In Linux servers, more than 60 binaries and major services such as SSH, Named, Bash etcrely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots() and an attacker could use this flaw to execute arbitrary code with the privilege of the users running the application using the function gethostbyname() Check if your server is GHOST vulnerable If the glibc version in your server is lower than 2.18, then your server is most exposed to this vulnerability. You can check the glibc version in your server using …
Category:
Server Security
FirewallD is a new firewall suite being introduced to Linux distribution. At present, the all-new popular CentOs 7 has it as the default firewall suite which in near future will be implemented in servers. FirewallD, as usual, was developed by the Fedora community and was implemented in the 20th version of the same. It is also being used in arch Linux and others till the date. FirewallD is a dynamic firewall, dynamic in the sense that any change in the firewall will be implemented as soon as the amendment is …
Portsentry is a tool to detect port scans and log it. Once a host is targeted by an attacker, a port scan is almost always performed. PortSentry detects such scans by monitoring the unused ports on the host. Upon a connection attempt to one of the unused ports, PortSentry is alerted and has the ability to issue a number of commands in response to the scan. Installation # cd /usr/src/ # wget http://sourceforge.net/projects/sentrytools/files/latest/download
If you inspect your server’s error logs, you may see that many visitors (for the most part robots) constantly request access to things they should not be allowed to see. If you see that such access are suspicious and they are trying to spam your forum or hijack your mail program, you may need to deny access from those IP’s. Collecting such offending IP addresses by manually inspecting your logs across your site can become a full-time job. In such cases, you may block access to the site on Country …
Spam is most often considered to be electronic junk mail or junk newsgroup postings. It may be defined even more generally as any unsolicited email. Generally, spamming can happen in three ways. 1. By hacking an email account which has a simple password, which is easy to guess. 2. By uploading script on the server which sends out mails at regular intervals. 3. Via forum or newsletters scripts which are sending mass emails. A fix to a spamming issue means : * Block the IP address if it is an …
A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X. Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability could allow an attacker to gain control over a targeted computer if exploited successfully. And because Bash is everywhere on Linux and Unix-like machines and interacts with all parts of the operating system, everyone anticipates that it will have lot of repercussions. How does Shellshock work? Shellshock exploits a flaw in how …
Denial-of-service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. This attack generally target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. DoS attacks are implemented by either forcing the targeted computer to reset, or consuming its resources so that it can no longer provide its services or obstructs the communication media between the users and the victim so that they can no longer …
DNS is a very important part in any Network. Main objective of securing DNS includes secure exchange of data between DNS servers. Securing DNS queries, Zone transferes and DNS updates can be included in securing DNS. Here, we have mentioned two methods to secure DNS. ie, Securing dns through chroot and by editing named.conf. Please make sure that you have taken the backup of named.conf 1. Securing dns through chroot :- Chroot function is a powerfull mechanism to secure the system. Chroot command uses a chroot() system call.
SSH is a tool for secure remote login over insecure networks. It provides an encrypted terminal session with strong authentication of both the server and client, using public-key cryptography. 1. Use Strong Passwords/Usernames choose passwords that contains: Minimum of 8 characters Mix of upper and lower case letters Mix of letters and numbers Non alphanumeric characters (e.g. special characters such as ! ” $ % ^ etc)
Login into you server with the root login details and run following command [root@server]# /usr/local/cpanel/bin/rebuild_phpconf –current If server is Suexec then result would look like ============== DEFAULT PHP: 5 PHP4 SAPI: suphp PHP5 SAPI: suphp SUEXEC: enabled ============== If you are not sure about Shell then you can also check the SuExec is enabled or not from your WHM. Login into your WHM and in the menu find Configure PHP and SuExec Check the drop down box for “PHP 4/5 Handler” – and if beside that it says “suPHP” – …