Linux

source: www.eth0.us: How-To: Secure your temp directories

Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.

Source: http://forums.cpanel.net/showpost.php?p=211290&postcount=102

1. Login to your server via SSH as root.

Then Type: cd /usr/local/src/

If you are in the danger of getting your main server IP block by SpamCop because you had a few anoying spamers abusing your server then you could simply change your exim mailserver IP to avoid the effect of your main IP beeing blacklisted.

source: http://www.linuxsecurity.com/content/view/121960/49/

In this article I am trying to explain what DDOS is and how it can be prevented. DDOS happens due to lack of security awareness of the network/server owners. On a daily basis we hear that a particular machine is under DDOS attack or NOC has unplugged the machine due to DDOS attack . So DDOS has become one of the common issues in this electronics world. DDOS is like a disease which doesn't have an anti-viral developed. So we should be carefull while dealing with it . Never take it lightly. In this article i am trying to explain the steps/measures which will help us defend from DDOS attack ,up to a certain extend .

OK, Here's the revised edition. Updated to reflect the latest kernel at this time (2.6.16.17) and removed the "make mrproper" command since it was wiping out the old config and causing big issues.

source

source

Firewall settings are great for preventing Denial of Service (DoS) attacks, however it may not always be your only solution. The day has finally arrived when I found this excellent module called mod_dosevasive (DoS Evasive) which keeps track of how many requests each client makes to your server within intervals. If a client is being forceful with your server and making too many requests, then it is more than likely not just a web browser but some automated process unleashed on your site to try and take it down.

This handy Apache module we have found takes care of these issues. Let's get started by setting it up.

Detecting hardware from outside the box

We

source

If you’re tired of seeing your /var/log/messages log file full of dropped traffic from APF firewall then we have a solution! We’ll create a separate log file for TCP/UDP OUTPUT and drops which will leave your messages log nice and clean for easy browsing!

Source

What is BFD (Brute Force Detection)?
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.

Requirements:
- You MUST have APF Firewall Installed before installing BFD - it works with APF and requires some APF files to operate.
- Root SSH access to your server

Overview:
Blocking and preventing brute force attacks is one of the main things you want to do on your web server to add a layer of security. While someone might not be targeting your site or server specifically, they will have automated tools that will try to guess random usernames and passwords that are common against your system. They’re essentially forcing their way to user only authorized area’s of a system, such as FTP accounts, e-mail accounts, databases, script based administration areas and root or any shell access are most common attempts. They will try multiple login attempts, guessing usernames and passwords, trying to force their way onto your machine.

# find . -exec grep 'text to find' {} \; -print 2>/dev/null

What kernel/distro are you running? Show us the md5sum of sshd,

uname -r
cat /etc/*-release
md5sum /usr/sbin/sshd

I'm getting to know far more about servers than I ever wanted to, after hundreds of hours of Google research trying to squeeze/beat performance out of Apache. I do have 15 years programming experience in other areas, and I've reached the conclusion that the only experts in Apache/Linux are the programmers who wrote (and poorly documented) all this stuff. So I've gathered everything I could learn after countless hours of frustration and I'm writing this up in return for the immense amount of help I've received from the documentation of others.

http://forums.cpanel.net/showthread.php?s=&threadid=18781&highlight=reverse+dns

source http://www.askdavis.com/qmailtoaster/

Nate Davis - [email protected]

Last Edited: January 12th 2004

http://www.lifewithdjbdns.org/

http://cr.yp.to/djbdns/frombind.html
Everything is there , and the best part is, it is not cryptic like DJB's page!

Hello,
This is a combination of posts I have used in the past and have adapted to provide an excellent DNS solutions.

The prerequisites for this are just Two Servers and in this implementation 4 IP's(2 per server) as it makes it more understandable. Also you will require a web accessible domain on each server.

Basically it will allow you to use a combination of two servers to do your DNS for you one being the primary and one the secondary. You could use this for every two sets of servers you own OR possibly adapt it so that all your servers use just the two sets.

It is my intention to eventually use this solution so that DJBDns is used instead of Bind because it is so flakey and buggy in my opinion.
DJB has a $500 reward for any exploits discovered thats how good it is!

Anyway enough chat lets get down to business....................

What we are aiming for is the following set up
NS1.JOELMOSS.COM PRIMARY NS FOR SERVER 1 ON SERVER 1
NS2.JOELMOSS.COM SECONDARY NS FOR SERVER 1 ON SERVER 2

NS3.JOELMOSS.COM PRIMARY NS FOR SERVER 2 ON SERVER 2
NS4.JOELMOSS.COM SECONDARY NS FOR SERVER 2 ON SERVER 1
 

http://www.dnsreport.com/

good place to test your nameserver...