Secure & Optimize VPS/VDS
By bob | April 29, 2008
Here is the method by which you can secure & optimize VPS/VDS
Checking for formmail:
Form mail is used generally by hackers to send out spam email, by relay and injection methods. If you are using matts script or a version of it, you may be in threat.
Command to find pesky form mails:
find / -name “[Ff]orm[mM]ai*”
CGIemail is also a security risk:
find / -name “[Cc]giemai*”
Command to disable form mails:
chmod a-rwx /path/to/filename
(a-rwx translates to all types, no read, write or execute permissions).
(this disables all form mail)
If someone on your vps installs form mail, you will have to let them know you are disabling their script and give them an alternative.
Root kit Checker (rkhunter or chkrootkit)
Check for a root kits via a cron job, by doing this you will regularly check if your server is comprised, and you will be sent regular reports.
To install chkrootkit, login to the server as root and on the command line interface type:
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.47
make sense
To run chkrootkit, type the following on the CLI:
/root/chkrootkit-0.47/chkrootkit
To ensure the highest level of security setup a cronjob that emails you the results on a regular basis.
Setup Email on Root Login (to detect breaches)
If an some one unauthorized gains access to root, you want to be notified - you can do so by doing the following while logged into root:
cd /root
vi .bash_profile
Add the following line:
echo ‘ALERT - Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com
Where your@email.com is your email address.
Save an exit vi: :wq
To change the SSH Legal Message (displayed when you login via SSH), edit /etc/motd to display the message you wish to show.
Securing WHM and cPanel:
By default cPanel/WHM is not setup securely and efficiently, so you will want to optimize the cPanel/WHM settings by doing the following:
Go to: Server Setup -> Tweak Settings
Under Domains tick:
· Prevent users from parking/adding common internet domains (hotmail.com, aol.com, etc)
Under Mail tick:
· Attempt to prevent pop3 connection floods
· Default catch-all/default address behavior for new accounts - set this to FAIL
Under System tick:
· Use jailshell as default on new accounts
Go to: Server Setup -> Tweak Security
· Enable php open_basedir protection
· Enable mod_userdir protection
· Disable compilers for unprivileged users
Go to: Server Setup -> Shell Fork Bomb Protection
· Enable shell bomb/memory protection
When creating reseller packages, be sure to:
· Disallow creation of packages with shell acces
· Disallow creation of packages with full root access
Go to: Service Configuration -> FTP Configuration
· Disable anonymous FTP access
Go to: Account functions -> Manage Shell Acess
· Disable shell access for all users (except yourself)
Go to: MySQL -> Manage Root Password
· Change Root Password for MySQL
Go to: Security -> Quick Security Scan for Trojan Horses, and make sure you don’t have any of the following infected:
· /sbin/depmod
· /sbin/insmod
· /sbin/insmod.static
· /sbin/modinfo
· /sbin/modprobe
· /sbin/rmmod
Update OS and Software:
If you are running cPanel:
· Update cPanel: /scripts/upcp
· Update Apache: /scripts/easyapache
If you are not running cPanel:
· Update OS and software: yum upgrade
General OS Security (do not need to be running cPanel):
Restict SSH access:
For improved security
Topics: Hosting Tools, Linux server & security | No Comments »
Upgrade CentOS 3.3 to 3.4 using yum
By bob | April 16, 2008
centOS freely available linux distribution based on Red Hat Enterprices Linux which is 100% binary compatible with the upstream product and within its mainline and update. It is very stable and great Operating system to work with.
Check here the process to upgrade from CentOS 3.3 to 3.4 using yum;
First step, download
rpm -ivh http://mirror.centos.org/centos/3.4/os/i386/RedHat/RPMS/centos-yumcache-3.1-0.20050105.3.noarch.rpm
rpm -Fvh http://mirror.centos.org/centos/3.4/os/i386/RedHat/RPMS/centos-release-3-4.2.i386.rpm
yum update
Your yum config should look something like the following:
[main]
exclude=mod_ssl* httpd* perl mysql* php* #this is mainly for cpanel servers
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1
[base]
name=CentOS-$releasever - Base
baseurl=http://beta.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
#released updates
[update]
name=CentOS-$releasever - Updates
baseurl=http://beta.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
baseurl=http://beta.centos.org/centos/$releasever/addons/$basearch/
gpgcheck=1
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://beta.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
#centosplus repo - updated packages that extend beyond rhel release versions
#run auto update with this repo enabled only if you know you want extended functonality
#[centosplus]
#name=CentOS-$releasever - CentOSplus
#baseurl=http://beta.centos.org/centos/$releasever/centosplus/$basearch/
#gpgcheck=1
#packages in testing
#[testing]
#name=CentOS-$releasever - Testing
#baseurl=http://beta.centos.org/centos/$releasever/testing/$basearch/
#gpgcheck=1
To avoid any problem for upgrading it is recommended that you backup of your /etc/named.conf file before upgrading.
Topics: Uncategorized | No Comments »
How to FIX cPanel/WHM RNDC Error
By bob | April 9, 2008
You may face cPanel/WHM RNDC error, you need to fix the NDC error before your name servers work, the RNDC error is normally common now however you can easily fix it with couple of steps as metntioned below;
Fixing RNDC error in WHM/cPanel (ndc: connection failed: connection refused)
It is somewhat a common occurrence in cPanel to receive such an error as rndc:
connect failed: connection refused
To get your name servers working, you will need to get rid of this error, it
is quite a simple fix and can be completed in a few minutes via the
standard cPanel /scripts, check these following steps;
1. Login to your server as root via SSH
2. Run: /scripts/updatenow
3. Run: /scripts/fixndc
This will fix your problems some of the time, but if it does not, do the
following steps:
1. Login to your server as root via SSH
2. Run: vi /etc/rndc.conf (or vi /etc/namedb/rndc.conf on FreeBSD)
replace all instances of “rndc-key” with “rndckey”
3. Run: vi /etc/named.conf (or vi /etc/namedb/named.conf on FreeBSD)
replace all instances of “rndc-key” with “rndckey”
4. Run: /scripts/fixnamed
5. Run: /scripts/fixndc
6. If you received an error in the last step, run /scripts/fixndc another
time.
7. Restart named (on RH this is service named restart)
Hope this will fix the problem, in case if you have still any problem, you should consider visit the cpanel forums, or contact directly to the cpanel technical support for more help or assistance.
Topics: cpanel Hosting | No Comments »
Link Organization
By bob | March 28, 2008
Internal linking structure and link organization is important part to meet your SEO objectives, Internal links to your site are the links that reside on pages and help you in search engine optimization; Here are the guideline to improve your linking structure which you should care about while developing your website;
* Don’t underline anything that is not a link, otherwise your customers may click on it and become frustrated, underlines have become synonymous with links on the web.
* Underline your links and use a consistent color for them across your site (the standard color is blue).
* Use a different color for visited links, so that your visitors know where they’ve been (opt for a more subdued tone of the unvisited links color).
* When linking to a non-HTML file, such as Excel, Word or Acrobat, make it evident, by including a small icon next to the link or text identifying the link.
* Don’t link to “under construction” pages, if they are not finished, do not add them to your site’s navigation.
* Make sure that your links work and that you don’t have broken links. There are free online tools that can help you with this.
* If you use graphic links, don’t forget to use the ALT attribute. The ALT attribute should describe what are you linking to.
Topics: SEO, web design | No Comments »
Optmize Website Navigation
By bob | March 28, 2008
The navigation of a website should be a major part of a website since your websites navigation should meet the expectations of people, here are few point you should consider while designing your website.
* Design your pages to load in less than 5 seconds on a 56K modem.
* Group your navigational options in relevant categories.
* Use common names for your menu options: Home, About Us, Contact Us, Help, Products. Avoid “clever” or “trendy” alternatives.
* If your site uses Flash, provide also an HTML version for users who prefer a less fancy, faster site.
* Provide simple text navigation links at the bottom of long pages, so users don’t need to scroll back up.
* Link your logo to your homepage, except in the homepage itself. Put a link to your homepage on all your internal pages.
* Display a “breadcrumb trail”; it is basically the path from the homepage to the page where you are. A breadcrumb trail looks like this: Home > Section > Sub-Section > Page, and it greatly facilitates navigation.
* If your site is too big, provide Search capabilities. Include a search box in the upper right corner of your homepage, and a link to a Search page from your interior pages.
* Set your search box to search your site, not to search the web.
* Create a custom error page that displays a simple site map with links to the main sections of your site. this is the way, you will not lose visitors that have followed a bad link to your site or who have misspelled your URL while typing.
Topics: web design | No Comments »