Bahas JaMaYcKa hacker Defacer
- Thread starter pemula_web
- Start date
- Status
IIXPLANET
Expert 2.0
saya ada tips sedikit yg mungkin berguna untuk security web server :
1. install CSF - Config security server , yg bisa di lihat di web www.configserver.com untuk instalasi nya , csf ini cukup berguna untuk handle masalah attacking , injection ataupun root hack yg bisa diset dengan 3 tingkat level security , low, medium , high.
2. Install CHKROOTKIT , scanner directory server yg tiap hari automatic scanning untuk mencari vulnerabillity script atau konten yg mungkin berbahaya di server kita , yg nantinya akan direpot ke email admin tiap harinya.
Code:
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
To run chkrootkit
At command prompt type:
Code:
/root/chkrootkit-0.44/chkrootkit
3. Install root branch / root detector and email warning
fitur ini adalah warning kepada pemilik server jika ada user yg mencoba masuk ssh server menggunakan user id : ROOT
Code:
pico .bash_profile
Scroll down to the end of the file and add the following line:
Code:
echo ‘ALERT - Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” [email protected]
Save and exit.
4. Tweak Setting in WHM
Goto Server Setup =>> Tweak Settings
Check the following items…
Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
(according to ELIX - set this to FAIL, which is what I am going to do to reduce server load)
Under System
Use jailshell as the default shell for all new accounts and modified accounts
Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.
Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.
Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection
When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.
Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP
Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)
Goto Mysql =>> MySQL Root Password
Change root password for MySQL
Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
Code:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod
5. Restrict SSH Port ( ini untuk mengubah port ssh ke port lain ) berguna untuk mencegah root take off
At command prompt type:
Code:
pico /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
Code:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment and change
Code:
#Port 22
to look like
Code:
Port 5678
(choose your own 4 to 5 digit port number (49151 is the highest port number AND do not use 5678 lol )
Uncomment and change
Code:
#Protocol 2, 1
to look like
Code:
Protocol 2
Uncomment and change
Code:
#ListenAddress 0.0.0.0
to look like
Code:
ListenAddress 123.123.123.15
(use one of your own IP Addresses that has been assigned to your server)
6. Disabled TELNET
To disable telnet, SSH into server and login as root.
At command prompt type:
Code:
pico -w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type:
Code:
/etc/init.d/xinetd restart
7. Insvestigating DDOS
Untuk mencek apakah web server anda sedang di DDOS atau tidaknya bisa dicek dengan cara cmd berikut :
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
hasil yg didapat adalah berapa koneksi yg sedang aktif dalam server anda.
8 . Install Config Mail Queque
bisa didapat di web : www.configserver.com
berguna untuk handle spam email dan lainnya.
Semoga berguna sedikit referensi ini.
1. install CSF - Config security server , yg bisa di lihat di web www.configserver.com untuk instalasi nya , csf ini cukup berguna untuk handle masalah attacking , injection ataupun root hack yg bisa diset dengan 3 tingkat level security , low, medium , high.
2. Install CHKROOTKIT , scanner directory server yg tiap hari automatic scanning untuk mencari vulnerabillity script atau konten yg mungkin berbahaya di server kita , yg nantinya akan direpot ke email admin tiap harinya.
Code:
cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense
To run chkrootkit
At command prompt type:
Code:
/root/chkrootkit-0.44/chkrootkit
3. Install root branch / root detector and email warning
fitur ini adalah warning kepada pemilik server jika ada user yg mencoba masuk ssh server menggunakan user id : ROOT
Code:
pico .bash_profile
Scroll down to the end of the file and add the following line:
Code:
echo ‘ALERT - Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” [email protected]
Save and exit.
4. Tweak Setting in WHM
Goto Server Setup =>> Tweak Settings
Check the following items…
Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
(according to ELIX - set this to FAIL, which is what I am going to do to reduce server load)
Under System
Use jailshell as the default shell for all new accounts and modified accounts
Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.
Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.
Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection
When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.
Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP
Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)
Goto Mysql =>> MySQL Root Password
Change root password for MySQL
Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
Code:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod
5. Restrict SSH Port ( ini untuk mengubah port ssh ke port lain ) berguna untuk mencegah root take off
At command prompt type:
Code:
pico /etc/ssh/sshd_config
Scroll down to the section of the file that looks like this:
Code:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::
Uncomment and change
Code:
#Port 22
to look like
Code:
Port 5678
(choose your own 4 to 5 digit port number (49151 is the highest port number AND do not use 5678 lol )
Uncomment and change
Code:
#Protocol 2, 1
to look like
Code:
Protocol 2
Uncomment and change
Code:
#ListenAddress 0.0.0.0
to look like
Code:
ListenAddress 123.123.123.15
(use one of your own IP Addresses that has been assigned to your server)
6. Disabled TELNET
To disable telnet, SSH into server and login as root.
At command prompt type:
Code:
pico -w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type:
Code:
/etc/init.d/xinetd restart
7. Insvestigating DDOS
Untuk mencek apakah web server anda sedang di DDOS atau tidaknya bisa dicek dengan cara cmd berikut :
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
hasil yg didapat adalah berapa koneksi yg sedang aktif dalam server anda.
8 . Install Config Mail Queque
bisa didapat di web : www.configserver.com
berguna untuk handle spam email dan lainnya.
Semoga berguna sedikit referensi ini.
gresshost
Poster 2.0
Yup, betul juga kata bung Visualhost.
sekalian folder /tmp di amanin, kalo ga salah dari cPanel juga ada deh :
# /scripts/securetmp
Trus bikin script buat laporin ke email kita klo ada orang yg login ke server via SSH.
ya mudah2an kita smua ga kena yak... ( saya pake CentOs juga neh...
, seleeemm )
sekalian folder /tmp di amanin, kalo ga salah dari cPanel juga ada deh :
# /scripts/securetmp
Trus bikin script buat laporin ke email kita klo ada orang yg login ke server via SSH.
ya mudah2an kita smua ga kena yak... ( saya pake CentOs juga neh...
, seleeemm )
Last edited:
- Status