PLEASE NOTE! The following snippet is user submitted. Use at your own risk! For users who have setup drupal using an alternate database to the default (MYSQL), please note that the snippets may contain some database queries specific to MYSQL.
A web and systems development journal (from a–too busy–web developer who does a lot of various IT work.)
location of whm/cpanel (/scripts/upcp) conf file: /etc/cpupdate.conf
Source: http://www.webhostgear.com/321.html
For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you're probbaly seeing Fail Open DNS Servers. We'll show you have to fixed named to close open dns servers.
source: www.eth0.us: How-To: Secure your temp directories
Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.
Published on eth0.us - General info for cPanel, plesk, ensim, and linux! (http://www.eth0.us)
How-to: Determine if a server is hacked
By eth00
Created 2005-05-09 10:59
How-to: Determine is a server is hacked
Source: http://forums.cpanel.net/showpost.php?p=211290&postcount=102
1. Login to your server via SSH as root.
Then Type: cd /usr/local/src/
Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 07/05/2006
The typical UNIX® administrator has a key range of utilities, tricks, and systems he or she uses regularly to aid in the process of administration. There are key utilities, command line chains, and scripts that are used to simplify different processes. Some of these tools come with the operating system, but a majority of the tricks come through years of experience and a desire to ease the system administrator's life. The focus of this series is on getting the most from the available tools across a range of different UNIX environments, including methods of simplifying administration in a heterogeneous environment.
If you are in the danger of getting your main server IP block by SpamCop because you had a few anoying spamers abusing your server then you could simply change your exim mailserver IP to avoid the effect of your main IP beeing blacklisted.
source: http://www.linuxsecurity.com/content/view/121960/49/
In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn't have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .
OK, Here's the revised edition. Updated to reflect the latest kernel at this time (2.6.16.17) and removed the "make mrproper" command since it was wiping out the old config and causing big issues.
Source: http://www.wordsandpeople.com/security/how-to-prevent-spam.htm
Spam: If you have an email address I bet you're fed up with the unsolicited mail you receive. The increase in spam has virtually relegated email as an adult only facility. Spam is a waste of our time. Many spam emails are obscene, many are offensive or insulting to one's inteligence e.g. "I have a zillion pounds that I want to put into your bank account, please fax your bank account details to me...This is not a scam, honest!".
source: http://forums.cpanel.net/showthread.php?t=50700&highlight=spamd+failed
wget http://layer1.cpanel.net/perl587installer.tar.gz
tar zxf perl587installer.tar.gz
cd perl587installer
./install
Stock Exchange (highly recommended)
Morguefile (highly recommended)
Image After
Free Photos Bank
I was reading through the mails in the php-general mailing list and came across this mail by Rasmus about AJAX
Firewall settings are great for preventing Denial of Service (DoS) attacks, however it may not always be your only solution. The day has finally arrived when I found this excellent module called mod_dosevasive (DoS Evasive) which keeps track of how many requests each client makes to your server within intervals. If a client is being forceful with your server and making too many requests, then it is more than likely not just a web browser but some automated process unleashed on your site to try and take it down.
This handy Apache module we have found takes care of these issues. Let's get started by setting it up.
http://www.thedomainworks.com/smtp_settings.php (source)
Carrier Server Address
Adelphia mail.adelphia.net
America Online (AOL) smtp.aol.com
Atlantic Broadband smtp.atlanticbb.net
AT&T (Broadband) mail.attbi.com
Fixing Log Rotation Problems
Since installing cpanel on some of our server, we noticed the logs in /usr/local/apache/logs/* growing out of control without ever being rotated. In /etc/logrotate.d the script called "httpd" is the reason why. Its totally wrong. Its looking for files located in /var/log/httpd/ and that is not where my log files are located. In fact, we dont even have files in this directory. Its completely empty.
If you’re tired of seeing your /var/log/messages log file full of dropped traffic from APF firewall then we have a solution! We’ll create a separate log file for TCP/UDP OUTPUT and drops which will leave your messages log nice and clean for easy browsing!
What is BFD (Brute Force Detection)?
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php
This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.
Requirements:
- You MUST have APF Firewall Installed before installing BFD - it works with APF and requires some APF files to operate.
- Root SSH access to your server
PLEASE NOTE! The following snippet is user submitted. Use at your own risk! For users who have setup drupal using an alternate database to the default (MYSQL), please note that the snippets may contain some database queries specific to MYSQL.
source: http://www.versaweb.net/forums/showthread.php?p=484#post484
#################
[main]
exclude=mod_ssl* httpd* perl mysql* php* spamassassin*
cachedir=/var/cache/yum
debuglevel=2
rm /var/cpanel/mysqlup
That will stop upcp from touching MySQL.
To upgrade manually
If you upgrade manually you need to remember to create the file:
#touch /etc/mysqlupdisable
(Otherwise upcp will simply downgrade it again.)