The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Phishing

Discussion in 'General Discussion' started by ankushdawar, Nov 23, 2005.

  1. ankushdawar

    ankushdawar Member

    Joined:
    May 11, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    Hi,

    My servers are getting attacked by scammers, phishing etc.
    I have regularly ensure stuf about 777 permisions and change them for all users to 755.
    But still its happening every now and then.

    Can anyone suggest ways to secure the same.

    Regards

    Ankush Dawar
     
  2. kris1351

    kris1351 Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    963
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Lewisville, Tx
    You can enable phpsuexec and it won't allow any directories or files to be 077 in permissions. It also changes it so all php processes are run by the actual username instead of nobody.

    In addition I recommend going to www.eth0.us and reading some of their security guides. Adding mod_evasive and mod_security could really help you out.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Kris's suggestions are right on, phpsuexec is so very much the way to go, as it makes it immediately obvious who is screwing with what - you can see it in the file ownerships and running processes. Once you have phpsuexec in place you'll be able to see what's going on and focus your efforts on the infested accounts. Make sure you warn your user community though!

    mod_security and mod_evasive - ditto, don't leave home without them. I can't speak highly enough of mod_security.

    There's a lot to learn about server security if you've never done this before. I recommend strongly that you purchase one of the server security packages available from well respected people. Chirpy from www.configserver.com is the acknowledged cpanel security expert, and Steven from www.rack911.com is also very good. Either of those packages will set you a mile ahead of the crowd, and for the $80-$120 it costs you'll literally save yourself from weeks of grief learning how to get it right. I'm an experienced admin (I've taught it professionally and at collegel level for 10 years) and I didn't hesitate to get Chirpy to do the work for me.

    One final thing - check you don't have out of date versions of user-installed software on your system. The most common culprit is phpBB (check in Fantastico if you have it, if not, in cpanel addon manager) but also there were some nasty xmlrpc vulnerabilities a while back.
     
  4. ankushdawar

    ankushdawar Member

    Joined:
    May 11, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    Hi,

    I have quite many servers to fix... around 25.
    The pricing at configserver and rack911 is beyond my budget.
    It will be great if someone can offer me notes to secure the box,
    I will do it on all machines.

    Badly need help !!

    Regards,

    Ankush Dawar
     
  5. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    The search facility on this forum is your friend. ;) So always try a search before you post as it is often much quicker than waiting for a reply to a question.

    A search for 'secure server' came up with this little gem:

    A Beginner's Guide to Securing Your Server
    plus much much more. Should save you some dollars. ;)

    Some good reading for you to get you started on what is a complex and never ending subject. :)
     
    #5 Izzee, Nov 25, 2005
    Last edited: Nov 25, 2005
  6. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    also -

    go over to the site:

    www.webhostgear.com

    Rampage (from these forums) has put together a gem of a site that should be able to help you as well.

    Another option - hire someone to make sure your server(s) are secure

    PlatinumServerManagement.com - as well as Chirpy (not sure his domain) seem to be good...
     

Share This Page