Disable Sym links on linux WHM/cPanel

Disabling SYM links is not a tough task on WHM/cPanel based servers, however you might not found proper way to do this, here is the quick code for disabling symlinks.

Why disabling symlinks is necessary for non-root users?

Gaining access to other accounts hosted on cPanel/WHM hosting servers is done by symbolic links, hackers usually create symbolic links on an hacked account to gain access to files hosted on other accounts so other accounts can be accessible through those symbolic links. To deal with this issue system administrator should disable symbolic links creation for non-root users.

  • Login to WHM/cPanel server via SSH with root access.
  • execute following commands:
  • $ wget http://layer1.rack911.com/before_apache_make -O
  • $ /scripts/before_apache_make
  • $ chmod 700 /scripts/before_apache_make
  • And then recompile apache by previous saved profile:
  • $ /scripts/easyapache

That is all, you can also check for any symbolic links already created:

  • $ find /home*/*/public_html -type l

    This will output directories and files those are sym linked.

Have fun!

How to deal with hackers for web server? Sym links solution

Nowadays hacking becomes more ordinary, and most web hosting companies are being targeted and there is no proper solution to prevent or to make your server 100% secure.

As a web hosting provider, we do always try to secure our servers from the hackers sometime it works but sometimes we failed.

Today i want to describe some commands for Linux WHM/cPanel based servers commands to make your server secure not 100% but it works out of the box. As i am using these commands to not prevent server from hacking but these commands are very useful and does not allow hackers to do anything on the server with other accounts.

I assume, you already familiar with the sym links those are auto-created on the linux based servers, they allow hackers to create link directory/files with the other accounts, so they can access other accounts those are related to other cPanel accounts on the server.

If you disable sym links on the server, hackers cannot hack into your server or if they are able to hack one account, other accounts will remain safe and will not get affected.

Well, disabling sym links is not the proper solution and also disturbs functionality of some scripts on the server like joomla and wordpress.

Here i would like to describe some linux commands those are used to prevent creation of new symlinks in the root directory of an account, on cPanel it is public_html.

Follow the following steps to:

  • Login to your server via ssh with root access.
  • Now make a check if there are sym links  already created on the server.
  • Execute following command for cPanel:
  •  # find /home*/*/public_html -type l
  • Above command will display all the sym links for all cPanel accounts created in public_html and sub directories if any.
  • Now, add a cron job to check for sym links  and remove them if found, you can set any interval, in the below command i set it to every minutes.
  • So the command checks and removes all sym links inside the public_html directory and their sub directories.
  • Execute the following commands to add cron job:
  • # crontab -e
  • A crontab file will be opened in default text-editor.
  • Go to last line and add below command:
  • */5 * * * * find /home*/*/public_html -type l -exec rm -rfv {} \;
  • Now, save your crontab file to make it functional.
  • And you’re done, this will check for sym links inside public_html directory and will remove them if found.
  • TIP: you can also change the location of your directory for other control panels, by replacing /home*/*/public_html
  • Note: Do not execute command on system directories, your server will be destroyed and will become unstable.

That is all, comments are welcome : ) if it works for you.

Configuring WHM/cPanel tweak settings from SSH

You can also configure/alter tweak settings for WHM/cPanel from SSH terminal.

Follow the steps:

  1. Login to SSH via Putty or any terminal with root privileges.
  2. Run following command:
    • nano /var/cpanel/cpanel.config
  3. Make changes accordingly and save the file, after making changes run below command:
  4. /usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings

Installing mod_evasive for apache in cPanel server

What is mod_evasive ?

Mod_evasive helps apache to protect the server from DDOS attacks and bruteforce attacks, if you are getting too many attacks you should consider installing it on cPanel/WHM based servers. Follow the below steps to install/configure it:

  • Login to your server
  • Execute following commands:
  • # cd /usr/local/src/
  • # wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
  • # tar -xvzf mod_evasive_1.10.1.tar.gz
  • # cd mod_evasive
  • # /usr/local/apache/bin/apxs -cia mod_evasive20.c

Now create new file by executing and add the below code into it:

  • # nano /usr/local/apache/conf/mod_evasive.conf

LoadModule evasive20_module modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 10
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

Now include the above file inside /usr/local/apache/conf/includes/pre_main_global.conf

Include “/usr/local/apache/conf/mod_evasive.conf”

  • Rebuild apache configuration files:
  • # /scripts/rebuildhttpdconf
  • Restart Apache:
  • # service httpd restart

And you’re done!

Let me know if you have any issue while installing/configuring mod_evasive.

Installing ClamAV antivirus tool on your server

In this post i will describe how to install ClamAV an antivirus tool on your linux OS server.

What is ClamAV:

ClamAV is an antivirus tools, which allows you to scan each file on you server, it provides fast scanning of all files including emails, attachments and uploaded files.

It provides the facility to scan those files that are being uploaded, a real time scanning can be achieved with it. It does scan for malicious scripts and for trojans.

You must have this tool installed on the server specially if you are web hosting provider.

Installation:

  • Login to your server through terminal or ssh with root privileges
  • Run the following commands:

# cd
# wget http://downloads.sourceforge.net/clamav/clamav-0.97.2.tar.gz
# tar -xvzf clamav-0.97.2.tar.gz
# cd clamav-0.97.2 #groupadd clamav
# useradd clamav -g clamav -c “Clam AntiVirus” -s /nonexistent .
# /configure
# make
# make install
# cd ..

  • And you are done, now can run your first scan by this command:

# clamscan -r
OR
# clamscan –remove Read More