Ways to Prevent Hacker? Expert please come and help

[samtam]

CaN some experts teach me some ways of preventing hackers for cpanel..I.E which type of firewall they will recommend etc.

cPanel.net Support Ticket Number:

[ciphervendor]

Remove the cat5 cable from your server. Problem solved.

[samtam]

What a funny guy you are...

cPanel.net Support Ticket Number:

[hostito]

I would

1) "man ipchains" or man iptables
2) block all unecessary ports.
3) Lock ssh port to required IPs.

Also, chmod 000 wget and /usr/bin/gcc and /usr/bin/cc and such compilers. turn them on only when you want to use them.

Also you can read about editing fstab to limit behaviour in your tmp directory which is common for hacker kid downloads and such.

These are a few suggestions. I hope you find them useful

Using the search feature on this forum will yield many such suggestiongs, nothing new in what I have to say

cPanel.net Support Ticket Number:

[DWHS.net]

Lock ssh port to required IPs.

This ones huge unless they can mask the i.p. allowed.

Still probably the single most effective way to start in securing your server.

-Charles

cPanel.net Support Ticket Number:

[sexy_guy]

Originally posted by hostito
Also, chmod 000 wget and /usr/bin/gcc and /usr/bin/cc and such compilers.

Chmoding your compilers to 000 means very little as far as security is concerned. Recently, i visted a box that was almost hacked. The only thing that saved this box was the firewall. Anyway the hacker got into the box though a phpbb vuln and dropped the .c file in the /tmp directory. When he realized that he couldnt compile the dam thing he proceeded to download the binary version of the same program and dropped that in temp. Big deal for chmodding your compiler pgms to 000 when they will get the binary version of the same thing. Then he attempted to log into the system though his special port but couldnt gain access. I found the pgm and removed it which killed his attemps at getting in.

The moral of the story? Chmodding the compilers means jack! It doesnt work!

cPanel.net Support Ticket Number:

[sexy_guy]

Originally posted by DWHS.net
This ones huge unless they can mask the i.p. allowed.

Still probably the single most effective way to start in securing your server.

-Charles

cPanel.net Support Ticket Number:

Impossible, how many people do you think have static ips? 99.9% of server admins are using a dynamic ip. This is not as important as making sure that you are running a version of Openssh that is not vuln!

cPanel.net Support Ticket Number:

[aussie]

What are tha actual Ipchains or iptables commands to limit SSH access to say IPs aaa.bbb.ccc.ddd and eee.fff.ggg.hhh.

Can someone give examples? Are there batch files anywhere which contain sample firewall commands suitable for helping secure a Cpanel box?

Michael

cPanel.net Support Ticket Number:

[ThunderHostingDotCom]

Originally posted by sexy_guy
making sure that you are running a version of Openssh that is not vuln!

If WHM news says that my version of Openssh is "ok" should I believe it? I have openssh v 0.9.6b is that good?

cPanel.net Support Ticket Number:

[ThunderHostingDotCom]

Originally posted by hostito

1) "man ipchains" or man iptables
2) block all unecessary ports.
3) Lock ssh port to required IPs.

Also, chmod 000 wget and /usr/bin/gcc and /usr/bin/cc and such compilers. turn them on only when you want to use them.

Also you can read about editing fstab to limit behaviour in your tmp directory which is common for hacker kid downloads and such.

Ok, now can you give explination on how to do each of these please? Thank you!

cPanel.net Support Ticket Number:

[raventec]

samtam,

I'm not an expert by a long shot... and if I was, I sure wouldn't be stating I was on this forum LOL!
For a firewall for iptables, I'd say APF http://forums.r-fx.net/apf.php I'm not sure what the BEST firewall is, but it works for me.
It's my understanding that the version of openSSH from cpanel is already patched, but I like to keep it updated anyhow and set to only use ssh protocol2 and disallow root login's.

cPanel.net Support Ticket Number:

[samtam]

Thank you so much for all your help..

cPanel.net Support Ticket Number:

[cass]

raventec :

pico /etc/ssh/sshd_config

config ssh from there, for ex:
change:
#Protocol 2,1
#ListenAddress ::

(just protocol 2, on just one IP address)
Protocol 2
ListenAddress 123.132.123.123

then search for PermitRootLogin and put :
PermitRootLogin no


Regards.

cPanel.net Support Ticket Number:

[compunet2]

Does the ListenAddress support wildcards? Can I put in 123.123.*

Originally posted by cass
raventec :

pico /etc/ssh/sshd_config

config ssh from there, for ex:
change:
#Protocol 2,1
#ListenAddress ::

(just protocol 2, on just one IP address)
Protocol 2
ListenAddress 123.132.123.123

then search for PermitRootLogin and put :
PermitRootLogin no


Regards.

cPanel.net Support Ticket Number:

cPanel.net Support Ticket Number:

[MySundown]

Originally posted by sexy_guy
Impossible, how many people do you think have static ips? 99.9% of server admins are using a dynamic ip. This is not as important as making sure that you are running a version of Openssh that is not vuln!

cPanel.net Support Ticket Number:

So true! My ip changes like crazy (every few hours!) and I'm on a cable modem Also, my ISP has so many ips, some are 66.xxx.xxx.xxx, and some are 216.xxx.xxx.xxx, there's so many different ranges that allowing only those doesn't help me at all

Also, doesn't accessing ssh through a proxy server override the whole ip blocking method, since the server will see the proxy's ip, not yours?

cPanel.net Support Ticket Number: