Running server without some kind of protection, open up to bruteforce and dos attack.
Even with ssh port set to different port, or PermitRootLogin no, isnt good enough.
People can still guess a domain username based on the control panel being used,
especially plesk and cpanel.
Once they fire up their brute force attack, they can use it to attempt to get your clients password.
So its best to install some kind of detection and auto blocking system to prevent this from happening.
CSF is one of the best tool to use.
Once installed, here are some useful tips you might want to consider:
enable UI, but remember to set the username and password in the ui section below the ui enable line.
Email alert to yourself, incase if someone is attacking your server.
And on top of that, for kloxo purpose, you may want to ignore this list of processes, by adding these lines:
exe:/usr/local/lxlabs/ext/lxlighttpd/sbin/kloxo.httpd
exe:/usr/libexec/mysqld
exe:/usr/sbin/httpd
exe:/usr/bin/httpd
exe:/var/qmail/bin/qmail-clean
exe:/var/qmail/bin/qmail-send
exe:/usr/bin/freshclam
exe:/var/qmail/bin/qmail-rspawn
exe:/var/qmail/bin/splogger
exe:/usr/sbin/clamd
into /etc/csf/csf.pignore
Option options may be useful is set TESTING to 0.
/etc/csf/csf.conf
add in port 7777 to
TCP_IN
After thats done,
run this:
/etc/init.d/csf start
/etc/init.d/lfd start
For directadmin wise:
add these lines into /etc/csf/csf.pignore
exe:/usr/local/bin/freshclam
exe:/usr/libexec/openssh/sftp-server
to whitelist:
add ip into:
/etc/csf/csf.allow
Other optional setting:
To set connection limit per ports:
CONNLIMIT = "22;5,80;10,110;5,25;5,587;5,21;5"
example above:
port 22: max 5 per ip,...
For more information:
http://configserver.com/free/csf/readme.txt
No comments:
Post a Comment