Seeksadmin Blog

With the growth of the internet also came the growth of hacking. It has increased so much so that according to Zone-H there are over 2,500 recordered hacks each day. Some people may be suprised by this figure, others wont be. In my opinion that is not the suprising fact, the shocking fact is that the number of reported hacks is growing by 40% each year!!! Are the hackers getting smarter?

Generally the hackers will get in due to one of three reasons:

1. Out of date scripts - Everything from Kernels to Apache have updates and a lot of these updates are to fix security bugs. So if you are running out of date scripts with known security holes. A lot of hackers will take advantage of these holes and gain root access to your server
2. Insecure Scripts - Most of the hack attempts that we have to deal with at Seeksadmin are due to insecure scripts such as PHPbb, Vbulliten or many other common scripts. If these are not kept up to date they are very dangerous allowing a hacker to gain root access.
3. Insecure Passwords: Not much explanation is needed, if you have a short or weak password it is easier to guess and it can easily be brute forced.

So what can you do? Well keep everything up to date, and use a decent password? It wont ensure that you are 100% secure however it will go a long way to stopping you being hacked.

At the moment Seeksadmin is concentrating on security and we are trying to raise awareness in security and how to keep your system secure. In accordance with this we are offering a FREE remote scan and a $5 local scan. After these scans you will recieve the security holes in your system and we will reccomend a few things you can do to help secure your system. We also have free security consultation so if you have any questions please contact us at sales[@]seeksadmin[dot]com

I am sure many of you will be thinking that it is our job to secure your servers and you are right, but much of this you need to know and it will do no harm in you knowing. So if you dont feel like you can do anything here, just open a ticket and we will do it for you. Everything here is pretty simple, and this will be good for anyone who wants to learn, and be slightly more independent.

This guide is mainly for WHM and cPanel as the things are made much easier with cPanel and WHM however we can do them even if you dont have it.

1. Shell Limits

You should enable shell resource limits to prevent users from consuming all the server resources. DDOS exploits typically do this. A quick way to set this for people using WHM is in the root WHM reseller go to Shell Fork Bomb Protection

2. Background Process Killer (People using WHM)

In WHM enable each item in WHM -> Background Process Killer, to remove any IRCs or other malicious bots

3. Apache

In Apache RLimitCPU and RLimitMEM should be set to stop any spammers or DDOSers using all the processes on your server. You can do this in WHM in the Modify Apache Memory Usage page.

You should also make sure that mod_userdir is disabled apart from one main domain, or just make sure its disabled totally, otherwise hacks may use it to try and hide their activities.

You should also enable SUEXEC to reduce the risk of hackers accessing all your sites if the server is comprimissed.

4. PHP

In the php ini (you can find the location via a php info file) you should change enable_dl to Off. This prevents users from loading php modules that effect everyone on the server. Note: IF you use dynamic libs like ioncube you will have to load them directly from the php.ini

You should also change the disable functions to
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
Some webscripts break with these so you may have to remove a few, but these scripts are dangerous

You need to make sure PHP open_basedir is enabled. In WHM you can do this via WHM -> Tweak Security -> php open_basedir tweak. This prevents PHP scripts from straying outside of their account.

PHPSuExec can reduce the risks of hackers accessing all the sites on the server via a compromised PHP web script. There are some side effects of this, but this is a much safer method. If your server is full I would not recommend it, but on
brand new servers this is the best thing to do as its safer.

5. Control Panel

Make sure your control panel is updated to the latest stable version regularly.

Make sure that SSL login is forced, ie the secure ports. In WHM you can do this via WHM -> Tweak Settings -> Always Redirect users to the ssl/tls ports when visiting /cpanel, /webmil etc

Make sure boxtrapper is DISABLED. The reason for this is that if its enabled you can easily be listed in an RBL and usually has the effect of increasing overall spam load not reducing it.

Make sure you have some sort of limit of emails sent per hour

Make sure users CAN NOT reset passwords via email