Why use a foundry server iron load balancer
So what exactly is a server load balancer (SLB) and how is it going to help you?
An SLB is a rather expensive, but very effective, way to minimize downtime on an important website that requires 0 downtime. The load balancer that I have the most experience with is the foundry serveriron load balancer that ev1servers currently offers. The primary gain from a load balancer is the ability to host one, or a small group, of websites easily on multiple servers without having to rely on unbalanced solutions like round robin (RR) dns. The load balancer is configured so that each website has a single incoming IP and then when traffic hits the load balancer it will send it to which ever server has the least amount of connections. In this way if for some reason a server starts to slow down and the connections queue up it will stop sending them.
Mod_evasive
One way to stop one of the more basic attacks on a server is mod_evasive.This how-to will walk though the process of installing and configuring mod_evasive. This apache module will help protect against people sending too many requests to the webserver in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for This is especially useful when the server is continuously getting attacked. With this default configuration it will block the offending ip for 10 minutes. If it continues to try and flood mod_evasive will automatically add more time to this.
*Update* Feb 1 2005 - Now links to the latest version of mod_evasive from the old name of mod_dosevasive.
Security by obscurity
This guide will not actually help in a physical sense to secure your server but it help prevent against many automated attacks that attack based on version number. If a cracker is starting to probe your system for holes it is common to check all the version numbers for your services. This guide will disable some of the common system daemons from reporting what version they are. This is called security by obscurity and you should not rely on it! It is just one of the many little things that you can do to help lower your systems chance of getting hacked.
First we are going to hide the version information in apache.
—–command—–
pico /etc/httpd/conf/httpd.conf
—–command—–
Misc security tweaks
Miscellaneous system tweaks
In this guide I am going to go over some basic system tweaks that will help the security of your server. None of are that big of a deal but every little bit helps secure your server more.
Updated Feb 18 to include enabling syncookies
The first thing we are going to do is to enable tcp_syncookies by simply typing the following command.
—–command—–
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
—–command—–
(more…)
Secure temporary directories
How-To: Secure your temp directories
Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.
Syctl.conf Hardening
Configure APF Firewall
A firewall is a very good idea for a server. Though many people think that a firewall is instant protection that will do everything it really is not. A firewall will help prevent some things but it is not going to stop everything. It is just one piece of the security network that is being woven. I recommend advanced protection firewall (APF) by rfxnetworks. APF will block unused outgoing and incoming ports. It can also be configured to use information from some block lists. The below port list will work for cPanel. For the other control panels you will need to add in the administration ports.
Rkhunter Installation
security system is perfect and it is always good to have some forms of intrusion detection just incase somebody does get in you can be notified. Do not immediatly get worried if in an email you get a positive, many of them are false and from upgrades. I would first suggest running “rkhunter -c” from ssh and looking at the errors. If it is a few bad binaries you should check to see what was updated recently. If you have a rootkit detected you should start to worry because it is very uncommon for a false positive on a rootkit or trojan.
Download and unzip rkhunter
—–command—–
cd /usr/local/src/
wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
tar -zxf rkhunter-1.2.8.tar.gz
cd rkhunter
—–command—–
Auditd crashing
recent problem with RHEL and cPanel causes some servers to crash on a daily or every couple of days basis. The normal symptoms of this sort of crashing are having the server crashing at the same time every time that it crashes. If you are having these problems I would suggest that you go ahead and just disable the auditd for now since the system can run fine without it and it seems to be causing a lot of trouble for some people. The below has worked fine for me on hundreds of servers and should not cause any issues.chkconfig audit off
service audit stop
ps -ef | grep auditd
file Checking
dear sirs,
is there any way , idea , function … to put it into a .htaccess file .. to check a file content when somone request that file from the web ????
If somone hacked a web site and uploade a PHP shell … of course he will request it via
the web like http://site.com/phpshell.php
here i want someting to check that phpshell contente … if it find a shell script ..
it’s prevent it displaying via the web .. if itsn’t a shell script .. it’s allow for its request and display the file content ..
waiting foe early replay ..
and I’m so sorry for my bad English
thanks & best regards ..
-Ahmed,
« Older Posts — Newer Posts »