How to remove an IP from cPHulkD

 

 

 

 

 

Lets “use” the cphulkd database, and see what tables we have

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
root@w4 [~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2279778
Server version: 5.0.90-community MySQL Community Edition (GPL)
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> use cphulkd;
 
Database changed
mysql> show tables;
+-------------------+
| Tables_in_cphulkd |
+-------------------+
| auths             |
| brutes            |
| good_logins       |
| logins            |
| whitelist         |
+-------------------+
5 rows in set (0.00 sec)

So we have auths, brutes, and logins.
The table we are looking for is brutes. This is the table where the blacklisted IPs reside.

1
2
3
4
5
6
7
8
9
mysql> select * from brutes;
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
| IP | NOTES | BRUTETIME | EXPTIME |
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
| 24.90.253.66 | 5 login failures attempts to account moo@omg.com (ftp) | 2008-01-07 14:54:02 | 2008-01-07 14:59:02 |
+--------------+-------------------------------------------------------------------------+---------------------+---------------------+
1 row in set (0.00 sec)
 
mysql>

So we simply remove the entry.

?
1
2
3
4
mysql> delete from brutes where IP='24.90.253.66';
Query OK, 1 row affected (0.00 sec)
 
mysql>

 

 

 

 

 

Published in: on June 3, 2012 at 2:13 pm  Comments Off on How to remove an IP from cPHulkD  

Cpanel Scripts

Install Zend Optimizer /scripts/installzendopt
Hostname A Entry Missing! /scripts/fixndc then restart bind and apache
Install Cron on New Server /scripts/installrpm anacron vixie-cron ; /etc/rc.d/init.d/crond start
Bandwidth issues /scripts/cleanbw
/scripts/fixwebalizer (To fix problem in webalizer that stop updating stats)
/scripts/fixcommonproblems
/scripts/fixeverything
Fixing Mail List MailMan /usr/local/cpanel/bin/convertmailman2
Reinstall MailMan /scripts/reinstallmailman
Fix Permissions on accounts: /scripts/fixhome
Edit mySQL conf file: pico /etc/my.cnf
Edit php.ini: pico /usr/local/lib/php.ini
Edit Apache Conf: pico /etc/httpd/conf/httpd.conf
Checking Real Time Top Processes Login to SSH and run: top
Run cpanel backup /scripts/cpbackup
To try and fix domain controller: /scripts/fixndc

Quotas /scripts/initquotas – takes a while to run
/scripts/resetquotas
/scripts/fixquotas – takes a while to run

/scripts/adddns Add a Dns Entry
/scripts/addfpmail Install Frontpage Mail Exts
/scripts/addservlets Add JavaServlets to an account (jsp plugin required)
/scripts/adduser Add a User
/scripts/admin Run WHM Lite
/scripts/apachelimits Add Rlimits (cpu and mem limits) to apache.
/scripts/dnstransfer Resync with a master DNS Server
/scripts/editquota Edit A User’s Quota
/scripts/finddev Search For Trojans in /dev
/scripts/findtrojans Locate Trojan Horses
Suggest Usage
/scripts/findtrojans > /var/log/trojans
/scripts/fixtrojans /var/log/trojans
/scripts/fixcartwithsuexec Make Interchange work with suexec
/scripts/fixinterchange Fix Most Problems with Interchange
/scripts/fixtrojans Run on a trojans horse file created by findtrojans to remove them
/scripts/fixwebalizer Run this if a user’s stats stop working
/scripts/fixvaliases Fix a broken valias file
/scripts/hdparamify Turn on DMA and 32bit IDE hard drive access (once per boot)
/scripts/initquotas Re-scan quotas. Usually fixes Disk space display problems
/scripts/initsuexec Turn on SUEXEC (probably a bad idea)
/scripts/installzendopt Fetch + Install Zend Optimizer
/scripts/ipusage Display Ipusage Report
/scripts/killacct Terminate an Account
/scripts/killbadrpms Delete “Security Problem Infested RPMS”
/scripts/mailperm Fix Various Mail Permission Problems
/scripts/mailtroubleshoot Attempt to Troubleshoot a Mail Problem
/scripts/mysqlpasswd Change a Mysql Password
/scripts/quicksecure Kill Potential Security Problem Services
/scripts/rebuildippool Rebuild Ip Address Pool
/scripts/remdefssl Delete Nasty SSL entry in apache default httpd.conf
/scripts/restartsrv Restart a Service (valid services: httpd,proftpd,exim,sshd,cppop,bind,mysql)
/scripts/rpmup Syncup Security Updates from RedHat/Mandrake
/scripts/runlogsnow Force a webalizer/analog update.
/scripts/secureit Remove non-important suid binaries
/scripts/setupfp4 Install Frontpage 4+ on an account.
/scripts/simpleps Return a Simple process list. Useful for finding where cgi scripts are running from.
/scripts/suspendacct Suspend an account
/scripts/sysup Syncup Cpanel RPM Updates
/scripts/unblockip Unblock an IP
/scripts/unsuspendacct UnSuspend an account
/scripts/upcp Update Cpanel
/scripts/updatenow Update /scripts
/scripts/wwwacct Create a New Account

/scripts/runweblogs account username for awstats to run manually
Reply With Quote

 

To check the httpd configuration is either SUPHP or DSO

/usr/local/cpanel/bin/rebuild_phpconf –current

Published in: on March 11, 2011 at 11:49 am  Comments Off on Cpanel Scripts  

cPanel Account transfer

cPanel Account transfer


You should able to transfer accounts from your old server to this via WHM as follows. To work this properly you should able to SSH from this sever to the old server without any issue.

WHM login >> Main >> Transfers >> Copy multiple accounts/packages from another server

Here you need to provide the old server IP, SSH port, and root password.

If the above method fails you can transfer accounts manually as follows.

1. Take backup of the accounts using the following script:    ( in source server)

# /scripts/pkgacct <account username>

This will create a backup file under /home with name cpmove-<username>.tar.gz

2. Copy(use scp) this file into the target server: (say 99..99.99.99)

# scp cpmove-<username>.tar.gz root@99..99.99.99:/home

3. Restore accounts using the following script:

# /scripts/restorepkg <account username

Published in: on January 20, 2011 at 6:59 pm  Comments Off on cPanel Account transfer  

Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS

Mod_GeoIP

Posted on : 09-09-2010 | By : admin | In : Web Server

Tags:

0

Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS

 

Mod_GeoIP looks up the IP address of the client end user. If you need to input the IP address instead of simply using the client IP address. For the country database, mod_geoip sets two environment variables, GEOIP_COUNTRY_CODE and GEOIP_COUNTRY_NAME. For other databases, see the README file included with the mod_geoip API.

Installing mod_geoip on cpanel


The easyway of installing mod_geoip is by using the cpanel’s Easyapache custom modules installation method:
Download mod_geoip


Use the Easyapache in the WHM and on the list of modules under apache you will see the mod_Geoip listed there, recompile apache by selecting the modules. After finishing the recompile follow the configuration part below to configure the settings.

Installing mod_geoip on centos and fedora :

 

Installation of mod_geoip module requires two rpm (GeoIP which holds the ip database and mod_geoip for apache), i guess you have already installed httpd 2.x version sucessfully in your server.

The rpm installation will include and configure the mod_geoip modules on apache. You will then find the GeoIP database (GeoIP.dat) in the /usr/share/GeoIP directory. YOu can get the latest ip db from http://www.maxmind.com/download/geoip/database/GeoIP.dat.gz and upload the new database inside the /usr/share/GeoIP/ .

To make sure the mod_geoip is working properly, create the following php file in the default html doc root and try access it in your web browser, for example :

file name : geotest.php

  • <?php
  • print_r($_SERVER);
  • ?>

http://<serverip>/geotest.php

And you should be able to see a list of geoip stats about your location and isp. Follow the instruction on the http://www.maxmind.com/app/mod_geoip official site to configure the country based block/allow.

External links :

Mod_GeoIP official website :

Installing Mod_Geoip on Freebsd/lighttpd :

Published in: on January 5, 2011 at 12:32 pm  Comments Off on Installing Free mod_GeoIP for Apache 2.x / Cpanel / CentOS  

C-Panel Security Settings

SECURITY LEVEL : MODERATE

APACHE & PHP

Server Configuration -> Tweak Settings -> PHP -> PHP max execution time = 120

Server Configuration -> Tweak Settings -> PHP -> cPanel PHP Register Globals = On

cPanel -> Manage Plugins -> modsecurity -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Redirection -> Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc. -> Enable

Server Configuration -> Tweak Settings -> Only permit cpanel/whm/webmail to execute functions = Enable

Security -> Security Center -> PHP open_basedir Tweak -> Enable php open_basedir Protection = Enable

Security -> Security Center -> Tweak mod_userdir Security -> mod_userdir Protection -> Enable mod_userdir Protection = Enable

EXIM & SPAM PROTECTION:

cPanel -> Manage Plugins -> spamdconf -> click on ‘save’ to install the module.

Server Configuration -> Tweak Settings -> Mail -> Default catch-all/default address – > Fail

Server Configuration -> Tweak Settings -> Mail -> The maximum each domain can send out per hour (0 is unlimited) = 600

Server Configuration -> Tweak Settings -> Mail -> Prevent the user “nobody” from sending out mail to remote addresses = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Reject mail with a spam score is greater then 17.5 at SMTP time = Enable

Service Configuration -> Exim Configuration Editor -> Attempt to block dictionary attacks = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: SPF Checking = Enable

Service Configuration -> Exim Configuration Editor -> Blacklist: Drop connections from defined IP Blocks upon SMTP connection = Enable

Service Configuration -> Exim Configuration Editor -> Attachments: Filter dangerous attachments = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification Callouts = Enable

Service Configuration -> Exim Configuration Editor -> Sender Verification = Enable

Service Configuration -> Exim Configuration Editor -> RBL: bl.spamcop.net = Enable

Service Configuration -> Exim Configuration Editor -> RBL: zen.spamhaus.org = Enable

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Enable for all users without the option for users to shut off per account = On

Service Configuration -> Exim Configuration Editor -> SpamAssassinTM: Maximum size a message can be before it will not be scanned by SpamAssassin = On

DNS PROTECTION (OPENDNS) :

1. ssh to your server as root.

2. Wget and run the script as :

Quote:

http://shashank.net/scripts/named.patch
sh named.patch

3. It will provide you with an output like :

Quote:
allow-recursion {
127.0.0.1;
xxx.xxx.xxx.xxx;
xxx.xxx.xxx.xxx;
};

4. Copy and paste this code in the Options section of your named.conf. Something like :

Quote:
options {
options {
directory “/var/named”;
allow-recursion {
127.0.0.1;
xxx.xxx.xxx;
…. ….
…. ….
};
};

5. Save named.conf and restart the named service. All all zones to load and check dns report now.

COMMON CPANEL SECURITY :

Security -> Security Center -> Tweak Compilers -> Disable Compilers

Security -> Security Center -> SMTP Tweak -> Enable

Security -> Security Center -> Shell Fork Bomb Protection -> Enable

Tags : cpanel security , opendns , open dns , how to seccure cpanel , whm security

Published in: on January 4, 2011 at 12:10 pm  Comments Off on C-Panel Security Settings  

cPanel useful scripts

cPanel useful scripts

Some of the important scripts function of cPanel at /scripts:

To create new email account use
# ./addpop
And follow the steps

# ./checkbadconf
Checks /usr/local/apache/conf/httpd.conf for bad users.

# ./fixcommonproblems
– Attempt to fix the most common problems.

# ./fixeverything
– Fix common problems and quotas.

# ./fixmysql
– Fixes problems with mySQL.

Nameserver, DNS related scripts to troubleshoot:

# ./fixnamed – Updates bind to handle many DNS zones (more than 512).
# ./fixrndc

securetmp – Adds securetmp to system startup.

Domains:

listsubdomains – List subdomains.
park – Parks a domain.
newdomains*
newdomains-sendmail*
rebuildparkeddomains*
updateuserdomains*

FrontPage:
checkfpkey – Checks for the FrontPage suid key
setupfp5 – Install FrontPage 5 (2002) installer on an account.
updatefrontpage – Updates FrontPage
fixfrontpageperm – Fix the frontpage permission issues

GD:

checkgd – Checks to see if GD is built.
cleangd – Cleans up old GD installs and reinstalls GD
installgd – Builds GD.

Zend:

installzendopt – Install zend optimzer.

ImageMagick:

checkimagemagick
cleanimagemagick
fetchimagemagick
installimagemagick

Perl:

fixperl – Symlink /usr/local/bin/perl /usr/bin/perl.
fixperlscript – Makes sure a perlscript includes all corresponding modules.
fixsuexeccgiscripts – Fix CGI scripts that are broken after suexec

Mail:

fixpop – Fix a POP account and reset password.
fixspamassassinfailedupdate – Reinstalls a failed spamassassin update.
fixvaliases
listcheck – Checks mailing lists for issues.
mailperm – Fix almost any mail permission problem.
mailscannerupdate – Updates MailScanner
mailtroubleshoot – Guided mail fix.
patcheximconf – Fixes exim.conf
reseteximtodefaults – Resets exim’s default settings.
resetimappasswds – Resets all imap passwords.

fixquotas – Fix quotas.

ftpquaotacheck – Runs quota checking for all ftp users.

Stats:
fixwebalizer – Repair a Webalizer that has stopped updating.

Logs:

fixsubdomainlogs
runstatsonce – Runs statistics (should be used from the crontab).
runweblogs – Run analog/webalizer/etc. for a user.

SSL:

gencrt – Generate a .crt and .csr file.

Database:

installpostgres – Installs PostrgeSQL.
mysqladduserdb – Create a MySQL databse and user.
mysqlconnectioncheck – Attempts to connect to MySQL, restarts SQL if necessary.
mysqldeluserdb – Delete a MySQL databse and user.
mysqlpasswd – Change MySQL password.
mysqlrpmpingtest – Checks your connection speed for downloading

Service restart:

restartsrv – Restart a service.
restartsrv_apache – Restart apache.
restartsrv_bind – Restart bind.
restartsrv_clamd – Restart clamd.
restartsrv_courier – Restart courier imap.
restartsrv_cppop – Restart cppop.
restartsrv_entropychat – Restart entropy chat.
restartsrv_exim – Restart exim.
restartsrv_eximstats – Restart exim statistics.
restartsrv_ftpserver – Restart your ftp server.
restartsrv_ftpserver~ – (INTERNAL)
restartsrv_httpd – Restart httpd.
restartsrv_imap – Restart impad.
restartsrv_inetd – Restart inetd.
restartsrv_interchange – Restart Interchange Shopping Cart.
restartsrv_melange – Restart melange chat.
restartsrv_mysql – Restart mysqld.
restartsrv_named – Restart named.
restartsrv_postgres – Restart postgresql.
restartsrv_postgresql – Restart postgresql.
restartsrv_proftpd – Restart proftpd.
restartsrv_pureftpd – Restart pure-ftpd.
restartsrv_spamd – Restart spamd.
restartsrv_sshd – Restart sshd.
restartsrv_syslogd – Restart syslogd.
restartsrv_tomcat – Restart tomcat.
restartsrv_xinetd – Restart xinetd.

To upgrade the cPanel(WHM) kindly use the script:

# ./upcp –force

 

Published in: on January 3, 2011 at 6:01 pm  Comments Off on cPanel useful scripts  

Security Inside WHM/CPanel

1) These are items inside of WHM/Cpanel that should be changed to secure your server.

Goto Server Setup =>> Tweak Settings

Check the following items…

Under Domains

Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail

Attempt to prevent pop3 connection floods

Default catch-all/default address behavior for new accounts – blackhole

Under System

Use jailshell as the default shell for all new accounts and modified accounts

Goto Server Setup =>> Tweak Security

Enable php open_basedir Protection

Enable mod_userdir Protection

Disabled Compilers for unprivileged users.

Goto Server Setup =>> Manage Wheel Group Users

Remove all users except for root and your main account from the wheel group.

Goto Server Setup =>> Shell Fork Bomb Protection

Enable Shell Fork Bomb/Memory Protection

When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

Goto Service Configuration =>> FTP Configuration

Disable Anonymous FTP

Goto Account Functions =>> Manage Shell Access

Disable Shell Access for all users (except yourself)

Goto Mysql =>> MySQL Root Password

Change root password for MySQL

Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:

/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

 

 

 

2) These are measures that can be taken to secure your server, with SSH access.

Udate OS, Apache and CPanel to the latest stable versions.

This can be done from WHM/CPanel.

Restrict SSH Access

To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.

SSH into server and login as root.

Note: You can download Putty by Clicking Here. It’s a clean running application that will not require installation on Windows-boxes.

At command prompt type: pico /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:

Code:
#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::

Uncomment and change

#Port 22

to look like

Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)

Uncomment and change

#Protocol 2, 1

to look like

Protocol 2

Uncomment and change

#ListenAddress 0.0.0.0

to look like

ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)

Note 1: If you would like to disable direct Root Login, scroll down until you find

#PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.

Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.

Now restart SSH

At command prompt type: [B]/etc/rc.d/init.d/sshd restart[B]

Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.

Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.

Disable Telnet

To disable telnet, SSH into server and login as root.

At command prompt type: pico -w /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

At command prompt type: /etc/init.d/xinetd restart

Server e-mail everytime someone logs in as root

To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.

At command prompt type: pico .bash_profile

Scroll down to the end of the file and add the following line:

echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com

Save and exit.

Set an SSH Legal Message

To an SSH legal message, SSH into server and login as root.

At command prompt type: pico /etc/motd

Enter your message, save and exit.

Note: I use the following message…

Code:
ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.

This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.

Now everytime someone logs in as root, they will see this message… go ahead a try it.

Disable Shell Accounts

To disable any shell accounts hosted on your server SSH into server and login as root.

At command prompt type: locate shell.php

Also check for:

locate irc
locate eggdrop
locate bnc
locate BNC
locate ptlink
locate BitchX
locate guardservices
locate psyBNC
locate .rhosts

Note: There will be several listings that will be OS/CPanel related. Examples are

/home/cpapachebuild/buildapache/php-4.3.1/ext/ircg
/usr/local/cpanel/etc/sym/eggdrop.sym
/usr/local/cpanel/etc/sym/bnc.sym
/usr/local/cpanel/etc/sym/psyBNC.sym
/usr/local/cpanel/etc/sym/ptlink.sym
/usr/lib/libncurses.so
/usr/lib/libncurses.a
etc.

Disable identification output for Apache

To disable the version output for proftp, SSH into server and login as root.

At command prompt type: pico /etc/httpd/conf/httpd.conf

Scroll (way) down and change the following line to

ServerSignature Off

Restart Apache

At command prompt type: /etc/rc.d/init.d/httpd restart

 

3 ) These are applications that will help to secure your server.

Install chkrootkit

To install chrootkit, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

At command prompt type: tar xvzf chkrootkit.tar.gz

At command prompt type: cd chkrootkit-0.44

At command prompt type: make sense

To run chkrootkit

At command prompt type: /root/chkrootkit-0.44/chkrootkit

Make sure you run it on a regular basis, perhaps including it in a cron job.

Install APF Firewall

To install APF, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

At command prompt type: tar -xvzf apf-current.tar.gz

At command prompt type: rm -f apf-current.tar.gz

At command prompt type: cd apf-0.9.4-6

At command prompt type: sh ./install.sh

After APF has been installed, you need to edit the configuration file.

At command prompt type: cd /etc/apf

At command prompt type: pico -w conf.apf

Scroll down and find

USE_DS=”0″

change it to

USE_DS=”1″

Now scroll down and configure the Ports. The following ports are required for CPanel:

Code:
Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"

Note: If you changed the port for SSH, be sure to include that port and remove port 22.

—–
21 FTP (TCP)
22 SSH (TCP)
25 SMTP (TCP)
53 DNS – Domain Name Server (TCP)
80 HTTP (TCP)
110 POP3 (TCP)
143 IMAP (TCP)
443 HTTPS (TCP)
465 sSMTP (TCP)
953 ??BIND??
993 IMAP4 protocol over TLS/SSL (TCP)
995 POP3 protocol over TLS/SSL (was spop3) (TCP)
2082 CPANEL (http://sitename.com:2082) (TCP)
2083 CPANEL SSL (https://sitename.com:2083) (TCP)
2084 entropychat server (disable from CPANEL service manager if not used) (TCP)
2086 WHM (http://sitename.com:2086) (TCP)
2087 WHM SSL (https://sitename.com:2087) (TCP)
2095 WebMail (http://sitename.com:2095) (TCP)
2096 WebMail SSL (https://sitename.com:2096)
3306 mySQL remote access (TCP)
6666 Melange chat Server (disable from CPANEL service manager if not used) (TCP)
7786 Interchange (TCP)
3000_3500
—–
5100 for ASP,
8080 and 8443 for JSP if you use them.
—–

Code:
Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53,6277

—–
53 DNS – Domain Name Server
6277 SpamAssassin / DCC (email scanning)
—–

Code:
Common ICMP (inbound) types
IG_ICMP_TYPES="3,5,11,0,30,8"

—–
0 Echo Reply
3 Destination Unreachable
5 Destination Unreachable
8 Echo
11 Time Exceeded
30 Traceroute
—–

Code:
Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703,3306"

—–
21 FTP
25 SMTP
37 Required for CPANEL Licensing
53 DNS – Domain Name Server
80 HTTP
110 POP3 (if you have scripts that need to retrieve email via POP, e.g. HelpDesk)
113 Authentication Protocol (AUTH)
123 NTP (Network Time)
443 HTTPS
43 WHOIS
873 rsync (CPanel updates)
953 BIND ??
2089 Required for CPANEL Licensing
2703 Razor (email scanning)
3306 mySQL remote access
—–

Code:
Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,873,953,6277"

—–
20 ftp-data
21 FTP
53 DNS – Domain Name Server
873 rsync
953 BIND ??
6277 SpamAssassin / DCC (email scanning)
—–

Code:
Common ICMP (outbound) types
EG_ICMP_TYPES="all"

Save the changes then exit.

To start APF

At command prompt type: /usr/local/sbin/apf -s

APF commands are:

-s start
-r restart
-f flush – stop
-l list
-st status
-a HOST allow HOST
-d HOST deny HOST

Log out of SSH and then login again.

After you are sure everything is working fine, change the DEV option

At command prompt type: cd /etc/apf

At command prompt type: pico -w conf.apf

Scroll down and find

DEVM=”1″

change it to

DEVM=”0″

Save changes, exit and then restart firewall,

At command prompt type: /usr/local/sbin/apf -r

Install BFD (Brute Force Detection)

To install BFD, SSH into server and login as root.

At command prompt type: cd /root/

At command prompt type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

At command prompt type: tar -xvzf bfd-current.tar.gz

At command prompt type: cd bfd-0.4

At command prompt type: ./install.sh

After BFD has been installed, you need to edit the configuration file.

At command prompt type: pico /usr/local/bfd/conf.bfd

Under Enable brute force hack attempt alerts:

Find

ALERT_USR=”0″

and change it to

ALERT_USR=”1″

Find

EMAIL_USR=”root”

and change it to

EMAIL_USR=”your@email.com”

Save the changes then exit.

To start BFD

At command prompt type: /usr/local/sbin/bfd -s

Modify LogWatch

Logwatch is a customizable log analysis system. It parses through your system’s logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. Logwatch is already installed on most CPanel servers.

To modify LogWatch, SSH into server and login as root.

At command prompt type: pico -w /etc/log.d/conf/logwatch.conf

Scroll down to

MailTo = root

and change to

Mailto = your@email.com

Note: Set the e-mail address to an offsite account incase you get hacked.

Now scroll down to

Detail = Low

Change that to Medium, or High…

Detail = 5 or Detail = 10

Note: High will give you more detailed logs with all actions.

Save and exit.

 

Finally a breif description

Here’s a starter:

1. Limit SSH root access to a fixed list of IP address
2. Ensure WHM/cPanel and other server software are fully updated with latest patches.
3. Auto-email a report for all root access logins
4. Disallow telnet access
5. Change cpanel//ftp passwords regularly
6. Install ‘bruteforce detection’ script: auto-blocks repeated frequent attempts to login. eg. http://www.rfxnetworks.com/bfd.php (there’s a ‘how-to’ install here: http://www.webhostgear.com/60.html)
7. Firewall the server eg. http://www.rfxnetworks.com/apf.php
8. Turn off non-essential/unnecessary services (does anyone know of a list of what these might be?)

Firewalls
APF
http://www.rfxnetworks.com/apf.php

Intrustion Detection Software

AIDE (Advanced Intrusion Detection Software)
http://sourceforge.net/projects/aide
Tripwire (…is a tool that checks to see what has changed on your system)
http://sourceforge.net/projects/tripwire/ (open source version)
http://www.tripwire.com/products/ (commercial version)

Other Related cPanel Threads
A Beginner’s Guide to Securing Your Server

General Website Resources on Security

http://www.webhostgear.com/cid_6.html (some great ‘securing servers’ tutorials here)
www.linuxsecurity.com
http://www.webhostingtalk.com/showth…hreadid=307474 (how-to secure cPanel)
http://forums.servermatrix.com/viewt…t=2198&start=0 Improving System Security on cPanel Systems (Servermatrix forum)

 

Published in: on November 17, 2010 at 6:31 pm  Comments Off on Security Inside WHM/CPanel  

plesk details

http://www.parallels.com/products/plesk/resources/#customatization-lin

Published in: on October 27, 2010 at 6:49 pm  Comments Off on plesk details  

Install DomainKeys on a C-Panel

How to install DomainKeys on a specific domain.

1. First check that you are running the latest version on RELEASE or CURRENT of cPanel 11.
2. Run the script

/usr/local/cpanel/bin/domain_keys_installer username

Where username is the cPanel user.

If you get an error similar to “Domain keys are not installed on this machine.” you either are not running the latest release or current version of cPanel or you have not converted yet to maildir. Maildir conversion is required before you install DomainKeys.
You will find an article about converting to maildir on this site !

Ok, we just installed DomainKeys for a domain, but how about if we want to install it for all the domains (users)?
Well I found the solution just a few days ago on a public forum. Someone wrote a nice bash script that will parse all the cpanel users and then run the installation for each of them.

for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/domain_keys_installer $i ;done

Ok, but what about if we want that every new created account to have DomainKeys installed. Well this is a bit harder to do.
I recommend editing /scripts/postwwwacct and adding:

my %OPTS = @ARGV;
my $user = $OPTS{’user’};
/usr/local/cpanel/bin/domain_keys_installer $user

Now test this by creating a new account.

Published in: on October 13, 2010 at 12:12 pm  Comments Off on Install DomainKeys on a C-Panel