cPanelConfig - cPanel server configuration guide » server

How to mitigate DOS atacks with DOS-Deflate

yolau — Fri, 21 Sep 2007 21:40:41 +0000

What is DOS-Deflate?

(D)DoS Deflate is a shell script developed by Zaf, originally for use on MediaLayer servers to assist in combating denial of service attacks. However, it was seen to be very effective for our purpose, and therefore was released as a contribution to the web hosting community. (D)DoS Deflate is now used by not only many web hosts, but by many people who run their own servers looking for additional security in dealing with such attacks.

How to install

Installing DOS-Deflate is one of the simplest out there.

Login to your server as root
Download the install script

wget http://www.inetbase.com/scripts/ddos/install.sh

Run the installer

sh install.sh

DOS-Deflate should now be installed.

Please note that DOS-Deflate uses APF to ban IPs so you must have it installed for DOS-Deflate to work properly. I guide on how to install APF can be found here.

Customizing DOS-Deflate is very easy. You have to edit /usr/local/ddos/ddos.conf with your favorite editor for example

pico /usr/local/ddos/ddos.conf

Every setting is explained in the configuration file so I will not go over them as the explanations are quite easy to fallow up.

If you run into any problems please leave a comment here and I’ll try to help out.

Basic security configuration for a new cPanel server

yolau — Mon, 17 Sep 2007 21:49:30 +0000

Note: This article is based on a Layeredtech knowledgebase article https://support.layeredtech.com/home/index.php?x=&mod_id=2&id=101

We do not guaranty that the following steps will make your server hack proof, but it will greatly reduce your chances of compromise.

Basic Steps to Securing CPanel (Linux based OS):

These are items inside of WHM/Cpanel that should be changed to secure your server.

Goto Server Setup =>> Tweak Settings

Check the following items…

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts – blackhole

Under System
Use jailshell as the default shell for all new accounts and modified accounts

Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.

Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.

Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection

When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP

Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)

Goto Mysql =>> MySQL Root Password
Change root password for MySQL

Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
/sbin/depmod
/sbin/insmod
/sbin/insmod.static

/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

These are measures that can be taken to secure your server, with SSH access.

Udate OS, Apache and CPanel to the latest stable versions.

This can be done from WHM/CPanel.

Restrict SSH Access

Disable Shell Accounts

To disable any shell accounts hosted on your server SSH into server and login as root.

At command prompt type: locate shell.php

Also check for:

locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts

Note: There will be several listings that will be OS/CPanel related. Examples are

/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.

Disable identification output for Apache

To disable the version output for proftp, SSH into server and login as root.

At command prompt type: pico /etc/httpd/conf/httpd.conf

Scroll (way) down and change the following line to

ServerSignature Off

Restart Apache

At command prompt type: /etc/rc.d/init.d/httpd restart

Install chkrootkit

Install MySQL Performance Tuning Primer Script

yolau — Tue, 11 Sep 2007 22:44:22 +0000

Tuning the performance of MySQL can be a really hard job to do.
There are many thinks to consider and no two servers are identical so there is no universal solution.
Tuning Primer is a script that will help you tune your mysql installation by providing very healthy recommendations based on past mysql records.
For the script to be efficient you must run the mysql server for at least 48 hours.

Installation is extremely simple:

Download the script

wget http://day32.com/MySQL/tuning-primer.sh

Change the permissions for the file

chmod 755 tuning-primer.sh
Run it

./tuning-primer.sh

Apply the sugesttions

Enjoy!