Harden SSH Access (Change Port)
In this post/article i will describe how to increase your security to prevent hacking attacks from the SSH server. You should apply some configurations and tweaks on the SSH server to ensure the maximum security of your server.
Follow the below instructions:
- Login to your server through SSH with root access.
Change SSH Port:
The first step of this tutorial is to change the default port of the SSH server. This is most usable way to protect your server from SSH attacks.
# nano /etc/ssh/sshd_config
- Find the line in that page:
What ports, IP and Protocols we listen for
- Change the Port 22 to any integer you like e.g:
- and save the configurations. Restart the SSH server:
# service sshd restart
Note: You should not use the port number that is already being used by another services
How do i secure my server ?
In this article i will describe best methods, techniques and tools to secure a VPS or Dedicated Server especially having WHM/cPanel as web hosting control panel.
It is very necessary to ensure the 99.9% security of the server so you will be stay safe from hackers. Follow the below steps to secure your server.
First of all you should install any firewall software that limits the access to your server on some ports and blocks the ip whether temporarily or permanantly.
I would suggest you CSF with BFD or APF. Tutorial on installing CSF is already discussed see here :
Harden SSH Access
SSH attacks are often used method to access the server through bots, Most servers get hacked from SSH server, to prevent the SSH attacks you need to harden your SSH server security to do this you should consider the following instructions:
- Run SSH on other port rather than default port 22
- Disable root login
- User only protocol 2
- Enable public key authentication
Installing ClamAV antivirus tool on your server
In this post i will describe how to install ClamAV an antivirus tool on your linux OS server.
What is ClamAV:
ClamAV is an antivirus tools, which allows you to scan each file on you server, it provides fast scanning of all files including emails, attachments and uploaded files.
It provides the facility to scan those files that are being uploaded, a real time scanning can be achieved with it. It does scan for malicious scripts and for trojans.
You must have this tool installed on the server specially if you are web hosting provider.
- Login to your server through terminal or ssh with root privileges
- Run the following commands:
# wget http://downloads.sourceforge.net/clamav/clamav-0.97.2.tar.gz
# tar -xvzf clamav-0.97.2.tar.gz
# cd clamav-0.97.2 #groupadd clamav
# useradd clamav -g clamav -c “Clam AntiVirus” -s /nonexistent .
# make install
# cd ..
- And you are done, now can run your first scan by this command:
# clamscan -r
# clamscan –remove Read More
Installing CSF to prevent DDos Attacks
In this post i will describe how to install CSF (Config Server Security and FireWall) on the linux based Operating system.
A short description of CSF :
CSF provides security improvements and protects your server from various attacks including DDOS. It provides better security as compared to others and the mostly hosting providers are using it to secure their server from hackers. I recommend you to install it on your server whether it is VPS of Dedicated box.
- Login to you server through terminal with root privileges.
- Type following commands:
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh
- it will take less than 5 minutes to be installed completely, afterward you must run the following command to ensure the required iptables modules are installed to function properly:
# perl /etc/csf/csftest.pl
- And the report will be shown with the suggestions.
- Now just navigate to the directory where you have installed CSF by executing following command:
# cd /etc/csf Read More
DMCA Notice UDP Outgoing flood resolution
In this post i will discuss about the DMCA notice that i have received some times ago. In that notice they have mentioned my server is being used to DDos to some other server via UDP ports. In other words my server was being used to launch DDos Attack on other server via UDP. i had search on google but did not able to find any proper solution to this problem and my bandwidth usage suddenly increased to 2TB+ in a day that was my monthly bandwidth usage before the notification. So i started searching to solve the issue and after 1 month i got a solution that is to check the each account for malicious scripts.
cPanel does not record outgoing traffic on UDP ports for the accounts, the only way to check the outbound traffic is bandmin that is available within cPanel.
You can see all traffic whether it is inbound or outbound from bandmin, to do so go to your browser and type : http://yourdomain.com/bandwidth at this point you will be asked to provide username and password for bandmin that can be changed from cPanel/WHM. Just find the option Bandmin Password Under Service Configuration in you WHM panel’s left side. Change the password and then use it to login to your bandmin stats from http://www.yourdomain.com/bandwidth Read More