security

Install drupalgeddon on your server:

drush dl drupalgeddon

Install Site Audit:

drush dl site_audit --dev

Install Hacked:

drush dl hacked --dev; drush en hacked -y

Install Security Review:

By default apache loads a bunch of encryption protocols. Most of which either are insecure and/or slow.

The location of these settings are based on DirectAdmin's Apache 2.4.x, however, you should easily be able to locate them in your apache .conf files.

vi /etc/httpd/conf/extra/httpd-ssl.conf

Set Apache to only use the fastest and best encryption algorithms.

Now comment out the default SSL settings and add new ones as shown below:

Block IPs with Brute Force Monitor in DirectAdmin using CSF

Source: https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm

Source

Source: http://www.webhostgear.com/321.html

For those of you who check your nameservers and other DNS related issues using the popular site dnsreport you're probbaly seeing Fail Open DNS Servers. We'll show you have to fixed named to close open dns servers.

source: www.eth0.us: How-To: Secure your temp directories

Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.

Source: http://forums.cpanel.net/showpost.php?p=211290&postcount=102

1. Login to your server via SSH as root.

Then Type: cd /usr/local/src/