The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Requesting some Tips and Tricks

Discussion in 'Security' started by petru, Dec 29, 2013.

  1. petru

    petru Active Member

    Joined:
    Jul 12, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hey guys,

    I recently had my server hacked and had a 24 hour tennis match with the server.

    I've finally got some confidence that I have the server back.
    But I need to make sure that this doesn't happen again,
    One of the things I'd like to do is only allow root access from my particular IP or Australian Region (most of the time the attacks are overseas)

    I'd also like to change the port for my SSH, I looked in to how to change it but I cant seem to get it right.
    I opened the config file via FTP but didnt see anything about ports, and I also tried a suggested "#port 22"
    command that didn't really help. Could someone give me a step by step as to how to do this?

    Only allowing root access from a particular IP would be great. and I would feel most comfortable with it.

    And please give me some tips on how to keep my server secure. I'm not sure if it's possible to check but they may have installed a backdoor to the server. Although I did some scans with RKhunter and didn't pick up on much.

    Even if you can recommend a commercial Security Plugin that doesn't cos and arm and a leg and my first child, That'd be great too..

    Thanks.
     
  2. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Only allowing access to your server from a specific IP address or range of IP addresses, will require a firewall. If you don't already have one, I recommend CSF.

    To change the port on ssh, you're on the right track. Be very careful however, one wrong move and you could easily disable access to your server via SSH. You should connect via SSH to your server, and edit the /etc/ssh/sshd_config file.
    Uncomment that line

    # Port 22
    and change it to any non-used port. (something like 22122), so that it then reads:

    Port 22122

    Save the file and reload SSH (but do NOT log out of your current window until you have tested that it works with the new setting).

    Finally, I recommend reading the following: Securing Your Server
     
  3. petru

    petru Active Member

    Joined:
    Jul 12, 2013
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hi Peter,

    Thanks for your reply.
    I managed to change the SSH Ports earlier, The information that you provided me was the same information that I've found in other sources..Except one. I found an article on how to change the SSH Port. and apparently you need to open the file with
    then edit the file with vi commands.

    Im not sure if there is another way but i couldn't figure it out, But the vi editor way worked well.

    I've already got CSF installed, I went through the security check and corrected some issues that I had.
    Also decided to add some Host Access Control permissions and set WHM and FTP to only be accessed via my IP
    And also changed the port of SSH. but didn't restrict it to my IP in case my IP Changes. I think I might be secure enough to unblock the world from the server. But I'll look further in to protection and see what else I can do first.

    Would you also know if I can restrict access to ports? Like my SSH port and 2087 to only my IP?
    I dont have any reseller accounts, Nor do I want or need them.

    Thanks
     
  4. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Yes, CSF will allow you to protect any service by ports. Instructions on how to do so are in /etc/csf/readme.txt
     
  5. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello,


    You need to scan complete server on first priority also please see if there are any root symlinks are available. This kind of attack generally occurs when root level hacking occurred. I would suggest you to have a look on below security checklist that you should perform :

    ==================================
    CSF hardening
    Installing Mod-Security
    Installing Clamav Anti Virus
    Installing Maldet
    Installing LSM
    Installing PRM
    Lockdown & Hardening the Root Password
    Secure SSHD Port
    sysctl.conf Hardening
    host.conf Hardening
    Network Security with hosts.allow & hosts.deny
    nsswitch.conf Hardening
    Enable DDOS Protection
    Root Login Email Notifications
    Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm)
    Security Updates as released by OS and/or Control Panel
    Disable Unwanted Services
    Enable PHP Open_Basedir Protection
    Enable mod_userdir Protection
    Securing Console Access
    PHP5 Hardening with disabling php functions.
    ==================================


    Thank you
     
Loading...
Similar Threads - Requesting Tips Tricks
  1. danielpmc
    Replies:
    4
    Views:
    178
  2. iso99
    Replies:
    3
    Views:
    943

Share This Page