Requesting some Tips and Tricks
Hey guys,
I recently had my server hacked and had a 24 hour tennis match with the server.
I've finally got some confidence that I have the server back.
But I need to make sure that this doesn't happen again,
One of the things I'd like to do is only allow root access from my particular IP or Australian Region (most of the time the attacks are overseas)
I'd also like to change the port for my SSH, I looked in to how to change it but I cant seem to get it right.
I opened the config file via FTP but didnt see anything about ports, and I also tried a suggested "#port 22"
command that didn't really help. Could someone give me a step by step as to how to do this?
Only allowing root access from a particular IP would be great. and I would feel most comfortable with it.
And please give me some tips on how to keep my server secure. I'm not sure if it's possible to check but they may have installed a backdoor to the server. Although I did some scans with RKhunter and didn't pick up on much.
Even if you can recommend a commercial Security Plugin that doesn't cos and arm and a leg and my first child, That'd be great too..
Thanks.
-
Hello, Only allowing access to your server from a specific IP address or range of IP addresses, will require a firewall. If you don't already have one, I recommend CSF. To change the port on ssh, you're on the right track. Be very careful however, one wrong move and you could easily disable access to your server via SSH. You should connect via SSH to your server, and edit the /etc/ssh/sshd_config file. Uncomment that line # Port 22 and change it to any non-used port. (something like 22122), so that it then reads: Port 22122 Save the file and reload SSH (but do NOT log out of your current window until you have tested that it works with the new setting). Finally, I recommend reading the following: Securing Your Server 0 -
Hi Peter, Thanks for your reply. I managed to change the SSH Ports earlier, The information that you provided me was the same information that I've found in other sources..Except one. I found an article on how to change the SSH Port. and apparently you need to open the file with [QUOTE] vi /etc/ssh/sshd_config file
then edit the file with vi commands. Im not sure if there is another way but i couldn't figure it out, But the vi editor way worked well. I've already got CSF installed, I went through the security check and corrected some issues that I had. Also decided to add some Host Access Control permissions and set WHM and FTP to only be accessed via my IP And also changed the port of SSH. but didn't restrict it to my IP in case my IP Changes. I think I might be secure enough to unblock the world from the server. But I'll look further in to protection and see what else I can do first. Would you also know if I can restrict access to ports? Like my SSH port and 2087 to only my IP? I dont have any reseller accounts, Nor do I want or need them. Thanks0 -
Hello, Yes, CSF will allow you to protect any service by ports. Instructions on how to do so are in /etc/csf/readme.txt 0 -
Hello, You need to scan complete server on first priority also please see if there are any root symlinks are available. This kind of attack generally occurs when root level hacking occurred. I would suggest you to have a look on below security checklist that you should perform : ================================== CSF hardening Installing Mod-Security Installing Clamav Anti Virus Installing Maldet Installing LSM Installing PRM Lockdown & Hardening the Root Password Secure SSHD Port sysctl.conf Hardening host.conf Hardening Network Security with hosts.allow & hosts.deny nsswitch.conf Hardening Enable DDOS Protection Root Login Email Notifications Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm) Security Updates as released by OS and/or Control Panel Disable Unwanted Services Enable PHP Open_Basedir Protection Enable mod_userdir Protection Securing Console Access PHP5 Hardening with disabling php functions. ================================== Thank you 0
Please sign in to leave a comment.
Comments
4 comments