The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Top tips for stopping hackers - contribs please

Discussion in 'General Discussion' started by spaceman, Sep 13, 2004.

Thread Status:
Not open for further replies.
  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hi All,

    My company has 3 US-hosted linux dedicated servers. To our knowledge we haven't been seriously hacked in 4 years, until a few weeks ago. Within the last few weeks, 2 of the 3 have been hacked, requiring fresh installs of the OS + WHM/cPanel. Each hack has cost us approx $1,000+ in terms of data centre support plus our hours here to re-install and re-configure non-standard software (payment processing software etc.) to get the servers back to the way they were.

    I've searched around these forums for hints and tips about how to make our servers more secure. This information seems to exist in small amounts in posts here and there, often as suggestions in response to others who have been hacked.

    I'd like to offer this thread up to anyone would like to offer hints and tips about how to beef up linux web server security. With each piece of advice please try to give a brief how-to and/or link to a website resource that describes what to do more fully.

    Here's a starter:

    1. Limit SSH root access to a fixed list of IP address
    2. Ensure WHM/cPanel and other server software are fully updated with latest patches.
    3. Auto-email a report for all root access logins
    4. Disallow telnet access
    5. Change cpanel//ftp passwords regularly
    6. Install 'bruteforce detection' script: auto-blocks repeated frequent attempts to login. eg. http://www.rfxnetworks.com/bfd.php (there's a 'how-to' install here: http://www.webhostgear.com/60.html)
    7. Firewall the server eg. http://www.rfxnetworks.com/apf.php
    8. Turn off non-essential/unnecessary services (does anyone know of a list of what these might be?)

    Firewalls
    APF
    - http://www.rfxnetworks.com/apf.php

    Intrustion Detection Software

    AIDE (Advanced Intrusion Detection Software)
    - http://sourceforge.net/projects/aide
    Tripwire (...is a tool that checks to see what has changed on your system)
    - http://sourceforge.net/projects/tripwire/ (open source version)
    - http://www.tripwire.com/products/ (commercial version)

    Other Related cPanel Threads
    - http://forums.cpanel.net/showthread.php?t=30159

    General Website Resources on Security

    - http://www.webhostgear.com/cid_6.html (some great 'securing servers' tutorials here)
    - www.linuxsecurity.com
    - http://www.webhostingtalk.com/showthread.php?s=&threadid=307474 (how-to secure cPanel)
    - http://forums.servermatrix.com/viewtopic.php?t=2198&start=0 Improving System Security on cPanel Systems (Servermatrix forum)

    Books on Security

    - Linux Server Hacks by Rob Flickenger (just found this on Amazon, seems well recommended)
    - Any other recommendations here?

    * Please note that we are not linux security experts and are not trying to be! We're just trying to share some hints and tips and resources with others who need to 'up' their linux security without necessarily having the budget to employ experts. *
     
    #1 spaceman, Sep 13, 2004
    Last edited: Oct 5, 2004
  2. dandanfireman

    dandanfireman Well-Known Member
    PartnerNOC

    Joined:
    May 31, 2002
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    1. Ensure that the kernel is up to date.
    2. Turn off access to compilers and scripts like wget.
    3. Make /tmp and /var/tmp noexec.
     
  3. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    I'd put this at or near the top of the "todo" list:

    Install AIDE or Tripwire
     
  4. drmike

    drmike Active Member

    Joined:
    Jul 8, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Charlotte, NC
    Folks, it's one thing to make a list of things to do to protect yourself. It's a much better thing to actually make a list people can use with links and the rest.

    (humour)It's sort of like Bush with chasing bad guys. It's one thing to say he's doing something. It's another thing to actually see something happening. :) (/humour)

    thanks,
    -drmike
     
  5. webits

    webits Well-Known Member

    Joined:
    May 15, 2004
    Messages:
    114
    Likes Received:
    0
    Trophy Points:
    16
    I dig Free Advice

    It's nice when people acutally are so kind to give some free advice to secure our servers. I really apreciate the afford. Spiderman
     
  6. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Its called research, one of the most important jobs of a system admin. If you can't figure out how to find or install any of the above, perhaps your in the wrong industry? ;)

    We could sit here all day detailing this that and the other thing, but most of us have paying jobs. Do the research, or hire someone who can.
     
  7. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    How about this: if you have a suggestion to make, eg. "Turn off access to compilers and scripts like wget." then please can you add value to this suggestion by either
    a) Adding a bit more of a description about how to actually achieve this and/or
    b) providing a link to an online how-to article, tutorial, forum posting or whatever that describes it in more detail.

    I will then be happy to edit my original post with this info so that all the advice is consolidated at the top rather than splattered across multiple posts.

    Deal? :)

    So if you spot a broken link, or advice that could be improved, or a new tutorial/link that could be added, please post away.
     
  8. drmike

    drmike Active Member

    Joined:
    Jul 8, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Charlotte, NC
    Agreed, most hosters are in the wrong business. :)

    I used to voleenteer on the phpnuke site and listen all day long to users complain about poor hosting but, if you pointed out that their hoster was the issue, they always went to bat for them saying that they were the best in the world. Made me sick.

    -drmike
     
  9. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider

    There a few issues with doing this.

    1. Why should anyone give away their secrets on how they do security?
    2. Posting such info in public forums is also giving the hackers extra info on how the server is secured.
    3. As I've stated on the forum before, we are all in this industry to make money, end of story. So why would I want to help my competition with things like this? If they have issues all the better for everyone else who may get their business.
    4. Handing people tutorials on every little thing is not the answer, each must learn to fish instead of asking for the fish to be given. ;)
    5. Just because you can follow a tutorial does not mean you are any safer. Tutorials are and should be used as guidelines only and baselines, each system still needs to be looked at and handled individually to ensure proper/better security.

    I know that sounds harsh and self-centered etc... but hey! business is business and in this industry one must do whatever they can to maintain an edge (no matter how small) on it's competition.
     
  10. drmike

    drmike Active Member

    Joined:
    Jul 8, 2004
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Charlotte, NC
    Not that I'm going to do such a thing but I'd bet that would look great on your support forum. :)

    -drmike
     
  11. 000000000

    000000000 Member

    Joined:
    Sep 5, 2004
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    3
    Wow!!

    WOW... you're a born know-it-all. And since that's the case, I'm wondering why you even wast your time in a "support forum". Nevertheless, I'll reply...


    >1. Why should anyone give away their secrets on how they do security?

    Why not? Unlike you everyone else learns these "sacred secrets" from some one.


    >2. Posting such info in public forums is also giving the hackers extra info on how the server is secured.

    FUD, FUD, FUD... Posting such info in public forums helps other people, while lending credibility to the poster as well as the hosting industry as a whole. Hackers (sic) already know how your server is secured.


    >3. As I've stated on the forum before, we are all in this industry to make money, end of story. So why would I want to help my competition with things like this? If they have issues all the better for everyone else who may get their business.

    You reap what you sow. Someday you might not know it all any more (things sometimes do change that fast), and maybe the competition will eat you up instead of helping you, too.

    Actually, if you were not so closed minded you would have realized the financial benefit of sharing such knowledge. Not only would it give you priceless credibiltiy... not everyone (especially newbies) are up to the task of doing it themselves... you could have been making even more $$$ doing it for them.

    But don't sweat it, someone else will rise to the challenge... End of story


    >4. Handing people tutorials on every little thing is not the answer, each must learn to fish instead of asking for the fish to be given.

    That's got to be a thinking error, if I ever heard one. This is the internet (the biggest fishing hole on the planet). Forums are like small fishing spots in that big hole. They help people find information that they might not ever find elsewhere. That is the spirit of the whole thing.

    Tutorials, when they can be found, may not be the answer, but they are a great starting point to learning the question. They are nothing more than helpful guidlines, to stir people in the right direction (not yours)... even more so since every system needs to be handled individually.


    >5. Just because you can follow a tutorial does not mean you are any safer. Tutorials are and should be used as guidelines only and baselines, each system still needs to be looked at and handled individually to ensure proper/better security.

    Read the reply to 4.


    >I know that sounds harsh and self-centered etc... but hey! business is business and in this industry one must do whatever they can to maintain an edge (no matter how small) on it's competition.

    It sounds harsh, self-centered etc... because it is! True, business is business... but smart business is smart business... and fools never seem to grasp this. Apparently the only edge you have on your competition is that you still have a few dollars to play a couple of more rounds. That's why you'll always be #2, and someone else #1.


    -000000000
     
  12. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Would have been better if you had not replied. Ugly/rude post for your first one.
     
  13. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    For people that know me and have been around these forums for a while, they know I have always gone out of my way to help others. I even help other hosting companies with server admin work as well.

    As to the share and share a like notion? How was it put "smart business"? Smart businesses do not tell their competition how to gain an edge over them. Whether that be an IBM, Royal Bank, EV1, etc... none will tell their secrets to their competitors.

    I must also agree with sawbuck, for your first post you left a very bad impression. You treat your clients like that as well?

    And drmike.... - As to posting my other statement on my forum? Not a problem. ;)
     
  14. 000000000

    000000000 Member

    Joined:
    Sep 5, 2004
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    3
    Agreed

    Sawbuck... I agree, it was an ugly rude post, and (sawbuck and dgbaker), I wish that it hadn't been my first, but I really felt compelled to reply to it.

    Both spaceman and drmike made a good suggestion that would make the thread a lot more useful for members and visitors of this forum (especially newbies). They did not ask for selfish, self-serving comments that benefit no one in this forum. The post needed to be replied to. If someone wants to blacklist me for it - so be it.

    Sometimes it is more productive to keep your comments to yourself, rather than run around a forum slapping everyone in the face. Sometimes a slap needs a slap back, and sometimes harsh needs harsh back.

    On a more level headed note... no one will lose anything to their competition by sharing techniques to secure internet servers. Security is an issue that affects the whole hosting industry, whether you are experienced or not. It is us against the Crackers... but if we are always divided against our own on such a simple issue, we will never gain an advantage.

    The first time some jerk hacks a server hosting some of our best potential customers, many of those customers will realize that it is cheaper in the long run to just "secure" their own dedicated server than throw it away on over-priced, unsafe hosting. Then you have new competitors. Where's the profit in that?

    On the subject of "Smart Business," I'm not going to comment any further. Either you see it or you don't. I see it, and I'm sure there are others that do too. Sometimes opportunity just knocks and runs.

    My sincere appologies to anyone I have offended!

    -000000000
     
  15. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hey guys, thanks for the debate and I take your points, but may I suggest that if you want to help, then post away with your hints and tips. And if you don't want to contribute, then that's fine too.

    For me, it's simple. I didn't like getting hacked (it was expensive and time consuming), and I want to (try to) take steps to reduce the chance of it happening again. I'm very happy if along the way I can help others by sharing the experience around. Getting hacked is not nice, and I wouldn't wish it on my worst enemy (well, maybe there are a couple of people :) ), so 'my server is more secure than yours' is not something I'm bothered about competing on.

    I confess that on average I'm more of a taker than a giver in forums - I'm incredibly grateful for the help and support I've received over the years, and I like to give something back where I can.
     
    #15 spaceman, Sep 15, 2004
    Last edited: Sep 15, 2004
  16. dschott

    dschott Member

    Joined:
    May 18, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    best idea ever, if you donno how to do it, hire a security consultant to do it for you.

    why?

    cauz you just wasted 3000 dollars on repairs. my advice? next time spend that 3000 dollars to get a a rock solid network (btw the guy on your aim list who failed his rhse exam is NOT a security consultant, neather is the script kiddie next door) go to google and find your self a respectable security consulting agency and end the annoyance
     
  17. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    1, Perhaps there are reputable web hosting companies out there who are security experts, and for a premium (which we'd expect to pay) will take care of all these security concerns for us as part of the package? If so, make yourself known to us!

    2. Does anyone have any recommendations for security experts or companies who DO offer this sort of service for existing dedicated web servers? I mean, sure, I can and have gone to Google and every man and his dog claims to be a security expert. So how about some solid referrals from someone who is employing such services and is happy to recommend them?
     
  18. Mike Peel

    Mike Peel Active Member

    Joined:
    May 1, 2004
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    Wow - I came into this thread as I'm fairly new to having my own server, and was curious about how to secure it properly. Sadly, a seemingly useful thread quickly turned into a bitching arguament between members...

    I'll point out that there's generally two approaches to software design / management / security - open source, and closed source. I'll use two examples: Linux for OpenSource, Windows for closed. Do I really need to point out which is most secure?

    If people don't share information about potential problems with security setups, and the best ways to sort out these problems, then hackers have their own playground full of people's unprotected servers. If, however, people do share...
     
  19. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
  20. SarcNBit

    SarcNBit Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    1,010
    Likes Received:
    3
    Trophy Points:
    38
    I have to agree with 0000000 here. This is a support forum, and there is nothing wrong (except in the instance I mention below) with someone coming by and requesting detailed tips on how to secure their server.

    If you have developed some proprietary technique that you do not wish to share, then by all means feel free not to share it. The act of not sharing however is going to add little value to this forum which so many people (myself included) value.

    My only problem with this thread is that it is redundant. There has to be at least 2 or 3 other threads that attack this same issue (which lends credibility to some of hazes remarks). If the original poster had something to add, they should have posted to one of the existing threads.

    dgb I am surprised to see you make comments like that. It seems out of character for someone who maintains an open support forum and has been very helpful in these forums. I am going to chaulk it up to lack of coffee/sleep/etc :) :p

    Most of the people here are competitors, but do not forget that they are also colleagues and I think for the most part everyone has done a commendable job of respecting each others business interests. I have learned a tremendous amount about cPanel from this and other forums and would be much worse for wear if no such resources existed.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page