Thread: Securing Your Server?
View Single Post
  #2  
Old 03-12-2006, 03:30 AM
Trigunflame's Avatar
Trigunflame Trigunflame is offline
 
Join Date: Aug 2002
Posts: 742
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by AdminNation
In the past week or so we've had countless attempts at people trying to hack into our sever, most noteably when somebody tried to get FTP access to corrupt files, but made sure to spoof an admin IP so it would go unnoticed. So, as you can imagine, we're starting to get a bit paranoid. Aside from install most of the 3.5.2-4 security hacks on this board (which was already somewhat planned), what else can be done in terms of server configuration, software, firewall settings, ect to help better secure our box?
Lockdown php with open_basedir for PHP stuff.
Server side, compile a monolithic kernel with grsec, preferably a 2.6.x build.
As for FTP server, it depends which you are using and if its chrooted or not.
Chroot your nameserver, webserver, and FTP if its not already along with any other public services.
Firewall settings are going to be geared mainly towards deflecting illegitimate traffic, that being udp floods, tcp connections, concurrent request etc..
Prevent direct root login, make sure you have to login as a system user first then su- to root; also change SSH to a higher level port thats not currently in use, possibly change ftp to another port as well.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01162 seconds
  • Memory Usage 1,763KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete