offers, only recommendations. In that case, it's fine here.


    For once off fixes and work, I've use Steven at Rack911 before. Does a great job, very efficient and thorough. Reasonable pricing, too.
    Having problems, or maybe questions about WHT? Head over to the help desk!

  7. #7
    Join Date
    Aug 2002
    Location
    Atlanta, GA
    Posts
    1,114
    I'd suggest http://www.configserver.com/

    We've used them on a number of client Cpanel servers and they seem to do a very good job.
    SiteSouth
    Atlanta, GA and Las Vegas, NV. Colocation

  8. #8
    Greetings:

    Hmmm... one time hardenings of a server....

    Sigh....

    One of the biggest mistakes I've seen people make over the past 12.5 years in business is believing a one time server hardening is better than no server hardening at all.

    If you have equipment connected to the Internet, security has to be a way of life.

    Hardening a server is like charging the battery; but the battery needs to be charged on a regular basis.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  9. #9
    Join Date
    Jul 2005
    Location
    New Jersey, US
    Posts
    1,507
    Security hardening definitely should be done on a regular basis, but if you can't, then doing it once is better than absolutely nothing at all.
    PlatinumServerManagement (also known as PSM)
    The OLDEST and LARGEST and MOST TRUSTED server management provider in the USA, with 15+ employees and growing!
    Providing quality support for OVER 18 years! Currently supporting over 3,000+ servers monthly!

    www.PlatinumServerManagement.com Proud member of the NJ BBB & Chamber of Commerce & Authorized cPanel Partner.

  10. #10
    Like on a few other threads I would recommend Total Server Solutions (totalserversolutions.com).
    SceneGroup.net - Providing a better web hosting experience since 2001
    Shared Web Hosting, VPS, Managed VPS, Dedicated Servers and Managed Dedicated Servers

    www.scenegroup.net

  11. #11

    *

    Why $70 to do this?

    php -i | grep php.ini
    vi /usr/local/lib/php.ini
    service httpd restart
    cat /etc/redhat-release
    uname -a
    yum
    cat /etc/grub.conf
    yum update kernel
    uname -a
    vi /usr/local/lib/php.ini
    service httpd restart

    Does not equal this!

    The internet is a very dangerous place and just because a server is new does not mean that it is secure. Even if your system has the latest updates from Redhat or your vendor it is still not secure in a shared hosting enviroment. This package will harden an existing system. If your system has been compromised and is hacked please contact us for a quote as there will be an additional charge which varies upon the complexity of the repair job. Steps to be taken:

    * Security audit
    * Limit compiler & fetch utilities access to root only
    * Correct folder permissions to prevent directory transversal on unprivileged users
    * Logwatch configuration
    * Host.conf & sysctl hardening
    * Noexec, Nosuid temporary directories
    * RkHunter Installation.
    * Installation and configuration of APF
    * SPRI (System priority) installation
    * Kernel update
    * SSH Server Hardening
    * TCP/IP Hardening
    * Disable of dangerous php functions
    * BFD (Brute Force Detection) Installation
    * Update all server/control panel software
    * Disabling Unused Services
    * Install and configure Mod_Security with a mildly aggressive ruleset
    * System Integrity monitor
    * RPM Package Audit
    * Check/secure configuration defaults on common services
    * Mod_dosevasive
    * Zend Optimizer Installation
    No APF, BFD, etc etc

    Should have just done it myself!

  12. #12
    Join Date
    Aug 2003
    Posts
    2,003
    Wait wait..which company did that, unclejjf? If you payed for the below and that's all they did then..yea that definitely doesn't give your $70 worth.

  13. #13
    Why would I want to give out the name for?
    They have all my root usernames and passwords for the server & the server host.

    To be honest I'm thinking about just hiring somebody F/T local to handle all of this.
    Kinda sad, would have been easier/cheaper to hire a full time management company to handle all of these servers then hiring a F/T employee. But I don't have the time to deal with all this!

  14. #14
    Join Date
    Feb 2005
    Location
    India
    Posts
    1,048
    Change the password then ;-)

    Am sure you would have read what they did before ordering right?

  15. #15
    Join Date
    Aug 2003
    Posts
    2,003
    Yea, I would change all of my passwords after hiring an admin/company of any sort to do work on a server. Leaving them the same after anyone accesses it is just asking for trouble.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •