The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ways to Prevent Hacker? Expert please come and help

Discussion in 'General Discussion' started by samtam, Jun 14, 2003.

  1. samtam

    samtam Active Member

    Joined:
    Jun 14, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    CaN some experts teach me some ways of preventing hackers for cpanel..I.E which type of firewall they will recommend etc.

    cPanel.net Support Ticket Number:
     
  2. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Remove the cat5 cable from your server. Problem solved.
     
  3. samtam

    samtam Active Member

    Joined:
    Jun 14, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    What a funny guy you are...

    cPanel.net Support Ticket Number:
     
  4. hostito

    hostito Active Member

    Joined:
    Mar 9, 2003
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
    I would

    1) "man ipchains" or man iptables
    2) block all unecessary ports.
    3) Lock ssh port to required IPs.

    Also, chmod 000 wget and /usr/bin/gcc and /usr/bin/cc and such compilers. turn them on only when you want to use them.

    Also you can read about editing fstab to limit behaviour in your tmp directory which is common for hacker kid downloads and such.

    These are a few suggestions. I hope you find them useful :)

    Using the search feature on this forum will yield many such suggestiongs, nothing new in what I have to say ;)

    cPanel.net Support Ticket Number:
     
  5. DWHS.net

    DWHS.net Well-Known Member
    PartnerNOC

    Joined:
    Jul 28, 2002
    Messages:
    1,569
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    LA, Costa RIca
    cPanel Access Level:
    Root Administrator
    This ones huge unless they can mask the i.p. allowed.

    Still probably the single most effective way to start in securing your server.

    -Charles

    cPanel.net Support Ticket Number:
     
  6. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Chmoding your compilers to 000 means very little as far as security is concerned. Recently, i visted a box that was almost hacked. The only thing that saved this box was the firewall. Anyway the hacker got into the box though a phpbb vuln and dropped the .c file in the /tmp directory. When he realized that he couldnt compile the dam thing he proceeded to download the binary version of the same program and dropped that in temp. Big deal for chmodding your compiler pgms to 000 when they will get the binary version of the same thing. Then he attempted to log into the system though his special port but couldnt gain access. I found the pgm and removed it which killed his attemps at getting in.

    The moral of the story? Chmodding the compilers means jack! It doesnt work!

    cPanel.net Support Ticket Number:
     
  7. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Impossible, how many people do you think have static ips? 99.9% of server admins are using a dynamic ip. This is not as important as making sure that you are running a version of Openssh that is not vuln!

    cPanel.net Support Ticket Number:
     
  8. aussie

    aussie Member

    Joined:
    Jan 2, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Locking SSH to certain IPs

    What are tha actual Ipchains or iptables commands to limit SSH access to say IPs aaa.bbb.ccc.ddd and eee.fff.ggg.hhh.

    Can someone give examples? Are there batch files anywhere which contain sample firewall commands suitable for helping secure a Cpanel box?

    Michael

    cPanel.net Support Ticket Number:
     
  9. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!

    If WHM news says that my version of Openssh is "ok" should I believe it? I have openssh v 0.9.6b is that good?

    cPanel.net Support Ticket Number:
     
  10. ThunderHostingDotCom

    ThunderHostingDotCom Well-Known Member

    Joined:
    Nov 18, 2002
    Messages:
    450
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    All over!

    Ok, now can you give explination on how to do each of these please? Thank you!

    cPanel.net Support Ticket Number:
     
  11. raventec

    raventec Well-Known Member

    Joined:
    Apr 19, 2003
    Messages:
    120
    Likes Received:
    0
    Trophy Points:
    16
    samtam,

    I'm not an expert by a long shot... and if I was, I sure wouldn't be stating I was on this forum LOL!
    For a firewall for iptables, I'd say APF http://forums.r-fx.net/apf.php I'm not sure what the BEST firewall is, but it works for me.
    It's my understanding that the version of openSSH from cpanel is already patched, but I like to keep it updated anyhow and set to only use ssh protocol2 and disallow root login's.

    cPanel.net Support Ticket Number:
     
  12. samtam

    samtam Active Member

    Joined:
    Jun 14, 2003
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Thank you so much for all your help..

    cPanel.net Support Ticket Number:
     
  13. cass

    cass Well-Known Member

    Joined:
    Jul 17, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Argentina/USA/Mexico
    raventec :

    pico /etc/ssh/sshd_config

    config ssh from there, for ex:
    change:
    #Protocol 2,1
    #ListenAddress ::

    (just protocol 2, on just one IP address)
    Protocol 2
    ListenAddress 123.132.123.123

    then search for PermitRootLogin and put :
    PermitRootLogin no


    Regards.

    cPanel.net Support Ticket Number:
     
  14. compunet2

    compunet2 Well-Known Member

    Joined:
    Feb 21, 2003
    Messages:
    310
    Likes Received:
    0
    Trophy Points:
    16
    Does the ListenAddress support wildcards? Can I put in 123.123.*


    cPanel.net Support Ticket Number:
     
  15. MySundown

    MySundown Well-Known Member

    Joined:
    Jun 2, 2003
    Messages:
    128
    Likes Received:
    0
    Trophy Points:
    16
    So true! My ip changes like crazy (every few hours!) and I'm on a cable modem :( Also, my ISP has so many ips, some are 66.xxx.xxx.xxx, and some are 216.xxx.xxx.xxx, there's so many different ranges that allowing only those doesn't help me at all :(

    Also, doesn't accessing ssh through a proxy server override the whole ip blocking method, since the server will see the proxy's ip, not yours?

    cPanel.net Support Ticket Number:
     
  16. Tox

    Tox Member

    Joined:
    Aug 12, 2002
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible to only allow a certain IP to get access via SSH but kill this setting when rebooting? (in case your IP change as you can then just reboot and enter your new IP)

    cPanel.net Support Ticket Number:
     
  17. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    dont chmod 000 wget or your compilers... if anything chmod 0700 them, if somebody can run them with 0700 perms you have a problem already.

    Also leave wget alone, anybody who wants to put a file on the server can do so many other ways, cpanel used wget alot, i wouldnt restrict the cpanel user from using it.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page