Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
August 28, 2014, 03:13:49 AM

Pages: [1]   Go Down
  Print  
Author Topic: Security Best Practices  (Read 7752 times)
clwill
Newbie
*
Offline Offline

Posts: 1


« on: August 01, 2007, 06:51:27 AM »

I am hosting several sites (on another host) and moving to a dedicated server on Lunarpages.  Some of these sites are being attacked in a variety of ways.

First it was DDoS attacks, but moving to a dedicated server and vigorously tuning the performance of the sites seems to have mitigated that problem.

Now they are doing some form of attack that eats up all the CPU and memory on the system.  I'm not sure what it is, but there are no SSH logins to the root (other than me), I have the tmp directory stuff done (see other thread), I believe I have all the directories protected correctly, but clearly the machine is compromised.  It just grinds to a halt, and the memory is just slammed.

So, my question is, can anyone give me a pointer to some security best practices?  What could someone be doing that's slamming the machine like that?  Is there some way to audit a machine to see if I have anything open that would allow this kind of thing?

I want to protect this new Lunarpages machine the best I can before I move the sites there.  I appreciate any help you can offer.
Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #1 on: August 02, 2007, 12:09:21 AM »

Hi,

I would recommend to determine what is excessively hitting CPU and memory of your server first to be able then to fight against the cause. If your server has cPanel, you would check CPU/Memory/MySQL usage stats in WHM. Running the "top" command in shell could also help you in figuring out which processes are the most CPU and memory consuming.
Logged

Kind Regards,
Vlad Artamonov
Jedi_Johnny
Trekkie
**
Offline Offline

Posts: 10


« Reply #2 on: January 28, 2009, 11:12:22 AM »

Here are some links to security resources:

For MS Windows:  Microsoft Baseline Security Analyzer
http://technet.microsoft.com/en-us/security/cc184924.aspx

From SANS.org here is a pdf on general system administration security best practices:
http://www.sans.org/reading_room/whitepapers/bestprac/system_administrator_security_best_practices_657?show=657.php&cat=bestprac

In a nutshell:

1. keep software patched and up to date
2. disable unused services
3. enable and audit system logs for suspicious activity and errors aon a regular basis
4. configure a firewall, block IPs that attack for a finite period of time (like a month)
5. use complex passwords and change them every 90 days
6. run scheduled anti-virus (on windows) and rkhunter (on linux) checks
7. make backups of your data (user directory, database, system config files, website document root, application data) and do not store backup archives on server
8. only install applications that are well known and trusted, ** this applies to PHP and other CGI scrips in particular **
9. monitor Technical Cyber Security Alerts ( http://www.us-cert.gov/cas/techalerts/index.html ) for new security issues that might affect software you are running
10. apply these best practices to workstations used to log into server and/or develop applications for server

Free online scan for Windows systems:
http://housecall.trendmicro.com/

Free standalone virus scanner, stinger:
http://vil.nai.com/vil/stinger/

Remember, security is an ongoing process -- not something you achieve and can forget about!
« Last Edit: March 24, 2009, 11:37:29 PM by Jedi_Johnny » Logged
Jedi_Johnny
Trekkie
**
Offline Offline

Posts: 10


« Reply #3 on: February 06, 2009, 03:05:19 PM »

While setting up a server recently I found some more good security resources.

This is a little outdated, and people should be careful not to just blindly follow the steps listed, but over all this is an excellent security walkthrough:

http://SecureCentos.com - The Centos Secured LAMP Project

This web application scanner, burp suite, looks good as well:
http://portswigger.net/suite/

Here are some more references:

 "General System Security" is Chapter 5 from the online Hands-on Guide to Red Hat Linux.
http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/gen-syssecured.html

3 part paper at IBM "Securing Linux"
http://www.ibm.com/developerworks/linux/library/l-seclnx1.html?S_TACT=105AGX03&S_CMP=EDU

Also at IBM, "Automate backups on Linux"
http://www.ibm.com/developerworks/linux/library/l-backup/
« Last Edit: March 24, 2009, 11:36:28 PM by Jedi_Johnny » Logged
Jedi_Johnny
Trekkie
**
Offline Offline

Posts: 10


« Reply #4 on: March 11, 2009, 12:26:47 AM »

Microsoft's MBSA can also be run from the command line.  Here is a great article from Techrepublic.com:
http://articles.techrepublic.com.com/5100-10878_11-5230268.html

FAQ for MBSA 2
http://technet.microsoft.com/en-us/security/cc184922.aspx

FAQ for MBSA 1
http://technet.microsoft.com/en-us/library/dd277352.aspx

List of recent Microsoft security updates
http://www.microsoft.com/protect/computer/updates/bulletins/default.mspx
Logged
Jedi_Johnny
Trekkie
**
Offline Offline

Posts: 10


« Reply #5 on: March 24, 2009, 11:32:13 PM »

A recent slashdot.org posting links to HP SWFScan http://www.hp.com/go/swfscan
-- "a free Windows-based security tool to help developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform"

http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/exposing-flash-application-vulnerabilities-with-swfscan.aspx

Other flash scanners

flare works on Linux, OS X, and Windows
http://www.nowrap.de/flare.html

SWF Intruder for Windows and Linux
https://www.owasp.org/index.php/Category:SWFIntruder

Be sure to look at the Powerpoints by Stefano Di Paola on the SWF page!


Logged
Jedi_Johnny
Trekkie
**
Offline Offline

Posts: 10


« Reply #6 on: April 13, 2009, 04:07:36 PM »

I found a good link from Microsoft about detecting SQL injection vulnerabilities:

http://blogs.technet.com/srd/archive/2008/06/24/new-tools-to-block-and-eradicate-sql-injection.aspx

the page links to a great windows scanner by HP:  scrawlr

https://download.spidynamics.com/Products/scrawlr/
Logged
Annie
Newbie
*
Offline Offline

Posts: 1


« Reply #7 on: September 25, 2010, 01:53:24 AM »

Dedicated Server Providers usually offer the ability to select the software you want installed on a dedicated server. Depending on the overall usage of the server, this will include your choice of operating system, database, and specific applications. Servers can be customized and tailored specific to the customer’s needs and requirements
Dedicated hosting server providers utilize extreme security measures to ensure the safety of data stored on their network of servers. Providers will often deploy various software programs for scanning systems and networks for obtrusive invaders, spammers, hackers, and other harmful problems
A dedicated hosting service, dedicated server, or managed hosting service is a type of Internet hosting in which the client leases an entire server not shared with anyone.
« Last Edit: September 25, 2010, 02:50:52 AM by katrina1 » Logged
Pages: [1]   Go Up
  Print  
 
Jump to: