Basic cPanel Server Hardening - Part 7

The last article in this series went over the options found on the cPanel WHM Tweak Settings page. Today you will learn how to secure FTP access to your server.

Anonymous FTP is used to give users of sites a place to upload files. Many of today's web sites implement file uploads internally though, so for most sites it is not needed. In some cases attackers make use of anonymous FTP access to upload software needed for an attack to the server and then use a security hole elsewhere to execute the software.

To disable Anonymous FTP scroll down the left column until you find the "Server Configuration" section, then click on the "FTP server configuration" link. Once the page loads change "Allow Anonymous Logins" and Allow Anonymous Uploads" to "No".

Next set "TLS Encryption Support" to "Required". This will require all FTP users to use encrypted connections. If a user really can't upgrade their FTP client to support this you can always change it back to "Optional" later.

While on this page confirm that "Allow Logins with Root Password" is set to "No". This ensures that an attacker can not attempt a brute force attack as the root user via FTP.

Now your server is somewhat secured as far as FTP is concerned. It is preferable to disable FTP completely, and do file transfers over SSH connections, but that generally involves allowing your users to have shell access and you have already disabled shell access. In the next installment of this series you will learn about the options in the cPanel Security Center.

Basic cPanel Server Hardening - Part 6

The previous article finished up basic hardening of the operating system. Now that you have a somewhat secure operating system it is time to secure cPanel as best you can. Adding software like cPanel to a server creates additional ways for an attacker to gain access, but many web hosts add it to help users maintain their own sites. What you are doing is to reduce the options hackers have in attacking a cPanel host.

You should disable shell access for all users that don't absolutely need it. This helps limit the damage done when a hacker manages to exploit a user account. If a user does need shell access make sure they are using jail shell. The jail shell is a special shell with relatively restricted access to the server. It is not perfect, but if an account using the jail shell is compromised it can help restrict the damage to just that user account instead of the entire server.

To set the default shell to be the jail shell open the cPanel WHM interface and click on the "tweak settings" link under "Server Configuration" in the left hand column. Look for the "Default shell jailed" option and set it to be "on" by default.

While you are on the "Tweak Settings" page find the checkbox for "Disable login with root or reseller password" and check it. Being able to sign into cPanel as root or a reseller is a handy feature. It allows you to work in cPanel as one of your users without knowing their password. Losing this capability is necessary though since it also prevents someone from logging in via cPanel as root. An attacker attempting to sign into cPanel as root could use a brute force attack to eventually guess the correct root password. Even if they don't manage to guess the correct password, too many failed attempts by an attacker can lock the root user out of cPanel and WHM, effectively locking you out of your own server.

Now that you are done with the changes on the "Tweak Settings" page save them by scrolling to the bottom of the page and clicking the "Save" button. The next article in this series will go over how to secure FTP access.

Kite Aerial Photography - First Attempts

It took most of the summer to edit the approximately 1800 photos I took during my early summer trip to Ocracoke Island down to a more manageable 500. Why so many? Partially from my venture into Kite Aerial Photography, many attempts to capture the kids surfing for the first time, and accidentally leaving the camera on rapid fire when doing more composed shots.

We have started to traditionally take the long way to Ocracoke every summer by driving to the northern Outer Banks then down to Ocracoke. This is the way we arrived when we still lived in Vermont, and helps ease us into the full relaxation of island time. Our first stop is usually the Kitty Hawk Kites store in Nags Head, and depending on what we feel like we head north to explore Duck and Carolla, or just stat heading south to eventually catch the Ferry to Ocracoke. While we were at Kitty Hawk Kites I picked up a nice heavy lifting box kite thinking it would help with my plans for later in the week and some high strength kite line to go with it.

Once we got settled into the condo we had rented for the week I decided to assemble my new kite so I'd know how to put it together when we got to the beach. Fortunately I noticed one of the bars was broken and not repairable. We hit the beach the next morning, so I had to wait until evening to look for another kite. I found my way to the Kitty Hawk Kites store on Ocracoke where I was able to return the defective box kite. The store on Ocracoke is much smaller and did not have any of the same kites so I opted for another box kite of a different design.

The next day we hit the beach again and one I got tired of swimming I gave my new kite a try. Unfortunately the wind was light and the kite could hardly keep itself in the air, so I didn't even try attaching the camera rig. I had a small para-foil kite from previous trips to the beach so I gave that a try as well. In the light wind this kite flew great on its own, but was only able to lift the camera and rig a few feet off the ground. I wound up with about 50 close up shots of sand.

So, back to the kite shop I went. They were very helpful, and let me return my second kite without question, though I didn't exactly point out that I had flown it. This time my wife Kathie talked me into going with a power kite, which is basically a small parachute with two strings instead of one. Having two lines gives you the ability to steer the kite left and right, and perform basic stunts. Our thoughts were that it has a lot of pulling power and maybe we could modify it to a single line kite for my photography project. It turns out modifying the kite with the knowledge and tools we had at the time would not be easy. It did have a lot of pull when down low, but stalls when you send it up high. It is a lot of fun to fly though so we kept it. At one point it was actually pulling me forward, and I weigh a lot more than a small camera.

By now going to the kite shop is starting to get embarrassing, it's a small shop and the same guy was working every time I went in. Fortunately the service provided at Kitty Hawk Kites was great every time I went in. Sure, it would have been better if they had found me the kite I really needed the first time, but I had a hard time explaining exactly what I was doing. This time Kathie found a kite called a "Power Sled" which had packaging claiming to have lifting capabilities while being easy to fly. We had actually looked at this kite earlier in the week, but somehow missed that it actually said it had lifting capabilities.

This kite lifted the camera rig with ease and could quickly pull it up as high as I wanted it to go. For the first flight I had the camera pointed straight down, which may work well in other environments. At a beach as isolated as Ocracoke it led to a lot of boring photos of sand once it cleared the part of the beach we had claimed for ourselves for the day.

The next day we got to watch the kids surf, so we went to another part of the beach where the surf was better. Yes, that is an airstrip you can see in this photo. I probably shouldn't have been flying a kite so close to an airport, but it isn't very busy and I didn't go up high for very long.

Back at the condo I decided I really wanted to get a shot of the harbor and the wind was blowing the right direction. So I headed out to the end of the dock, got the kite out, and quickly tangled all the lines. After about 30 minutes with help from my dad and my wife I managed to get the kite in the air and sent the camera up. For some reason once I got the kite up in the air it kept diving to the right, one of the lines still wasn't quite right. I didn't want to drop my kite and camera on someone so I kept it relatively low before pulling it back down. The small isolated house right on the harbor we used to rent can be seen below the water tower in the photo.

As you can see the picavet hung almost level from the kite line. It would be level, but the center of gravity of the camera is not centered below the picavet. This design worked very well, but there is room for improvement. When in flight the camera would swing from side to side a lot. The lines for the picavet may have been too long, or attached to the kite string too close together.

Many of the photos were blurry once I saw them on the computer screen. Next time I'll be setting the camera to use a faster shutter speed and perhaps look into how to reduce vibration in the kite line. I also did all of my KAP flights during some of the worst lighting conditions of the day. I wasn't really thinking about lighting, but more about flying a kite when I felt like flying a kite. Next time I'll be trying to do more flights in the early morning and evening when the lighting is more interesting.

Overall attempting Kite Aerial Photography was a lot of fun. Having an entertaining project like this while on vacation was a lot of fun for a change. I should have bought a higher quality kite online before going on vacation, but half the fun was having an excuse to go back to the kite shop each day.

Kite Aerial Photography - Getting Started

I've been into photography for as far back as I can remember. I guess I've always been a bit of a gadget hound. As a kid growing up in the middle of nowhere an old camera was a pretty impressive gadget. I'm pretty sure it was several years before my parents decided to let me have any film to put in the camera, but that didn't stop me from taking photographs of all kinds of things. When I finally did get some real film for the camera I adopted the spray and pray technique of photography without realizing it. This technique is used in many other areas as well. In photography the basic idea is take a bunch of photos and hope something comes out good. My parents weren't as impressed with this technique as I was, so it was a while before I saw real film again.

Over the years I slowly developed my photographic skills as my interest in photography came and went. When I got my first digital camera I found myself reverting to spray and pray and had to force myself to carefully compose my shots. This happened again when I got my first digital SLR, and I'm still working on getting back to good technique again.

Several years ago I stumbled across an article about Kite Aerial Photography. Basically you hang a camera below a kite, fly it up nice and high, and take some photos. At the time my interest in photography as a hobby was high, but I didn't have a lot of free time, so I filed it for something to look into later. I eventually forgot about it, being busy with other things, but today everything came together for me to get started. My photography interest is pretty high right now and I've got a trip to the beach coming up soon, a great place for my first try. Adding to that, today was a nice rainy day so I was stuck indoors all day.

I knew I'd have to build some kind of rig to hang a camera below my kite, but really didn't know what it would involve. After doing a little research online I snuck down to the basement while my wife was busy doing something else. The part of the rig that keeps the camera level when attached to the kite string is called a picavet. I decided to go with a small wooden frame for my picavet due to the materials I had on hand. On top of the frame are four screw eyes, below there are three for suspending the camera mount. I used yellow mason's line for the line of the picavet, probably not the best choice, but it is what I had on hand.

Originally I was going to use rubber bands to attach my iPhone directly to the bottom of the picavet, but this would only allow me to take shots straight down. I added three screw eyes to the bottom of the picavet frame, two for the sides of the camera mount, and one for the rear. The camera mount I came up with is very simple, it is just a piece of plexi glass that I can mount an iPhone or a small digital camera to. There are holes in both of the top corners of the plexi glass to allow zip ties to attach it to the screw eyes below the picavet, forming a simple hinge. There is another hole at the bottom of the mount, halfway between each of the side holes. This hole is attached to the third screw eye at the bottom of the picavet with a short piece of mechanic's wire. The mechanic's wire allows me to adjust the angle that the camera hangs at from 0 to 90 degrees. It can be a bit of a pain to adjust, but it seems more rigid than zip ties or string.

Testing the Rig As you can see this is a pretty basic Kite Aerial Photography rig. The camera that I will be using has a built in interval timer so I will be going back to the spray and pray technique yet again with this adventure. I'll probably set it to take a photo every 30 seconds and pray that I get at least a few decent photos to share.

If this works out I'm sure I'll find myself building a bigger rig to support my digital SLR with a radio control trigger as well as pan, and tilt controls. Check back in a few weeks to find out how this project worked out.

New Look for Someone Special's Blog

I recently finished a new look for my wife's blog. She had been using one of the default blogger templates and the look didn't really fit her content. I enjoy amateur photography so when I needed some photos for the design I dug into my personal archive, found some we both liked and went from there. I'm sure a professional graphic designer would have done it differently, but we both like the way it turned out.

I really wish I had more time to put into it though. I haven't done a serious browser test to make sure it looks right in all the major web browsers, there is no print view, and it certainly won't pass HTML or CSS validation. The images aren't optimized either, so it can appear to load slowly some times. In other words, it is far from my best work, but it was fun. When things settle down and I have some free time I'll take the time to clean it up and make it work the way it really should.