Requesting some Tips and Tricks

petru

Active Member
Jul 12, 2013
38
1
8
cPanel Access Level
Root Administrator
Hey guys,

I recently had my server hacked and had a 24 hour tennis match with the server.

I've finally got some confidence that I have the server back.
But I need to make sure that this doesn't happen again,
One of the things I'd like to do is only allow root access from my particular IP or Australian Region (most of the time the attacks are overseas)

I'd also like to change the port for my SSH, I looked in to how to change it but I cant seem to get it right.
I opened the config file via FTP but didnt see anything about ports, and I also tried a suggested "#port 22"
command that didn't really help. Could someone give me a step by step as to how to do this?

Only allowing root access from a particular IP would be great. and I would feel most comfortable with it.

And please give me some tips on how to keep my server secure. I'm not sure if it's possible to check but they may have installed a backdoor to the server. Although I did some scans with RKhunter and didn't pick up on much.

Even if you can recommend a commercial Security Plugin that doesn't cos and arm and a leg and my first child, That'd be great too..

Thanks.
 

cPanelPeter

Technical Analyst III
Staff member
Sep 23, 2013
575
21
143
cPanel Access Level
Root Administrator
Twitter
Hello,

Only allowing access to your server from a specific IP address or range of IP addresses, will require a firewall. If you don't already have one, I recommend CSF.

To change the port on ssh, you're on the right track. Be very careful however, one wrong move and you could easily disable access to your server via SSH. You should connect via SSH to your server, and edit the /etc/ssh/sshd_config file.
Uncomment that line

# Port 22
and change it to any non-used port. (something like 22122), so that it then reads:

Port 22122

Save the file and reload SSH (but do NOT log out of your current window until you have tested that it works with the new setting).

Finally, I recommend reading the following: Securing Your Server
 

petru

Active Member
Jul 12, 2013
38
1
8
cPanel Access Level
Root Administrator
Hi Peter,

Thanks for your reply.
I managed to change the SSH Ports earlier, The information that you provided me was the same information that I've found in other sources..Except one. I found an article on how to change the SSH Port. and apparently you need to open the file with
vi /etc/ssh/sshd_config file
then edit the file with vi commands.

Im not sure if there is another way but i couldn't figure it out, But the vi editor way worked well.

I've already got CSF installed, I went through the security check and corrected some issues that I had.
Also decided to add some Host Access Control permissions and set WHM and FTP to only be accessed via my IP
And also changed the port of SSH. but didn't restrict it to my IP in case my IP Changes. I think I might be secure enough to unblock the world from the server. But I'll look further in to protection and see what else I can do first.

Would you also know if I can restrict access to ports? Like my SSH port and 2087 to only my IP?
I dont have any reseller accounts, Nor do I want or need them.

Thanks
 

24x7server

Well-Known Member
Apr 17, 2013
1,907
95
78
India
cPanel Access Level
Root Administrator
Hello,


You need to scan complete server on first priority also please see if there are any root symlinks are available. This kind of attack generally occurs when root level hacking occurred. I would suggest you to have a look on below security checklist that you should perform :

==================================
CSF hardening
Installing Mod-Security
Installing Clamav Anti Virus
Installing Maldet
Installing LSM
Installing PRM
Lockdown & Hardening the Root Password
Secure SSHD Port
sysctl.conf Hardening
host.conf Hardening
Network Security with hosts.allow & hosts.deny
nsswitch.conf Hardening
Enable DDOS Protection
Root Login Email Notifications
Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm)
Security Updates as released by OS and/or Control Panel
Disable Unwanted Services
Enable PHP Open_Basedir Protection
Enable mod_userdir Protection
Securing Console Access
PHP5 Hardening with disabling php functions.
==================================


Thank you