Top tips for stopping hackers - contribs please

Status
Not open for further replies.

Lyi

Registered
Sep 7, 2004
3
0
151
While I agree with points from both sides, I feel knowledge such as this is needed and that if nobody posted how-to's then there would be no letting the fisher learn because there would be no pool to learn from.


Here is a thread from servermatrix's forums that is pretty informative on how to do a few things to touch up the security on your server.

How to increase security on a Cpanel Server

Now there are a few others on that board, I'd recommend looking at the Redhat security forum on that board.

And If you need to keep your advantage by keeping the competition hacked then your riding a train waiting to be derailed in the end, because of alot of helpfull folks the knowledge is out there, some just need to be pointed the way.
I'd prefer to point and save them 4-10 hours of fruitless searching to find what they want, because learning the in and outs of searching is only worth the knowledge that is avaliable to be searched anyways.



Lyi
 

mr.wonderful

BANNED
Feb 1, 2004
345
1
166
dgbaker said:
There a few issues with doing this.

1. Why should anyone give away their secrets on how they do security?
2. Posting such info in public forums is also giving the hackers extra info on how the server is secured.
3. As I've stated on the forum before, we are all in this industry to make money, end of story. So why would I want to help my competition with things like this? If they have issues all the better for everyone else who may get their business.
4. Handing people tutorials on every little thing is not the answer, each must learn to fish instead of asking for the fish to be given. ;)
5. Just because you can follow a tutorial does not mean you are any safer. Tutorials are and should be used as guidelines only and baselines, each system still needs to be looked at and handled individually to ensure proper/better security.

I know that sounds harsh and self-centered etc... but hey! business is business and in this industry one must do whatever they can to maintain an edge (no matter how small) on it's competition.
Ummm, awhile ago you were announceing to the whole world that you were GETTING OUT FO THE BUSINESS, then you myseriously came back. Interesting. The above sounds a bit selfish to me!
 

spaceman

Well-Known Member
Mar 25, 2002
513
6
318
ramprage said:
Ahem. http://www.crucialparadigm.com/reso.../how-to-install-BFD-brute-force-detection.php

And all the other tutorials at www.crucialparadigm.com have been ripped from my site without my permission. An email has been sent to the author requesting they remove my tutorials immediately.

http://www.webhostgear.com/60.html is the BFD link

Thank you

Steve
Hi Steve - thanks very much for pointing that out. I've taken your word for it and edited my original post accordingly.
 

spaceman

Well-Known Member
Mar 25, 2002
513
6
318
SANS: The Twenty Most Critical Internet Security Vulnerabilities

Top Vulnerabilities to UNIX Systems
# U1 BIND Domain Name System
# U2 Web Server
# U3 Authentication
# U4 Version Control Systems
# U5 Mail Transport Service
# U6 Simple Network Management Protocol (SNMP)
# U7 Open Secure Sockets Layer (SSL)
# U8 Misconfiguration of Enterprise Services NIS/NFS
# U9 Databases
# U10 Kernel

Full details, including (for each vulnerability) description, os' affected, how to determine if you are vulnerable, how to protect against it:

http://www.sans.org/top20/
 

Ben

Well-Known Member
Aug 19, 2002
77
0
156
I'm not sure if anyone actually answered this or not, I stopped reading when the flaming started.

Turning off compilers

Code:
chmod 700 /usr/bin/*cc*
Mounting /tmp noexec

Code:
Move to directory with 500MB free

cd /home

Stop everything

service chkservd stop
service httpd stop
service mysql stop

Use dd to write 500MB of zero'd out data to it:

dd if=/dev/zero of=tmpfs bs=1k count=512000 

Then, force mke2fs to format it:
 
mke2fs -j -F tmpfs

Okay, so now we have a formatted filesystem inside this file. 

Mount it someplace temporarily: 

mkdir /newtmp 
mount -t ext3 -o loop /home/tmpfs /newtmp 

and copy over files and rm /tmp 

cd /tmp 
cp -ra * /newtmp 
rm -rf * 

Unmount new tmp: 
umount /home/tmpfs

Add the following to /etc/fstab: 

vi /etc/fstab
/home/tmpfs /tmp ext3 loop,noexec 0 0 

Remount: 
mount -a 

Change permissions on the directory: 

chmod 777 /tmp 
chmod +t /tmp

Start everything

service chkservd start
service httpd start
service mysql start

-Note, I had to readd the mysql.sock symlink after I did this

cd /tmp
ln -s /var/lib/mysql/mysql.sock

If /var/tmp isn't symlinked to /tmp do

cd /var
rm -rf tmp/
ln -s /tmp tmp

DONE
As for a firewall, we used iptables, here's what our iptables policy script looks like
Code:
IPTABLES="/sbin/iptables"

#Flush everything, start from scratch
$IPTABLES -F

#Set default policies to DROP
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP

#Allow all lo traffic
$IPTABLES -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

#Allow all connections related and established connections
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -s 24.155.39.207 -j DROP

#Set default OUTPUT policy to ACCEPT
$IPTABLES -P OUTPUT ACCEPT

# Open ports for server/services
$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 37 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 43 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 465 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 465 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 873 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 873 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 995 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 2082 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 2083 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 2086 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 2087 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 2089 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 2095 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 3306 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 6666 -j ACCEPT

#Enable Blogger support (non-standards compliant piece of dog**** that it is)
$IPTABLES -A INPUT -s 66.102.15.83 -j ACCEPT
$IPTABLES -A INPUT -s 216.34.7.186 -j ACCEPT

#Add passive-mode people here
$IPTABLES -A INPUT -s 24.1.79.131 -j ACCEPT

#Logging
$IPTABLES -A INPUT -j LOG --log-prefix "INPUTDEFAULT: "

#Save rules
iptables-save > /etc/sysconfig/iptables

#Restart for rules to take effect
service iptables restart
I'd also reccomend installing and using phpSuExec, which if you use cPanel, can be turned on using /scripts/easyapache

Hope this helps and good luck in fighting off the hackers.
 

stech

Member
Aug 30, 2004
5
0
151
Posting Useful Information

Ben,

You have a lot of nerve interupting this thread to post a bunch of useful information (JK) :cool:

But seriously, thank you for posting, excellent info to have !!
 
Mar 28, 2006
9
0
151
Bad Attitude - recipe for failure

When reading the post quoted I was surprised to find that a representitive of a Server leasing company would put forward this kind of narrow view on how to gain competitive edge in the market. My company leases many Un-managed servers, and in fact has been considering dbbaker's company for some of our future needs. It should be noted that for us to successfully utilize leased servers, we need information that allows us to better manage our servers. I would suggest that unless a company like mine can properly manage and support un-managed/dedicated servers, then there will be no need for us to lease from other companies... we will bring it in house, and build an IT support department ourselves. So if we want to encourage growth in a dedicated/self managed industry, we need to make the management and support of these systems open so that anyone who is willing can properly maintain the servers/systems.

It is key to note: the competitive advantage does not come from just making the servers work, it comes from the perception of value in the marketplace. Both Honda and Kia make cars that work, but there is a perceived distinction in the marketplace that Honda builds better, and therefore higher value cars. This perception translates into increased sales numbers and price numbers.

So, dgbaker, if you would like companies like mine to buy from you, you (and the rest of the support community) have to become partners with your customers, then you can contribute to, and share their success.

* I hope that you realize that my company, even though we want to learn to better manage our servers, do not represent competition to your company, instead we are prospects... so the very information that you suggest you would like to keep from your competition, may be the information that prevents us from becomming your customer.


dgbaker said:
There a few issues with doing this.

1. Why should anyone give away their secrets on how they do security?
2. Posting such info in public forums is also giving the hackers extra info on how the server is secured.
3. As I've stated on the forum before, we are all in this industry to make money, end of story. So why would I want to help my competition with things like this? If they have issues all the better for everyone else who may get their business.
4. Handing people tutorials on every little thing is not the answer, each must learn to fish instead of asking for the fish to be given. ;)
5. Just because you can follow a tutorial does not mean you are any safer. Tutorials are and should be used as guidelines only and baselines, each system still needs to be looked at and handled individually to ensure proper/better security.

I know that sounds harsh and self-centered etc... but hey! business is business and in this industry one must do whatever they can to maintain an edge (no matter how small) on it's competition.
 
Last edited:

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,453
31
473
Go on, have a guess
Please pay more attention to the dates on posts and threads :rolleyes:

The post you have quoted was from 09-15-2004 and your aggression towards someone else is wholy unwarranted, and in the context of these forums, unacceptable.

Please take more care in future.
 
Last edited:
Status
Not open for further replies.