My site got hacked into last night along with others.
Please help me to suggest what to do for secure my server and website.
My Dedicated Server Get Hacked?
-
florencelouise636
- Posts: 9
- Joined: Wed Jan 21, 2015 4:02 pm
Re: My Dedicated Server Get Hacked?
To secure your dedicated server some tips are here.
1. Updating cPanel
The first thing you want to do is to make sure you have the latest version of CPanel running. You can update cPanel by going to “WHM > CPanel > Upgrade to Latest Version”. You can also achieve the same thing using this command line:
# /scripts/upcp --force
In order to have your server updated automatically, I recommend you enable daily updates by going to “WHM > Server Configuration > Update Preferences”
2. Securing cPanel and WHM Access
When using an unsecured connection to cPanel and WHM, your username and password are sent as clear text over the Internet. It is advised to use SSL to secure all accesses to both control panels. From WHM, click on “Server Configuration > Tweak Settings” and configure the redirection parameters as follow:
cPanel / WHM SSL Redirection
3. Securing SSH
SSH is among the services mostly vulnerable to Brute Force Attacks. The default SSH configuration allows root access on the default port (22). Here’s how to secure the SSH daemon:
Establish an SSH connection to your server and connect as root.
Edit the SSH daemon configuration file:
# nano /etc/ssh/sshd_config
Set a different port for incoming SSH connections by changing this line:
Port 22 to: Port *****
Disable SSH root login by changing this line:
#PermitRootLogin yes
to:
PermitRootLogin no
Save the file and restart the SSH daemon:
# service sshd restart
In order to gain root access through SSH, you will now need to log on as a regular user and then become root by issuing the command:
# su - root
4. Securing Apache and PHP
cPanel allows to easily make and compile Apache and PHP using Easy Apache. The first step in securing Apache and PHP is to update both components to the latest version:
Log in to WHM and go to “Softwares > EasyApache (Apache Update)”.
On the first page, select “Previously Save Config” so that you can reuse your server’s current settings.
Click on “Start customizing based on profile”.
When prompted to select which Apache version to build, select the latest stable version.
On the next page, click on “Exhaustive Options List”.
Check the following options: Mod SuPHP, Mod Security and “Save my profile with the appropriate PHP 5 options…”. Leave all other the options set as they were.
Click on “Save and build”.
At this point, rebuilding Apache and PHP may take up to 30 minutes depending on the speed of your server.
Next you must configure suPHP as the PHP handler. By enabling suPHP, the files created by PHP scripts will be possessed by the website’s user account instead of the account running the Apache process.
To enable suPHP go to “WHM > Service Configuration > Configure PHP and suEXEC”, select “suphp” and click on “Save New Configuration”:suphp
In order to prevent malicious PHP scripts from opening files outside of their home directory, it is recommended to enable open_basedir:
Log into WHM and go to “Security Center >Security Center> PHP open_basedir Tweak”.
Check “Enable php open_basedir Protection”.
Click on “Save”.
The Apache server should restart automatically once this is done.
In order to make open_basedir work correctly, you will need to create a file named “php.ini” for each account and place it in their “public_html” directory with the following content:
open_basedir = "/home/ [username]/public_html/:/path/to/other/folders/"
This will prevent PHP scripts from accessing files located outside of the defined folders.
Finally, here are some recommended settings for PHP. Go to “WHM > Service Configuration > PHP Configuration Editor” and select “Advanced Mode”. Configure the following parameters:
register_globals: Off
disable_functions: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
Click on “Save” when you’re done. The new settings won’t take effect until your restart Apache. Go to “WHM > Restart Services > HTTP Server (Apache)” to restart the service.
5. Disabling Anonymous FTP Access
To prevent anonymous users from uploading files to your server, go to “WHM > Service Configuration > FTP Server Configuration” and set “Allow Anonymous Logins” and “Allow Anonymous Uploads” to “No”.
6. Increasing Required Password Strength
Use more complex passwords by going to “WHM > Security Center > Password Strength Configuration”.
7. Enabling cPHulk
cPHulk protects your web servers from Brute Force Attacks by blocking suspect IP addresses for a predetermined period. To enable it, go to “WHM > Security Center > CPHulk Brute Force Protection” and click on “Enable”.
cphulk
If you’re connecting from a static IP address, you can add it to cPHulk’s white list to avoid locking yourself out of your own server.
8. Installing ClamAV Antivirus
While Linux servers are not prone to viruses as much as Windows-based servers, it is nonetheless a good practice to install an antivirus. Even if your web server is not infected, it could still host a virus intended to infect visitors to your website.
ClamAV is available for cPanel servers as a plugin. Here’s how to enable it:
Go to “WHM > cPanel > Manage Plugins”.
Select “Install and keep updated” next to ClamAV and click on “Save”.
One the ClamAV plugin installation is completed, reload your WHM control panel so that the main menu is updated.
Click on “WHM > Plugins > Configure ClamAV Scanner” and select all four (4) options:
clamav
Click on “Save”.
9. Installing a Rootkit hunter
A “rootkit” is basically a malicious computer program that is running on your server in “stealth mode”. The rootkit allows the attacker to gain root access to your server without you noticing it.
In order to detect rootkit on a cPanel server, you will need to install a rootkit scanner such as the Rootkit Hunter:
Log on to your server through SSH as a regular user and then become root:
# su - root
Download the latest version of rkhunter from http://sourceforge.net/projects/rkhunte ... urce=files:
# wget http://downloads.sourceforge.net/projec ... ter/1.4.0/
rkhunter-1.4.0.tar.gz
Extract the content from the archive:
# tar xvzf rkhunter-1.4.0.tar.gz
Launch the installer:
# cd rkhunter-1.4.0
# ./installer.sh --install
Fill the file properties database:
# rkhunter --propupd
To scan for rootkits as root, run the following command:
# rkhunter --check
10. Installing a Firewall
One of the most popular firewall software for cPanel servers is ConfigServer Security and Firewall. CSF not only acts as firewall by scanning various authentication log files, it will also scan your entire system and give you recommendations as to what you can do to increase security.
Installing CSF is quite easy:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Once you’ve installed CSF, go to “WHM > Plugins > ConfigServer Security&Firewall” and click on “Check Server Security” to get a list of tips to secure your web server.
Don’t forget to open the new SSH port you’ve defined earlier otherwise CSF will block it. To do this, go to “WHM > Plugins > ConfigServer Security&Firewall > Firewall Configuration”. Find the parameter named “TCP_IN” and add the SSH port to the list.
1. Updating cPanel
The first thing you want to do is to make sure you have the latest version of CPanel running. You can update cPanel by going to “WHM > CPanel > Upgrade to Latest Version”. You can also achieve the same thing using this command line:
# /scripts/upcp --force
In order to have your server updated automatically, I recommend you enable daily updates by going to “WHM > Server Configuration > Update Preferences”
2. Securing cPanel and WHM Access
When using an unsecured connection to cPanel and WHM, your username and password are sent as clear text over the Internet. It is advised to use SSL to secure all accesses to both control panels. From WHM, click on “Server Configuration > Tweak Settings” and configure the redirection parameters as follow:
cPanel / WHM SSL Redirection
3. Securing SSH
SSH is among the services mostly vulnerable to Brute Force Attacks. The default SSH configuration allows root access on the default port (22). Here’s how to secure the SSH daemon:
Establish an SSH connection to your server and connect as root.
Edit the SSH daemon configuration file:
# nano /etc/ssh/sshd_config
Set a different port for incoming SSH connections by changing this line:
Port 22 to: Port *****
Disable SSH root login by changing this line:
#PermitRootLogin yes
to:
PermitRootLogin no
Save the file and restart the SSH daemon:
# service sshd restart
In order to gain root access through SSH, you will now need to log on as a regular user and then become root by issuing the command:
# su - root
4. Securing Apache and PHP
cPanel allows to easily make and compile Apache and PHP using Easy Apache. The first step in securing Apache and PHP is to update both components to the latest version:
Log in to WHM and go to “Softwares > EasyApache (Apache Update)”.
On the first page, select “Previously Save Config” so that you can reuse your server’s current settings.
Click on “Start customizing based on profile”.
When prompted to select which Apache version to build, select the latest stable version.
On the next page, click on “Exhaustive Options List”.
Check the following options: Mod SuPHP, Mod Security and “Save my profile with the appropriate PHP 5 options…”. Leave all other the options set as they were.
Click on “Save and build”.
At this point, rebuilding Apache and PHP may take up to 30 minutes depending on the speed of your server.
Next you must configure suPHP as the PHP handler. By enabling suPHP, the files created by PHP scripts will be possessed by the website’s user account instead of the account running the Apache process.
To enable suPHP go to “WHM > Service Configuration > Configure PHP and suEXEC”, select “suphp” and click on “Save New Configuration”:suphp
In order to prevent malicious PHP scripts from opening files outside of their home directory, it is recommended to enable open_basedir:
Log into WHM and go to “Security Center >Security Center> PHP open_basedir Tweak”.
Check “Enable php open_basedir Protection”.
Click on “Save”.
The Apache server should restart automatically once this is done.
In order to make open_basedir work correctly, you will need to create a file named “php.ini” for each account and place it in their “public_html” directory with the following content:
open_basedir = "/home/ [username]/public_html/:/path/to/other/folders/"
This will prevent PHP scripts from accessing files located outside of the defined folders.
Finally, here are some recommended settings for PHP. Go to “WHM > Service Configuration > PHP Configuration Editor” and select “Advanced Mode”. Configure the following parameters:
register_globals: Off
disable_functions: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
Click on “Save” when you’re done. The new settings won’t take effect until your restart Apache. Go to “WHM > Restart Services > HTTP Server (Apache)” to restart the service.
5. Disabling Anonymous FTP Access
To prevent anonymous users from uploading files to your server, go to “WHM > Service Configuration > FTP Server Configuration” and set “Allow Anonymous Logins” and “Allow Anonymous Uploads” to “No”.
6. Increasing Required Password Strength
Use more complex passwords by going to “WHM > Security Center > Password Strength Configuration”.
7. Enabling cPHulk
cPHulk protects your web servers from Brute Force Attacks by blocking suspect IP addresses for a predetermined period. To enable it, go to “WHM > Security Center > CPHulk Brute Force Protection” and click on “Enable”.
cphulk
If you’re connecting from a static IP address, you can add it to cPHulk’s white list to avoid locking yourself out of your own server.
8. Installing ClamAV Antivirus
While Linux servers are not prone to viruses as much as Windows-based servers, it is nonetheless a good practice to install an antivirus. Even if your web server is not infected, it could still host a virus intended to infect visitors to your website.
ClamAV is available for cPanel servers as a plugin. Here’s how to enable it:
Go to “WHM > cPanel > Manage Plugins”.
Select “Install and keep updated” next to ClamAV and click on “Save”.
One the ClamAV plugin installation is completed, reload your WHM control panel so that the main menu is updated.
Click on “WHM > Plugins > Configure ClamAV Scanner” and select all four (4) options:
clamav
Click on “Save”.
9. Installing a Rootkit hunter
A “rootkit” is basically a malicious computer program that is running on your server in “stealth mode”. The rootkit allows the attacker to gain root access to your server without you noticing it.
In order to detect rootkit on a cPanel server, you will need to install a rootkit scanner such as the Rootkit Hunter:
Log on to your server through SSH as a regular user and then become root:
# su - root
Download the latest version of rkhunter from http://sourceforge.net/projects/rkhunte ... urce=files:
# wget http://downloads.sourceforge.net/projec ... ter/1.4.0/
rkhunter-1.4.0.tar.gz
Extract the content from the archive:
# tar xvzf rkhunter-1.4.0.tar.gz
Launch the installer:
# cd rkhunter-1.4.0
# ./installer.sh --install
Fill the file properties database:
# rkhunter --propupd
To scan for rootkits as root, run the following command:
# rkhunter --check
10. Installing a Firewall
One of the most popular firewall software for cPanel servers is ConfigServer Security and Firewall. CSF not only acts as firewall by scanning various authentication log files, it will also scan your entire system and give you recommendations as to what you can do to increase security.
Installing CSF is quite easy:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Once you’ve installed CSF, go to “WHM > Plugins > ConfigServer Security&Firewall” and click on “Check Server Security” to get a list of tips to secure your web server.
Don’t forget to open the new SSH port you’ve defined earlier otherwise CSF will block it. To do this, go to “WHM > Plugins > ConfigServer Security&Firewall > Firewall Configuration”. Find the parameter named “TCP_IN” and add the SSH port to the list.
-
Chloeyoung
- Posts: 10
- Joined: Wed Jan 21, 2015 2:21 pm
Re: My Dedicated Server Get Hacked?
When you engage a server for website, email or printing, securing your server requires a little planning and regular updates so you are never left without a space of your own.
Passwords, Account Policies and Files
Step 1
Install the OS of the server and change the root password. Don’t use the password the hosting company sent. Use a seven-character complex password with numbers, uppercase and lowercase letters plus symbols. Longer passwords are recommended, as is changing the password on a regular basis, usually at least once every 3months.
Step 2
Change your root password after installation and create a password policy for you and your users. Be sure your root and your personal account password are unique.
Step 3
Arrangement an account lockout policy to prevent brute force attacks.
Step 4
Set up permissions to files and folders for your users, delete or modify shared resources.
Firewall, Antivirus and Updates
Step 1
Make sure you have a local firewall to protect against unauthorized access. Install Window software firewall, iptables on Linux or a third-party firewall .Your firewall should be configured so incoming and outgoing traffic is not only checked but blocked if not suitable.
Step 2
Install antivirus software on your server.
Step 3
Operating system up to date on all patches and hot fixes so any security holes are plugged quickly. You can organize Microsoft Updates to check for updates, but allow you to check the updates before applying them to your server to make sure updates don’t impact performance and do apply to your server. Update your firewall and antivirus commonly.
Physically Secure the Server and Monitor Your System
Step 1
Put your dedicated server in a physically secure environment suitable to its role. It is quite simple to hack a server once someone has physical access by connecting a USB stick, installing software from a CD or DVD or even connecting a hardware key logger to record your username and password.
Step 2
For a business e-commerce dedicated server you may require at least a commercial data center with guards, closed circuit television and retina scanner access.
Step 3
Check your server by paying attention to firewall and antivirus alerts. If you overlook warnings, you might miss information allowing a virus or hacker access to your system when software was not able to stop them.
Passwords, Account Policies and Files
Step 1
Install the OS of the server and change the root password. Don’t use the password the hosting company sent. Use a seven-character complex password with numbers, uppercase and lowercase letters plus symbols. Longer passwords are recommended, as is changing the password on a regular basis, usually at least once every 3months.
Step 2
Change your root password after installation and create a password policy for you and your users. Be sure your root and your personal account password are unique.
Step 3
Arrangement an account lockout policy to prevent brute force attacks.
Step 4
Set up permissions to files and folders for your users, delete or modify shared resources.
Firewall, Antivirus and Updates
Step 1
Make sure you have a local firewall to protect against unauthorized access. Install Window software firewall, iptables on Linux or a third-party firewall .Your firewall should be configured so incoming and outgoing traffic is not only checked but blocked if not suitable.
Step 2
Install antivirus software on your server.
Step 3
Operating system up to date on all patches and hot fixes so any security holes are plugged quickly. You can organize Microsoft Updates to check for updates, but allow you to check the updates before applying them to your server to make sure updates don’t impact performance and do apply to your server. Update your firewall and antivirus commonly.
Physically Secure the Server and Monitor Your System
Step 1
Put your dedicated server in a physically secure environment suitable to its role. It is quite simple to hack a server once someone has physical access by connecting a USB stick, installing software from a CD or DVD or even connecting a hardware key logger to record your username and password.
Step 2
For a business e-commerce dedicated server you may require at least a commercial data center with guards, closed circuit television and retina scanner access.
Step 3
Check your server by paying attention to firewall and antivirus alerts. If you overlook warnings, you might miss information allowing a virus or hacker access to your system when software was not able to stop them.
-
jessicaroberts764
- Posts: 6
- Joined: Sat Feb 20, 2016 5:55 pm
Re: My Dedicated Server Get Hacked?
This is why dedicated servers are at such a high risk of being infected with malware. Malware has the ability to duplicate sensitive databases and then provide others access to them. Use a hosting company that scans your server for weaknesses on a regular basis to secure your dedicated server against malware.
-
joshuamatthew254
- Posts: 12
- Joined: Wed Jan 21, 2015 5:18 pm
Re: My Dedicated Server Get Hacked?
Follow these best measures to make your dedicated server safe:
1. Make sure you have the latest security updates and patches installed.
2. Run virus scans on a regular basis.
3. Put DDoS defense in place.
4. Only connect to secure networks.
5. Modify the SSH port.
6. Make sure that each user has their own account.
7. Change your passwords on a frequent basis.
8. Keep your databases safe.
1. Make sure you have the latest security updates and patches installed.
2. Run virus scans on a regular basis.
3. Put DDoS defense in place.
4. Only connect to secure networks.
5. Modify the SSH port.
6. Make sure that each user has their own account.
7. Change your passwords on a frequent basis.
8. Keep your databases safe.
