Solved

How to protect a vps server against virus and hacking?

Posted on 2014-12-01
8
294 Views
Last Modified: 2014-12-03
HI

We have a Linux Server (VPS) configured with WHM and Cpanel in order to offer hosting services, there are more than 60 sites and everything used to be working very well, but since a few months ago we have had alot of virus and hacking issues. I know this situations should be fixed by the datacenter but we need to to develop a strategy in order to prevent and/or correct those problems faster and even before than datacenter.

We would like your suggestions about a list of points to be performed during continuous monitoring in order to avoid these problems.

Thanks in advance.
0
Comment
Question by:dimensionav
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40474317
Which virus? How did you find it?
0
 

Author Comment

by:dimensionav
ID: 40474434
Well basically has been malicious code (maybe I should call it malware) and defacement (like the attached image).

In other cases the hacker could get into WHM and create new hostings.
defaced.jpg
0
 
LVL 25

Accepted Solution

by:
madunix earned 334 total points
ID: 40474576
I use rkhunter and chkrootkit. I run them regularly.
Make sure you have a good last Backup, Firewall protection, Patches, Updates Auditing and Logging.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 62

Expert Comment

by:gheist
ID: 40474737
First rule of incident handling is not to lie to people trying to help you.
0
 

Author Comment

by:dimensionav
ID: 40474862
gheist:
I am sorry if I didn't explain myself correctly, but I believe "lie" does not fit in this conversation.
0
 

Author Comment

by:dimensionav
ID: 40475842
Madunix,  how would you recommend to do the Auditing and Loggin?
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 334 total points
ID: 40475876
I think, it is essential to collect logs of various services on the server and analyse them carefully at periodic time. To enable logging all commands by a specific user I would suggest you to use audit logs by using "audit" utility, it works by allowing users to write rules that can log a wide variety of events. You can also configure more restrictive access on the server itself by having deploying tools like psad and fwsnort with firewall policy generated by APF.

Please refer to the following document carefully before implementing them on the server.
Advanced Policy Firewall: http://www.rfxn.com/projects/advanced-policy-firewall/
PSAD : http://cipherdyne.org/psad/
fwsnort : http://cipherdyne.org/fwsnort/
Securing VPS: https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
0
 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 166 total points
ID: 40476109
You should look to do defense in depth.

An example program you can look into installed is Artillery from Trusted Sec. Artillery can proactively block from several different styles of attacks.

https://www.trustedsec.com/artillery/

Also follow the above guides posted by madunix.

Then the two most important pieces:
1. Consider firing up another VPS which acts as just a firewall/web app firewall. Here is an example of an open source WAF - https://www.modsecurity.org/. Configure the traffic so all traffic destined to the web server has to go through the WAF first. The WAF will be able to protect against many web application attack vectors.. and also give you ACL capabilities.

Qualys also has a cloud WAF option - https://www.qualys.com/enterprises/qualysguard/web-application-firewall/ 

2. The key piece to remember here is web application security. You can secure the OS as much as you want but if your web sites running are poorly coded, you are still open to attack. And with 60 sites running on the same VPS, the entire server is only as secure as the most insecure web site running on it. So 59 websites could be coded with best practices but that last website have security flaws and it causes everything to be compromised. So ensuring secure websites is going to be crucial to your success.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 179
New firewall implementation guidance 12 89
Cisco 3650 switch 7 45
How to change the nameserver on Ubuntu Server 6 48
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question