Webserver Threats and Security

[Bullten]

Hello All,

Please post what measures you are taking to protect your web server and also post the new threats around.

This will surely help all of us to make changes if we haven't made in past

 

[myidealhost]

What we are doing for server security!
- By default, we have set all servers to use the latest PHP with
php_suexec enabled along with register_globals turned off. This prevents remote
code inclusion and various code poisoning.
- We are running Apache in chroot-ed environment with suExec.
- We have compiled a secure Linux kernel with grsecurity. This secures the
server against kernel exploits.
- We have sophisticated IDS / IPS systems which block malicious bots
and attackers.
- ModSecurity is installed on all of our shared servers.
- Our server are regulary scanned using rkhunter to identify rootkit
and Trojans.
- The serverspace is scanned using latest updated clamAV.

 

[gen.anovlis28]

1) Maintain strong security on the computer that you use to manage your website

2) Choose third party scripts carefully

3) Follow accepted best practices for your website passwords

4) Keep third party scripts up to date

5) Use good security practices for SSH

6) Don't weaken your server's file and folder permissions.

7) Write your own scripts securely

8) Block suspicious activity with .htaccess

 

[easyhostmedia]

we also have ConfigServer eXploit Scanner on all our servers

 

[kool.jamespaul]

these tips are so awesome, hope my host has all these in mind. however goweb.de is giving me fine service till now

 

[handsonhosting]

Due to the nature of security, listing all the procedures that we go through and providing it as an open discussion list to the general public is not something we're prepared to do.

That being said, each of the options listed above are great starting points.

 

[SolidShellSecur]

We don't talk about all that we do, but we do run a series of IDS and rely on ACLs and custom security patches for services and the kernel.

Best security comes from being proactive and watching your logs.

 

[John-GH]

Keeping in the know of the latest exploits so you can protect yourself is also very important.

 

[webhostpython]

Heres a nice tutorial that may help you in securing your server, and more
http://www.whmsecurity.com/linux-security/7-how-whm-cpanel-hardening-security-basics-part-1-a.html

 

[storminternet]

Here is another thread for checklists and to keep your server protected especially, cPanel servers.

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/SecureServerChecklists

 

[easyhostmedia]

Here is another thread for checklists and to keep your server protected especially, cPanel servers.

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/SecureServerChecklists

one thing with the cpanel tweeks is to use

Require SSL
Enabling this option requires logins from remote locations to use SSL.

you need an active SSL certificate for your servers hostname, which is no problem, but if you have resellers and master resellers they will not be happy if you enable SSL as it will tell their clients who they host with
as every cpanel/WHM on the server will show the following URL in the browser bar

cpanel: https://hostname:2083
WHM: https://hostname:2087

 

[qhoster]

Firewall and changing the SSH port first from the server's default one.