Install Mod_Evasive on apache

In this tutorial i will describe how to install MOD_EVASIVE on a VPS or Dedicated Server, it offers protection against DDoS attacks on the server and is a apache module.

Installation:

  • Login to your server through SSH with valid root details.
  • Run these commands:
# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
# tar zxf mode_evasive-1.10.1.tar.gz
# cd mod_evasive
  • Then run following command for apache:
# > /usr/sbin/apxs -cia mod_evasive20.c
  • It will install the mod_evasive on the server.
  • Now you would need to edit httpd.conf file, to do so follow instructions:
  • Open the httpd.conf file in nano text editor
# nano /etc/httpd/conf/httpd.conf
  • And place the following lines into it:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>
And you are done, this will install and activate Mod_Evasive on the server.
Feedback are welcome 🙂

Harden SSH Access (Change Port)

In this post/article i will describe how to increase your security to prevent hacking attacks from the SSH server. You should apply some configurations and tweaks on the SSH server to ensure the maximum security of your server.

Follow the below instructions:

  • Login to your server through SSH with root access.

Change SSH Port:

The first step of this tutorial is to change the default port of the SSH server. This is most usable way to protect your server from SSH attacks.
# nano /etc/ssh/sshd_config
  • Find the line in that page:
What ports, IP and Protocols we listen for
Port 22
  • Change the Port 22 to any integer you like e.g:
Port 2011
  • and save the configurations. Restart the SSH server:
# service sshd restart
Note: You should not use the port number that is already being used by another services

How do i secure my server ?

In this article i will describe best methods, techniques and tools to secure a VPS or Dedicated Server especially having WHM/cPanel as web hosting control panel.

It is very necessary to ensure the 99.9% security of the server so you will be stay safe from hackers. Follow the below steps to secure your server.

Install FireWall

First of all you should install any firewall software that limits the access to your server on some ports and blocks the ip whether temporarily or permanantly.

I would suggest you CSF with BFD or APF. Tutorial on installing CSF is already discussed see here :

http://websterz.info/security/installing-csf-to-prevent-ddos-attacks/

 

Harden SSH Access

SSH attacks are often used method to access the server through bots, Most servers get hacked from SSH server, to prevent the SSH attacks you need to harden your SSH server security to do this you should consider the following instructions:

  • Run SSH on other port rather than default port 22
  • Disable root login
  • User only protocol 2
  • Enable public key authentication
You can see full tutorial here Read More

Installing ClamAV antivirus tool on your server

In this post i will describe how to install ClamAV an antivirus tool on your linux OS server.

What is ClamAV:

ClamAV is an antivirus tools, which allows you to scan each file on you server, it provides fast scanning of all files including emails, attachments and uploaded files.

It provides the facility to scan those files that are being uploaded, a real time scanning can be achieved with it. It does scan for malicious scripts and for trojans.

You must have this tool installed on the server specially if you are web hosting provider.

Installation:

  • Login to your server through terminal or ssh with root privileges
  • Run the following commands:

# cd
# wget http://downloads.sourceforge.net/clamav/clamav-0.97.2.tar.gz
# tar -xvzf clamav-0.97.2.tar.gz
# cd clamav-0.97.2 #groupadd clamav
# useradd clamav -g clamav -c “Clam AntiVirus” -s /nonexistent .
# /configure
# make
# make install
# cd ..

  • And you are done, now can run your first scan by this command:

# clamscan -r
OR
# clamscan –remove Read More

Installing CSF to prevent DDos Attacks

In this post i will describe how to install CSF (Config Server Security and FireWall) on the linux based Operating system.

A short description of CSF :

CSF provides security improvements and protects your server from various attacks including DDOS. It provides better security as compared to others and the mostly hosting providers are using it to secure their server from hackers. I recommend you to install it on your server whether it is VPS of Dedicated box.

Installation:

  • Login to you server through terminal with root privileges.
  • Type following commands:

# cd
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh

  • it will take less than 5 minutes to be installed completely, afterward you must run the following command to ensure the required iptables modules are installed to function properly:

# perl /etc/csf/csftest.pl

  • And the report will be shown with the suggestions.
  • Now just navigate to the directory where you have installed CSF by executing following command:

# cd /etc/csf Read More

DMCA Notice UDP Outgoing flood resolution

In this post i will discuss about the DMCA notice that i have received some times ago. In that notice they have mentioned my server is being used to DDos to some other server via UDP ports. In other words my server was being used to launch DDos Attack on other server via UDP. i had search on google but did not able to find any proper solution to this problem and my bandwidth usage suddenly increased to 2TB+ in a day that was my monthly bandwidth usage before the notification. So i started searching to solve the issue and after 1 month i got a solution that is to check the each account for malicious scripts.

cPanel does not record outgoing traffic on UDP ports for the accounts, the only way to check the outbound traffic is bandmin that is available within cPanel.

You can see all traffic whether it is inbound or outbound from bandmin, to do so go to your browser and type : http://yourdomain.com/bandwidth at this point you will be asked to provide username and password for bandmin that can be changed from cPanel/WHM. Just find the option Bandmin Password Under Service Configuration in you WHM panel’s left side. Change the password and then use it to login to your bandmin stats from http://www.yourdomain.com/bandwidth Read More