Best WHM/cPanel Book & Security

[cmariomej]

Hello all:

I'm new to all this and would like to get suggestions from the pros on what you think is going to be the best book to learn how to manage the WHM/cPanel. It doesn't have to be a book, it can be any type of resources like websites, forums (other than cpanel.net), any documents, etc.
I just got a private server and promptly realized that I need to get more in deep into all this web hosting stuff.
And the last one... after one week of configuring DNS and other stuff I got hacked last night. The hacker uploaded a file called sweetdemon2.php deleting all my files on the account, I don't know how, I guess it was because I had enabled anonymus FTP which of course I already disabled... if you are so kind and know about it, please also include suggestions for security and how to do at least the basic security stuff. Please have in mind that I'm a begginer so at least try to point me to a easy, understandable, step by step tutorial or instructional publication.

Regards,

Cmariomej

[celliott]

www.webhostgear.com and www.eth0.us have some good info.

[cmariomej]

www.webhostgear.com and www.eth0.us have some good info.

Thanx for your reply... By the way, I got the hacker's IP, must be a beginner otherwise he would be using a tool to hide it... what can i do with it? can i call FBI or go to some website to denounce his activities? where?

[celliott]

First of all I suggest you get your server setup with some basic security measures.

There is a good thread here: http://forums.cpanel.net/showthread.php?t=30159

That goes through setting up APF (Iptables based Firewall) and various other bits.

[cmariomej]

First of all I suggest you get your server setup with some basic security measures.

There is a good thread here: http://forums.cpanel.net/showthread.php?t=30159

That goes through setting up APF (Iptables based Firewall) and various other bits.

Thank you... I was looking for that specific thread, I saw it a while ago and couldn't find it...

[Spiral]

cmariomej, I would say there is a 98% chance that you don't actually have the hacker's
IP but rather the IP of some innocent 3rd party who got hacked just like you so reporting
the IP to the FBI or similar is probably pointless although if it is someone else like you
then they will probably want to know about their server being used like that.

Anyway, server and network security is my specific specialty and primary field of
professional expertise and the very best in the business at what I do.

Given that you have been hacked, I would be glad to take a look at your server for
you and see what I can see and you don't have to worry about any charges just to look
things over and evaluate what has happened on your server. It would be a good idea
to do at least that to make sure you aren't more compromised than you think.

Then depending on how good or bad things are and what all needs to be done to get
you up to a more secure and less vulnerable place, then we can discuss what your
options are and the best course of action.

Send me a PM if you want me to take a look at things for you.

[cmariomej]

cmariomej, I would say there is a 98% chance that you don't actually have the hacker's
IP but rather the IP of some innocent 3rd party who got hacked just like you so reporting
the IP to the FBI or similar is probably pointless although if it is someone else like you
then they will probably want to know about their server being used like that.

Anyway, server and network security is my specific specialty and primary field of
professional expertise and the very best in the business at what I do.

Given that you have been hacked, I would be glad to take a look at your server for
you and see what I can see and you don't have to worry about any charges just to look
things over and evaluate what has happened on your server. It would be a good idea
to do at least that to make sure you aren't more compromised than you think.

Then depending on how good or bad things are and what all needs to be done to get
you up to a more secure and less vulnerable place, then we can discuss what your
options are and the best course of action.

Send me a PM if you want me to take a look at things for you.

Hi Spiral... well, you can call me paranoic but the reason I go for the remaining %2 of chances that i have the hackers IP is that yesterday at about 5PM I was working on moving some sites to the new server which by the way most of the transfers failed. I use skype with my nice company's logo in it that has my website's address printed on top of it and suddenly someone IM me a nice "hi"... the person started asking me questions like "where are you from" and things like that. Since I was a little bit bored I replied "I'm from Miami, Florida... where are you from?", The person told me "antalya", after a quick Google search i found it was Turkey... I use an application with skype that gives me map and IP of the person I'm chatting with which I find pretty cool and I confirmed the location there.
We ended up our conversation because she didn't speak English very well besides I promptly realize that the person's nickname doesn't tells if it's a girl or man... it's a Turkish name.
After a few hours of work I checked my website at 7:01 (I remember perfectly), then at 7:15 I went to check that again and the hacker's index page was already in place claiming to be a group from sauid arabia and all my files deleted from my account...
After checking Awstats I found the person's IP on the logs persistently visiting the website from the time we were chatting until the time of the hack. I also compared that to my Web Analytics reports (I pay for that service) and the IP was there along with others from USA...

So again, I know I have the hacker's IP... what should I do with it? If someone knows please reply.

In the other hand many thanx for your offer to check my server, I'm currently applying some of the configurations I found on the webhostgear website and cpanel forums to increase security... Tomorrow the techs from my datacenter are going to perform some jobs that I ask them to do and (DNS issues) and as soon as they finish that i will abuse of your generosity and give you access to see if you find something...

Thanx again