security

Install drupalgeddon on your server:

drush dl drupalgeddon

Install Site Audit:

drush dl site_audit --dev

Install Hacked:

drush dl hacked --dev; drush en hacked -y

Install Security Review:

drush en security_review -y

OPTIONAL: run all the above in a single line.

drush dl drupalgeddon -y; drush dl site_audit --dev -y; drush dl hacked --dev -y; drush en hacked -y; drush en security_review -y

Run the drupalgeddon site audit--this will also run the above modules--this will create a file called 'report.html'. Open it up and see what's up.

By default apache loads a bunch of encryption protocols. Most of which either are insecure and/or slow.

The location of these settings are based on DirectAdmin's Apache 2.4.x, however, you should easily be able to locate them in your apache .conf files.

vi /etc/httpd/conf/extra/httpd-ssl.conf

Set Apache to only use the fastest and best encryption algorithms.

Now comment out the default SSL settings and add new ones as shown below:

Block IPs with Brute Force Monitor in DirectAdmin using CSF

Source: https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm

Regular install of CSF

cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
./install.directadmin.sh

Now login as Admin into directadmin or WHM, and click the link ConfigServer Security & Firewall

You'll probably want to add your WAN IP here--you can find out what it is here: http://www.ip-secrets.com/

Then add your WAN IP into Quick Allow column.

Source

Source: http://www.webhostgear.com/321.html

For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you're probbaly seeing Fail Open DNS Servers. We'll show you have to fixed named to close open dns servers.

source: www.eth0.us: How-To: Secure your temp directories

Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.

Source: http://forums.cpanel.net/showpost.php?p=211290&postcount=102

1. Login to your server via SSH as root.

Then Type: cd /usr/local/src/