Portal Home > Knowledgebase > Articles Database > How to secure my site
How to secure my site
| Posted by NiklasR, 05-07-2010, 02:45 AM |
| I have a new vps can you please instruct me how to secure?
|
| Posted by net, 05-07-2010, 02:46 AM |
| You need to secure your vps first before you secure your site.
|
| Posted by BlaZeX, 05-07-2010, 02:49 AM |
| Refer these articles
Deny Host Protection
RootKit Hunter
Secure /tmp partition
Also install CSF & BFD
Google a bit about Server security & optimization and alot of result will come up
|
| Posted by NiklasR, 05-07-2010, 02:51 AM |
| thats what I want I want to secure vps but how?
|
| Posted by madlymasterful2018, 05-07-2010, 02:57 AM |
| Secure in terms of what?? I am sorry i do not understood your question correctly? In terms of transactions or speed or what??
|
| Posted by NiklasR, 05-07-2010, 02:58 AM |
| thank you blazex to the links very informative
|
| Posted by NiklasR, 05-07-2010, 03:01 AM |
| I want it free from hacking
|
| Posted by BlaZeX, 05-07-2010, 03:06 AM |
| Hacking Prevention Tips :
Use long 32 character strong password
Change your SSH Port
Never login from anyone's computer, nor from any RDP
Analyze your root files every 2-3 days
Check logs
Run RootKit Hunter once per day
If you do that, there'd be less chances of getting your VPS hacked
|
| Posted by NiklasR, 05-07-2010, 03:11 AM |
| I already changed my port but how can I Analyze my root files is there an application for this?
|
| Posted by madlymasterful2018, 05-07-2010, 03:25 AM |
| Yes, there used be one java application with me before which used to find out the volatile files which can be easily hacked.
I think there is the one from HP as well. It is paid one but they are providing 30 days trial period. I think you can search for it over interent.
|
| Posted by AppKoders, 05-07-2010, 04:28 AM |
| I suggest you intall csf/lfd instructions can be found here http://configserver.com/free/csf/install.txt
|
| Posted by inspiron, 05-08-2010, 07:36 PM |
| You should secure your /tmp partition as the mostly the attacks are targeted through this partition only.
|
| Posted by PPOwens, 05-08-2010, 08:09 PM |
| Install firewall (csf/apf)
DDos deflate
Config security
Secure /tmp
Disallow php overrides
use suphp
Change ssh port
Use access keys
Rootkit hunter
Disable dangerous functions
Block php shells
install suhosin
Install mod security and download latest rules
Change root password regular
Secure apache
Thats just some tips but that will help you a long way. Try getting some tuts
|
| Posted by VMhostsTech, 05-08-2010, 08:44 PM |
| Hello,
1. Install ConfigServer Firewall
2. Stop unnecessary processes
3. Install Logcheck
4. Install Logwatch
5. If cpanel server then secure WHM configuration
6. Secure OpenSSH configuration
7. Switch from proftpd to pure-ftpd
8. Install Rootkit Hunter
9. Install Chkrootkit
10. mod_security
11. mod_evasive
12. Secure name server configuration
13. Disk check
14. Apache tune and security configuration
15. MySQL optimisation
16. Secure /tmp /var/tmp /dev/shm
17. Delete unnecessary OS users
18. Disable open DNS recursion
19. PHP hardening
20. phpsuexec
21. Initial cPanel configuration
Please note that the server hardening should be done by experts as this pose huge risk to the server stability if a novice tries to configure the server.
|
| Posted by chicken_chaser, 05-10-2010, 04:39 AM |
| Please explain secure /tmp directory, with a reference to some examples or point to a reference on that. Not sure if that means renaming the directory, giving it an alias, putting a .htaccess file in the directory, or just making sure the permissions are set to read only to the public.
Some of us are renting servers that we do not configure, we just expect them to be working, and figure part of the rental includes making sure you have to intentionally do something to break the server, you get a server working out of the box with reasonable security?
I would be nice to see some kind of rating organization out there that can test default configurations for these companies, if some of us knew how to configure a server correctly, we would not be renting shared server space unless we just wanted to save money, and we can't upgrade services and use more bandwidth with broken boxes.
I already know that many of them are not secure enough to accept personal information as configured out of the box, and I assume that's par for the course where you have to spend money to make money, don't accept personal info without spending dough on security certificates, etc. On the other hand you don't want to be wasting your time trying to nurse a site with mysterious problems not making any money on a shoe string budget, into something that can grow, simply because you are renting from a company that has no idea how secure their servers are, and if they don't know, you probably don't either?
Thanks for your time.
|
| Posted by ximike2022, 07-05-2010, 02:19 AM |
| Sorry,I can not understand your question very well.Can you tell me what do you want to save in a detailed way,hope I can do thing for you.
|
| Posted by vps_ghost, 07-20-2010, 03:05 AM |
| for example?don't understand it completely.
|
| Posted by akasharya, 07-20-2010, 03:26 AM |
| 1.Configure sudo instead of root access and disable the direct root access or you can put some code in bashrc file of root which will mail you everytime root logs in to the system. You can put this line in bashrc without quotes " echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d"(" -f2 | cut -d")" -f1`" user@example.com"
2.Mount /tmp partition with noexec and nosuid option.
3.install mod_security in apache.
4.install nobody checks, its very useful for killing malicious process and can be configured with WHM, Plesk.
5.Configure logwatch
6.Install rkhunter and chkrootkit.
7. Secure your ssh configuration and also change default port to some higher number like 1900 or something like that + disable root login in sshd_config.
8. Configure csf/lfd or you can configure fail2ban with other firewalls.
9. Secure your php.ini
Look for the lines and make sure you have the lines as below..
disable_functions = exec,system,shell_exec,passthru
register_globals = Off
expose_php = Off
magic_quotes_gpc = On
10. Install mod_evasive
and try google for more security tips.
|
| Posted by Jeremy, 07-20-2010, 11:28 AM |
| change your passwords and block ports 80 443 20 and 22
|
| Posted by vps_ghost, 07-20-2010, 12:38 PM |
| So I can rebuild a /tmp partition in a VPS?
(now it just have a devpts)
Last edited by vps_ghost; 07-20-2010 at 12:45 PM.
|
| Posted by vps_ghost, 07-20-2010, 01:04 PM |
| It means fcsk, df and so on? or other means?
Thanks.
|
| Posted by keserhosting, 07-21-2010, 09:35 PM |
| Hey, I found this thread for you its old but very helpful,
http://www.webhostingtalk.com/showthread.php?t=468168
|
| Posted by vps_ghost, 07-22-2010, 02:28 AM |
| Thanks, It's a useful tread for me.
Just a little comment,
discuss for detail, if some one could give a point,
I believe all we can find much on the net.
Usually, we saw howto, step by step..
but this guide can't suitable every kind environment.
(this teach us how-to do this on CentOS, but you use debian,
or It's for exim, but i use postfix..etc)
you must find what you can use on your env and,
have ability to opreater it really, not just follow a doc/guide.
or maybe you would make big trouble, then we will see many asker:
why it didn't work or how to recuperate it.
So I just ask the basic, waht's "xxx" means, for what, for why?
If I can do this on a "yyy" env.
If get the point, I would know/try how/where to find about it.
otherwise it's unclear to me, I don't know how/where to proceed.
Hope I expressed it clearly.
Last edited by vps_ghost; 07-22-2010 at 02:32 AM.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
