The following is a list of software and configurations that we have now installed to secure, optimize and harden your server. The following software is not resource intensive, therefore you will not see any decrease in performance.
We've installed CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if your system has been compomised. We've ran CHKRootKit on your system and the output returned clean.
We've installed Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits. We've scanned your system with the Rootkit Hunter and it reported that your system is clean.
CSF Firewall has been installed.
Logwatch has been installed now. This program parses through your server's logs and reports to you via e-mail on a daily basis with tabulated information.
SIM (System Integrity Monitor) has been installed on your server now, this software checks all services 24x7 and restarts them if they are down. An e-mail is dispatched a downed service is detected and restarted.
Apache (HTTPD) web server has been optimized and secured. For extra http/php security, we can install mod_security if you would like, it is not installed by default because it can interfere with certain common functions. If you would like mod_security installed, just let us know and we'll be more than glad to install this for you. Additionally, suphp can be added for extra protection in php but suphp is less efficient and more restrictive than regular php mode, so this has to be taken into consideration before installing it. If you would like it installed, please let us know.
MySQL Server has been optimized to perform at it's best under the most common and standard environments.
System Configuration File host.conf has been secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs.
System Configuration File nsswitch.conf has been secured and hardened. We have also optimized it to perform DNS lookups more efficiently.
System Configuration File sysctl.conf has been secured and hardened to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevet other various and similar network abuse.
All of your vulnerable directories (/tmp, /var/tmp, /dev/shm and /usr/local/apache/proxy) have been reviewed and are clean now.
/tmp and /var/tmp have been hardened and secured to prevent the execution of malicious scripts
The old archived logs files that have been rotated located in /var/log have been removed to free up space in the /var partition/directory.
MyTOP has been installed. This is an administrative console based tool for monitoring MySQL threads/processes and performance. You may have to type "mysqladmin create test" before running mytop.
We have setup a root login notification script and logger. This will send an e-mail to 'root' everytime someone logs into your server as root. Also, it will keep track of all logins in a history file located in /var/log/rootlogins
SPRI has been installed now. This program changes the priority of different processes in accordance to their level of importance. You should see at least a 5-20% decrease in the average load level of your server on average.
We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts since they are in the same location on every CPanel server in the world.
!!IMPORTANT!!: If any of your users are using any of those programs, they will no longer work. If you want us to re-enable them, just let us know.
Unused programs have been disabled from the OS of your server. This reduces the chance of being compromised through software exploits on old or deprecated programs.
MultiTail has been installed and gives you the ability to tail (view realtime activity) multiple log files simultaneously.
PHPSysInfo has been installed. This is a GUI (graphical user interface) to your server's vital statistics. You can view it by going to
http://0.0.0.0:2086/phpsysinfo/index.php
Replace 0.0.0.0 with your own server's IP Address. You will have to enter your root login information to gain access as it is protected under your root WHM login.
Telnet has been disabled to prevent insecure transmissions of data and passwords, SSH must be used instead of Telnet, and functions the same way.
SSH has been hardened by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just more secure. If you would like your ssh port changed, or direct root login disabled, just let us know and we'll be more than glad to do this for you.
If you or your datacenter monitors your server by icmp/ping, please let us know.
Fileman (Filemanager developed by gossamer-threads.com) has been installed into WHM with root level permissions. This allows system root files to be edited in an emergency situation when SSH is not accessible. You can access Fileman by going to
http://0.0.0.0:2086/fileman/fileman.cgi
Replace 0.0.0.0 with your own server's IP Address. You will have to enter your root login information to gain access as it is protected under your root WHM login.
!!IMPORTANT!! This simulates SSH access, treat it as such, do not use it unless you are familiar with SSH. Moreover, do not execute any commands you are not fluent with. As with SSH, damage can be done if Fileman is not used properly. If you are unfamiliar with SSH, do NOT use this program. It should be left in case of such an emergency.
Again, this file can only be accessed through WHM while being logged in as root.
Shell Fork Bomb/Memory Hog Protection has been enabled. Fork Bomb/Memory Hog protection will prevent users logged into a shell (ssh/telnet) from using up all the resources on the server and causing a crash.
Background Process Killer has been enabled to kill any of the following which are commonly recognized bad processes: BitchX, bnc, eggdrop, generic-sniffers, guardservices, ircd, psyBNC, ptlink and related services.
A warning message has been created for the SSH login welcome screen. Any user that logs into your server via SSH, will see a message stating 'SSH is for authorized users only and any unauthorized access will be reported to the law enforcement authorities'.
Your FTP server software has been upgraded and secured.
We've ran and simulated a basic password scan hack attempt, the results have been emailed to 'root' and a copy of the results have been saved on your server at /root/security/passwordscanner.output
Please open a separate ticket for the kernel to be checked. Also, if you would like any other security software installed, please let us know so we can review it.
* IMPORTANT * PLEASE READ * IMPORTANT *
Can we guarantee your system will be hacker proof?
No, nobody can! It is 100% impossible to make a server hacker proof, that's a fact. This is even more impossible when vulnerable freeware scripts are so commonly used (forums, bb's, guestbooks, formmails). Nevertheless, even multibillion dollar company's such as banks, government computers, credit card companies, have had server's compromised. We consider our security hardening procedures to make your system hacker resistant. The software we install secures the system without adversely effecting or hindering the normal operations of your server.
Please note that over 99% of hacks come from insecure php scripts. These insecurities in php scripts come from the programming code, and therefore there is absolutely no way search to find "all" insecure scripts.
Remote based hacks are extremely rare. If there is no weak passwords, and no insecure php scripts, you have an very rare chance of ever being hacked.
So as long as you and your users keep all of your scripts up to date, and remove any unused scripts and remove any insecure scripts, then the chances of being hacked through the most common method is greatly reduced. If you feel your users do not know how to check or are not responsible enough to keep their scripts secure, we can secure php by enabling safemode (and other similar restrictions for php such as openbasedir restriction, disabling of commonly exploited functions, phpsuexec, etc.), and this will make php much more secure. However, the downside to doing this is that it will also interfere with a lot of scripts that don't work under these restrictions. If you would like this done, just let us know and we'll be more than glad to.
[root@server ~]#
Sign up with Google
Something like iX?uco\r-i3Y is a bit less likely to be guessed. And this is not just for your own passwords. This is especially true for your clients. If they have the ability to set their own passwords, check if CPanel gives you an option to enforce complexity requirements