It is good to minimize running services before publishing new Linux WEB server. Turn off all needless services as they are potentially security hole. I also have practise to forbid ssh root access ...
More can be read at http://www.redips.net/linux/lamp-setup/
jeffatrackaid
May 19, 2010 7:07 AM
Mod Security is probably the best option you have applied. In my experience dealing with 100's of servers, I find web application exploits to be the most frequent issue followed by compromised FTP accounts.
You've blocked FTP at the firewall but this will not prevent the issue I often encounter. Various trojans still FTP credentials. This happens client-side so the FTP firewall block will not prevent this. It will however prevent the bots from logging in, so you do get some protection but a clever attacker would at least get the account login.
You may also want to consider rate-limiting SSH and perhaps access to your WHM ports with iptables. I've used this to great success on a large number of cPanel servers. More details on this technique here.
http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks/
Comments
Read the article that everyone's commenting on.
August 4, 2005 5:20 AM
how to setup web&mail server Ofredhat linux12(fedore core3)
September 27, 2006 11:05 PM
can i publish this in my magazine i will mention you as the author and also put a link to your webste
October 4, 2006 3:28 PM
Republishing terms & conditions are here: http://ask-leo.com/terms.html - if they don't work for you, email me directly.
October 12, 2006 7:15 AM
Nice Article.
I am new bee in list whose server is hacked.
Following article suggest some of CPanel's setting.
http://www.shareware-promotion.org/resources,9.html
It could be useful for others.
Vijay.
July 30, 2008 12:47 AM
It is good to minimize running services before publishing new Linux WEB server. Turn off all needless services as they are potentially security hole. I also have practise to forbid ssh root access ...
More can be read at http://www.redips.net/linux/lamp-setup/
May 19, 2010 7:07 AM
Mod Security is probably the best option you have applied. In my experience dealing with 100's of servers, I find web application exploits to be the most frequent issue followed by compromised FTP accounts.
You've blocked FTP at the firewall but this will not prevent the issue I often encounter. Various trojans still FTP credentials. This happens client-side so the FTP firewall block will not prevent this. It will however prevent the bots from logging in, so you do get some protection but a clever attacker would at least get the account login.
You may also want to consider rate-limiting SSH and perhaps access to your WHM ports with iptables. I've used this to great success on a large number of cPanel servers. More details on this technique here.
http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks/
To post a comment on "How should I set up my Linux Web Server?", please return to that article's main page.