A friend of mine who runs a small web hosting company recently had his server taken offline by his provider. It was taken offline due to the server hosting "several" phishing sites. He had no idea that he was hosting these phishing sites, only that an account had been compromised and a site defaced, which is all that many people notice when this happens to them.
I am not a security expert, far from it in fact. I am however the only person my friend had to turn to for help in this situation. I've set up many Linux servers over the years, many of them dedicated single purpose servers and a few for shared hosting like my friend's. One thing I do know about server security is that there is no such thing as a truly secure server. It is a balancing act between keeping the server secure and allowing users to make use of it.
The hosting provider insisted we rebuild the server, which makes sense. Hackers generally try to cover their tracks once they compromise a system. To be certain all of the damage done by the hacker a full re-install of the operating system is the best way to go. Since we needed to re-install and the hardware was at the End of Life stage we decided to replace it with newer hardware instead of rebuilding on the out dated hardware. Once the hosting provider had finished installing Linux with cPanel for us and turned it over to us the process of securing the server began.
In upcoming posts I will be detailing the steps I took to secure the new server. I will go over installing a Firewall, important system tweaks, detecting brute force login attempts, detecting root kits when they get installed, and adjusting cPanel for security. I will only be going over the basic steps of securing a server, if you are interested in security there are many books available, or for more up to date information use Google.
No comments:
Post a Comment