Results 1 to 14 of 14
  1. #1

    Securing the server?

    Will be getting a new dedicated server. I know that I need to install APF + BFD for sure, but what else would you recommend installing to secure the server? Apache's mod_security module? DOS module? What are the obvious candidates other than APF/BFD?

    Thank you.
    Last edited by jbrauder; 03-30-2008 at 04:31 PM.

  2. #2
    Join Date
    May 2003
    Location
    Scotland
    Posts
    3,728
    hmm, let me see.....

    Install Firewall + BFD
    Lockdown tmp directory
    change your ssh port from 22
    Install mailscanner and clam av
    disable telnet
    disable root login via ssh
    ensure your using ssh p2
    setting a notification if anyone ever logs in to server is good
    bored now but you get the idea.

    if your using cPanel then I could give you 100 tips for adjustments throughout to secure it more.

    know where all your logs are, when something goes wrong its the easiest way to find out what.

    the list goes on.....

  3. #3
    What about apache modules like mod_security, mod_evasive, etc? Are they any useful?

  4. #4
    Join Date
    May 2004
    Location
    Toronto, Canada
    Posts
    632
    If you need more help, you can referr to these great tutorials from Web Host Gear. http://www.webhostgear.com/
    Hussain Baig - 1-866-954-6747
    Toronto based VPS - Dedicated Servers - Colocation
    VPS Fusion - Providing scalable and reliable hosting solutions.

  5. #5
    Join Date
    Jul 2007
    Location
    Does it matter?
    Posts
    146
    mod_security is a wonderful tool. Its actually a Must, with a good ruleset ofcourse.

  6. #6
    On the hardening side, i will recommend that you disable some PHP functionnality . For instance: allow_url_fopen, apache_child_terminate, apache_get_modules, apache_get_version, apache_note, disk_free_space etc..
    For sure you have more than this to harden..

    If you are intered i can give you more tricks

  7. #7
    denyhosts is a must if you are exposing SSH

    http://denyhosts.sourceforge.net/

    Cheers

  8. #8
    Join Date
    Dec 2007
    Posts
    48
    If security is a concern, I’d consider hiring a company like Sagonet.com to do your server securing along with your server hosting. They run monthly updates on the server, secure and harden it, and check for any compromises on the server included in their management package for $35/month. They also have some good articles on the knowledge base: http: //kb.sagone.com if you’d want to secure the server yourself.

  9. #9
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,965
    There is no point in installing all the security softwares if you do not know how to configure them. And it may lead to more vulnerabilities than what they were originally intended for.

    I'd suggest pay like $100 and get a professional to get the server locked down.
    Email: info ///at/// honelive.com

  10. #10
    Join Date
    Jul 2007
    Location
    Does it matter?
    Posts
    146
    Yes I agree with Anantha,

    There is No point of installing any security if they arent configured properly for example mod_security.(it needs to have a good ruleset) as well as mod_evhasive needs to be configured correct.

    There are many others, I'd suggest you to get a good security expert in this case.

  11. #11
    I pulled this from our knowledge base. Hope it helps.

    Bastille Server Hardening
    Bastille
    How secure is your server?

    While there is no single checklist, analysis tool, or script that will tell you the answer to this question, a good place to start is Bastille.

    This free tool is available from:

    http://bastille-linux.sourceforge.ne...astille_on.htm

    This is a great tool to learn more about the areas that are commonly used to exploit systems and assist you in hardening your server.

    The installation instruction are also there. It is extremely easy to install, but note it does require the perl-curses package to be installed to provide the interface used when run in the shell.

    (Note as well you can run the X front end and use X forwarding to have this tool forward the GUI to the system you are ssh'ing in from. However, this may require you to install additional packages on your server. It may be easier just to use the shell version, it works pretty good.)
    Shawn Bray
    Pinellas Hosting - www.pinellashosting.com
    Dedicated Servers | Collocation | Webhosting | Data Backup | Domain Registration

  12. #12
    Join Date
    Mar 2008
    Posts
    83
    If you're asking what to install/do to secure your server, I'd suggest you get someone more experienced to do it because I think you'll probably do more harm than actually securing your server if you did it yourself. No offense here though
    <- myusername dot com is not a link to sites or images containing pornography, sexually explicit, gross violence, warez etc.

  13. #13
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,878
    * Moved to Technical and Security Issues....

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  14. #14
    Join Date
    Mar 2008
    Posts
    72
    I'd suggest you to choose CSF instead of APF , csf is much better , also read tutorials on WHT to optimize and secure your server.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •