SSH service can be secured in various ways like changing the SSH port, changing the ssh protocol,  ssh ListenAddress, disable root login with the PermitRootLogin parameter, allowing ssh access to specific users, restricting SSH access to specific IPs etc. These steps will make sure SSH service on your server is secure. Edit the SSHD configuration [...]

I. VULNERABILITY WordPress <= 2.8.3 Remote admin reset password II. BACKGROUND WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. More simply, WordPress is what you use when you want to work with your blogging software, not fight it. [...]

Download the gzipped tarball, extract it and run the installation script. download: # wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz Note: It doesn’t matter where you save the tarball extract: # tar zxf rkhunter-<version>.tar.gz installation: # cd rkhunter # ./installer.sh (Source: http://www.evolution-security.com/) (Source: http://www.rootkit.nl/articles/rootkit_hunter_faq.html) Incoming search terms:centos xen windows windows\system32\config\system (3)qmhandle centos install wget (2)rootkit hunter windows 2012 (1)rootkit hunter [...]

1. Enable SYN cookies mechanism in the server by the executing command: # echo 1 > /proc/sys/net/ipv4/tcp_syncookies 2. Increase the backlog queue to 2048 by the command: # sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″ Incoming search terms:linux mail queue maildrop permission denied (1)

CODE Banning an IP iptables -A INPUT -p all -s IPHERE/32 -j DROP CODE Unbanning and IP iptables -D INPUT -p all -s IPHERE/32 -j DROP CODE Listing the last five ip’s with the most connections netstat -atnp -A inet | grep “:80″ | awk -F ” ” ‘{print $5} ‘ | awk -F “:” [...]

A quick and usefull command for checking if a server is under ddos is: netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n That will list the IPs taking the most amount of connections to a server. It is important to remember that the [...]

It is good to learn all the ip addresses which holds N+ tcp connection to your server. For example, if we want to list ip addresses and connection counts of hosts which has 25+ connection right now: netstat -n –tcp –udp –numeric-hosts | \ grep -v 127.0.0.1 | \ awk ‘{if (/(tcp|udp)/) { print $5 [...]

This is the second time that CSF on our Cpanel server is not detecting POP3 login failures from a dictionary attack. The IP address was added on the ip deny list but still it was able to attempt to login on POP3. We have our LF_POP3D set to 20 and LF_POP3D_PERM to 1 to block [...]

Securing Your Server Below given are some of the steps that can be used to secure your server. Disable identification output for Apache To disable the version output for proftp, SSH into server and login as root. At command prompt type: pico /etc/httpd/conf/httpd.conf Scroll (way) down and change the following line to ServerSignature Off Restart [...]

BASE web page setup Open your favorite web browser and go to: http://www.example.com/base-1.2.5/setup If all is setup okay you should see the BASE Setup Program page: Click on Continue step 1 of 5: Enter the path to ADODB (/var/www/adodb): click on Submit Query step 2 of 5: Enter the needed info on the next screen: [...]