Dedicated Servers & VPS w/ Cpanel Harden Security! Tips!

Discussion in 'Web Hosting' started by mixcat, May 31, 2010.

  1. mixcat

    mixcat Registered Member

    Jan 9, 2008
    Likes Received:
    First What is VPS vs. a dedicated server?
    VPS stands for Virtual Private Server.
    Lots of web hosts over sell VPS boxes, that means you will never get the resources your quoted. The "P" in VPS, Private? not so much...
    VPS is super for programmers working on non production scripts and software or Proxy services.

    If you have a website with good traffic on it or somewhat resource intensive and you outgrown your shared hosting provider I would recommend going with a cheap dedicated server on a good network DC. You will get much better performance on your own box and you dont have to worry about other users on the box spiking load.
    This this said here are the basics you should know getting into managing your own server...

    Here are the must haves with Cpanel
    I only use Centos as the updates are very easy to take and its super stable.
    from SSH type "yum update" and thats it!
    Whats SSH? Secure Shell Command Line.
    If your using XP, Vista or Windows 7 you can use a FREE program that you can find on Google called Putty it's for SSH

    Want to save money and not have a management team?
    (OS & Cpanel Updates)
    OK Make sure you keep cpanel up to date! There is a link in your WHM interface for update Server Software and Update System Software..
    One is the OS and the other is Cpanel.
    Do these every month!

    (Web Server - Apache)
    OK now Use EZ Apache update. It is very easy to recompile apache AKA web server.
    You want to do the advanced option and select GD, MOD Security an any other options your scripts might need.
    Mod Security will harden your webserver a little and make sure people dont do some of the simple php or webserver exploits.

    (Security & Hardening)
    1) Firewall: CSF+LFD has to be installed and configured. Very simple!

    2) Install CHKRootKit, which is a program that looks for known signatures in trojaned system binaries, it basically detects if your system has been compromised.

    3) /tmp and /var/tmp has to be hardened and secured to prevent the execution of malicious scripts. Google how to do this.. Lots of guides.

    4) Installed Rootkit Hunter, which is scanning tool to find most types of exploits (backdoors, suspicious files, md5 hash comparisons, and is over 99% accurate in detecting such exploits.

    5) Install a root login notification script. This will send an e-mail alerts every time someone logs into your server as root. **** Very handy so you know when someone is in your server thats not you!****

    6) SSH harding! by restricting the SSH Protocol to SSH 2. SSH will still function the same way, just much secure..

    7) System Configuration Files host.conf & sysctl.conf needs to be secured and hardened to prevent DNS lookup poisoning and also provide protection against spoofs & to help prevent the TCP/IP stack from syn-flood attacks. It is also configured to prevet other various and similar network abuse.

    And Last, Make ALL passwords strong. Add letters, numbers and toss in a special char.
    So no one can guess.. No QWERTY123 or pass123! or passw0rd1 dont count as strong!

    I hope that helps.. Remember if you update and harden your box before you start using it; some scripts that might be exploitable on a less secure host will be like a brick house!

    If you need data center or webhosting company tips shoot me an IM I deal with many.
    • Thanks Thanks x 3
  2. DarkRaider

    DarkRaider Newbie

    May 25, 2010
    Likes Received:
    Is it best to wait to the site grows to think about this move? Ever heard of Zyon hosting?