Results 26 to 50 of 309
-
03-02-2006, 08:30 PM #26Junior Guru Wannabe
- Join Date
- Jun 2004
- Location
- Rockford, Michigan 49341
- Posts
- 30
I think that you can only edit your post for a short time then there perminate.
0
-
03-05-2006, 10:17 PM #27Newbie
- Join Date
- Mar 2006
- Posts
- 18
Fantastic tutorial!
0
-
03-07-2006, 02:18 PM #28Junior Guru Wannabe
- Join Date
- Apr 2005
- Location
- -=heaven=-
- Posts
- 35
I got this from logwatch:
--------------------- SSHD Begin ------------------------
SSHD Killed: 1 Time(s)
SSHD Started: 1 Time(s)
Failed logins from these:
Io****/password from ***.***.***.***: 1 Time(s)
Me**/password from ***.***.***.***: 1 Time(s)
aa***/password from ***.***.***.***: 1 Time(s)
...
...
...
ze****/password from ***.***.***.***: 1 Time(s)
ze**/password from ***.***.***.***: 1 Time(s)
**Unmatched Entries**
Illegal user anonymous from ***.***.***.***
Illegal user passwd from ***.***.***.***
Illegal user ch*** from ***.***.***.***
...
...
...
Illegal user re***** from ***.***.***.***
Illegal user ze** from ***.***.***.***
What does it means?
-- for me, it looks like someone is doing dictionary attack on my ssh server.
Can anyone make a suggestion for me?
Thanks.0
-
03-08-2006, 01:32 AM #29Web Hosting Master
- Join Date
- Nov 2005
- Location
- Seattle, WA
- Posts
- 648
I also suggest for shared hosting that the setting in the php.ini file for disable_functions
be changed to
disable_functions = "system,exec"
Doing that will disable the function that most exploits call upon.0
-
03-13-2006, 12:21 AM #30Disabled
- Join Date
- Dec 2002
- Location
- Amsterdam/Rotterdam, NL
- Posts
- 2,135
Originally Posted by Wizardkid1010
-
03-13-2006, 12:23 AM #31Disabled
- Join Date
- Dec 2002
- Location
- Amsterdam/Rotterdam, NL
- Posts
- 2,135
Originally Posted by zeca40
For a good tutorial on real advanced spam filtering read this article by rvskin: http://www.rvskin.com/index.php?page=public/antispam0
-
03-13-2006, 12:38 AM #32Web Hosting Master
- Join Date
- Nov 2005
- Location
- Seattle, WA
- Posts
- 648
disable_functions = dl,system,exec,passthru,shell_exec
0
-
03-17-2006, 03:32 PM #33Junior Guru
- Join Date
- Apr 2004
- Location
- Miami
- Posts
- 221
Good job !!!
Originally Posted by elix
VPSes are really hard to use with the memory restrictions and CPU limitations...but with some optimization they can definitely serve your websites fast!
MySQL Optimization
Here are my suggested settings for the my.cnf file. This should work well for a VPS with 256-512MB RAM.
[mysqld] max_connections = 400
Server will run out memory before to reach max_connectionsRemarkableCloud.com | Managed Cloud Servers | High-Performance WordPress HostingReseller Packaged | Cloud Hosting | Shared Hosting0
-
03-25-2006, 02:15 AM #34WHT Addict
- Join Date
- Aug 2005
- Posts
- 101
Spam Assassin
Spam Assassin can take up a lot of memory and make it really hard to host just a few sites on a VPS, but there is a way around this...
Login to WHM as root, scroll down to "cPanel 10.8.1-R15" (it may be slightly different depending on what version you are using) then goto "Addon Modules" and install "spamdconf". Once it's done, refresh the WHM page, scroll down to "Add-ons" on the nav bar and then click on 'Setup Spamd Startup Configuration". Set "Maximum Children" to "2". Then hit Submit. Wait a few seconds (15-30, but usually less) for exim to restart and you're done .0
-
03-26-2006, 11:48 AM #35Eternal Member
- Join Date
- Dec 2004
- Location
- New York, NY
- Posts
- 10,710
max_connections = 400 in a VPS with 256 - 512 Mb + Cpanel seem a little high to me
Server will run out memory before to reach max_connectionsMediaLayer, LLC - www.medialayer.com Learn how we can make your website load faster, translating to better conversion rates for your business!
The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business
0
-
04-22-2006, 01:34 PM #36Newbie
- Join Date
- Mar 2006
- Posts
- 18
could someone give a brief example where and how to set this up?
it sounds very useful and i've never managed a sever on my own but i would like to install some of the software lol or what ever it is to protect my site0
-
06-13-2006, 10:16 AM #37Newbie
- Join Date
- May 2006
- Posts
- 13
This is in WMpanel and cpanel.
How about in plesk? do you have the tutorial on that one?0
-
06-13-2006, 11:19 AM #38Web Hosting Master
- Join Date
- Mar 2005
- Location
- Labrador, Canada
- Posts
- 988
Originally Posted by SamOwen
If you're using a Redhat-derived distribution (e.g., CentOS) with spamassassin installed by rpm, you should have a configuration file /etc/sysconfig/spamassassin.
Edit that file and change the "-m" option. Default is "-m5" (five child processes). Try "-m2" (two child processes).
If you're on a different distro, you may need to find the spamassassin startup script and change the "-m" command line option.
Restart spamd for the change to take effect.0
-
06-23-2006, 12:17 AM #39WHT Addict
- Join Date
- Jun 2006
- Posts
- 114
How do I remove or edit the service banners without recompiling the packages of my WHM/cPanel server ? I would like to remove or possibly edit the server application and version banners that can be easily get noticed and grabbed by anybody or scripts even with a simple telnet to the listening port. It is a simple problem but it is always the first attempt of somebody who would want to attack or exploit the certain flaws from the running version of the application/service that he could find with that banner grabbing. The quick way to lure the attacker for his initial phase with this issue could be simply removing the banners or replace the banners with the ones from the completely different service platform. Is there a way to accomplish without recompiling any of the default packages of cPanel/WHM server?
0
-
07-10-2006, 10:15 AM #40Newbie
- Join Date
- Jan 2006
- Location
- Guatemala
- Posts
- 26
If you use Cpanel and WHM, there is a new firewall made by Chirpy that looks great, it uses a lot of less resources than APF and BTF and it is integrated into WHM as an addon as well. And it updates automatically.
Also, you can access CSF from SSH.
You can download CSF with LFD from here:
configserver.com/cp/csf.html
I have just changed APF and BTF for CSF and LFD (both from Chirpy) and it is working really nice in my VPS.
QUESTION:
In your first post you said:
Disable Shell Accounts
To disable any shell accounts hosted on your server SSH into server and login as root.
At command prompt type: locate shell.php
Also check for:
locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts
Note: There will be several listings that will be OS/CPanel related. Examples are
/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
I really want to thank Frynge for this terrific guide.
Regards,
SergioLast edited by secmas; 07-10-2006 at 10:20 AM.
0
-
07-16-2006, 01:52 AM #41Newbie
- Join Date
- Apr 2006
- Posts
- 7
i did not know how to manage a VPS,until i read this ,thank you !
0
-
07-18-2006, 03:13 PM #42Junior Guru Wannabe
- Join Date
- Nov 2005
- Posts
- 98
Hello,
This is a very great thread for newbies like me. After reading it and doing all this stuff I feel much more comfortable now about my new VPS. I do have a few questions though about things that are not clear to me.
First: Checking for formmail.
Can I disable these without interferring with cPanel ?
/usr/local/cpanel/cgi-sys/FormMail-clone.cgi
/usr/local/cpanel/cgi-sys/FormMail.cgi
/usr/local/cpanel/cgi-sys/formmail.cgi
/usr/local/cpanel/cgi-sys/FormMail.pl
/usr/local/cpanel/cgi-sys/formmail.pl
/usr/local/cpanel/install/formmail
Second: Disable shell accounts
How do I do that ? The post says to use "locate shell.php" but it doesn't explain how to disable it. These are the only 3 found by locate.
/usr/local/cpanel/base/horde/admin/cmdshell.php
/usr/local/cpanel/base/horde/admin/phpshell.php
/usr/local/cpanel/base/horde/admin/sqlshell.php
It also says that there will be several that are OS/cPanel related such as /usr/local/cpanel/etc/sym/bnc.sym, should they be disabled too or is this sentence meant as a warning NOT to disable those ?
Third: PHPSuExec
It says that all my users will need to make sure their php files have permissions no greater than 0755. On my current reseller hosting account I've installed a few php based applications for my clients that wouldn't work until I change some permissions to 0777. I'm not sure what PHPSuExec does, what problems should I expect if php files do have greater permissions than 0755 ?
That's it.0
-
07-23-2006, 10:30 PM #43Web Hosting Master
- Join Date
- Mar 2005
- Location
- Labrador, Canada
- Posts
- 988
Originally Posted by EricG
Originally Posted by EricG
"shell.php" is a separate issue. Essentially you're looking for PHP scripts on your server than can be used to achieve shell access. These may have been uploaded by users or fetched by someone exploiting a vulnerable website. The files you've listed about are a part of cpanel's Horde webmail and can be left alone.
Originally Posted by EricG
When using phpsuexec, PHP scripts run as the account user. The account user owns the account's directories, and therefore, the PHP scripts have ready access to write. There is no need to change permissions.
Incorrect permissions or ownership will cause errors when trying to run the PHP scripts. Usually with phpsuexec, files should be chmodded no higher than 644 and directories 755. The files should be owned by the account username, not "nobody" and not "root" (that will also cause a runtime error).0
-
07-25-2006, 05:01 PM #44Junior Guru Wannabe
- Join Date
- Jul 2006
- Posts
- 87
Is that thread cache setting a typo? That one in particular has always been vodoo for me, but that's ten times what I'm using.
I can't immagine not hitting swap before half that many are cached on burstable 256 meg VPS.0
-
07-29-2006, 10:16 AM #45Junior Guru Wannabe
- Join Date
- Nov 2005
- Posts
- 98
Sleddog,
Thanks a lot for your answers, I really appreciate all the help you've given me in the last few weeks.0
-
08-01-2006, 10:24 AM #46Newbie
- Join Date
- Jul 2006
- Posts
- 10
Hello,
I searched for FformMmail and have come up with many entries
/cgi-sys/formmail.cgi
/cgi-sys/formmail.pl
/install/formmail
/cgi/FormMail.html
/cgi-sys/FormMail-clone.cgi
/cgi-sys/FormMail.cgi
/cgi-sys/FormMail.pl
Do I need to change the permissions on each and everyone of these files?
and the same for CGIMAIL?
Thanks for the help, I want to make sure I get started right
John0
-
08-26-2006, 07:54 AM #47Disabled
- Join Date
- Aug 2005
- Posts
- 443
I'd just like to make a quick note on the difference between :blackhole: and :fail: from my personal experience with cPanel servers and Exim:
Since :blackhole: processes the entire email, more resources wind up getting used. I, like many others, have tested replacing :blackhole: with :fail: on some of servers in the past, and can say that easily, without a doubt, less resources (namely CPU and disk I/O) wind up getting used, which helps keep the load average even lower than usual. :fail: will immediately send a 550 error after the invalid RCPT TO: line, vice accepting then discarding the entire email. I'm not saying that will work for everyone, but I have personally seen it immediately decrease resource usage on a shared hosting server with a fairly busy day to day mail flow, and would recommend it to anyone else looking to do the same regardless of the server type.0
-
08-31-2006, 04:49 PM #48Newbie
- Join Date
- Jul 2006
- Posts
- 19
Excellent tutorial! would you mind if i posted it in my knowledege base?
0
-
09-05-2006, 05:14 AM #49Junior Guru Wannabe
- Join Date
- May 2006
- Posts
- 32
thanks, that is a great tutorial
it do help me alot, i think i need some help in some of the basic codes,
hope anyone help me, nope these are not too newbie question
1a) Root breach DETECTOR and EMAIL WARNING
At command prompt type:
pico .bash_profile
Scroll down to the end of the file and add the following line:
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com
Shall i have to do the long way or there a better way then this?
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" admin1@email.com
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" admin2@email.com
echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" admin3@email.com
1b) Mail Receive
ALERT - Root Shell Access on: Mon Sep x 00:00:55 SGT 2006 root ttyp0
Sep x 00:01 (bb000-xx-xxx-7.domains.com) root ttyp1 Sep x 00:01
(bb000-xx-xxx-7.domains.com)
2) Alert Email Sent
Is there a way to set the server to send out more then 1 alert mail (default of 1 mail) to the system admin, Looking at, the server will send to two or more alert to the rest of the system admin.
example 1
LogWatch, SSH into server and login as root.
At command prompt type:
pico -w /etc/log.d/conf/logwatch.conf
Scroll down to
Mailto = your@email.com
Immediate Notification Of Specific Attackers
If you need immediate notification of a specific attacker (TCPWrapped services only), add the following to /etc/hosts.deny
ALL : nnn.nnn.nnn.nnn : spawn /bin/ 'date' %c %d | mail -s"Access attempt by nnn.nnn.nnn.nnn on for hostname" notify@mydomain.com
Replacing nnn.nnn.nnn.nnn with the attacker's IP address.
Replacing hostname with your hostname.
Replacing notify@mydomain.com with your e-mail address.
This will deny access to the attacker and e-mail the sysadmin about the access attempt.
really sorry for these newbie question, as we like the alert to be send to at lest 2-3 server admin when such thing happen....
thanks
Feng0
-
10-04-2006, 11:55 AM #50Disabled
- Join Date
- Oct 2006
- Posts
- 10
Great Tutorial
0