Solved

How to protect a vps server against virus and hacking?

Posted on 2014-12-01
8
267 Views
Last Modified: 2014-12-03
HI

We have a Linux Server (VPS) configured with WHM and Cpanel in order to offer hosting services, there are more than 60 sites and everything used to be working very well, but since a few months ago we have had alot of virus and hacking issues. I know this situations should be fixed by the datacenter but we need to to develop a strategy in order to prevent and/or correct those problems faster and even before than datacenter.

We would like your suggestions about a list of points to be performed during continuous monitoring in order to avoid these problems.

Thanks in advance.
0
Comment
Question by:dimensionav
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Which virus? How did you find it?
0
 

Author Comment

by:dimensionav
Comment Utility
Well basically has been malicious code (maybe I should call it malware) and defacement (like the attached image).

In other cases the hacker could get into WHM and create new hostings.
defaced.jpg
0
 
LVL 25

Accepted Solution

by:
madunix earned 334 total points
Comment Utility
I use rkhunter and chkrootkit. I run them regularly.
Make sure you have a good last Backup, Firewall protection, Patches, Updates Auditing and Logging.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
First rule of incident handling is not to lie to people trying to help you.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:dimensionav
Comment Utility
gheist:
I am sorry if I didn't explain myself correctly, but I believe "lie" does not fit in this conversation.
0
 

Author Comment

by:dimensionav
Comment Utility
Madunix,  how would you recommend to do the Auditing and Loggin?
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 334 total points
Comment Utility
I think, it is essential to collect logs of various services on the server and analyse them carefully at periodic time. To enable logging all commands by a specific user I would suggest you to use audit logs by using "audit" utility, it works by allowing users to write rules that can log a wide variety of events. You can also configure more restrictive access on the server itself by having deploying tools like psad and fwsnort with firewall policy generated by APF.

Please refer to the following document carefully before implementing them on the server.
Advanced Policy Firewall: http://www.rfxn.com/projects/advanced-policy-firewall/
PSAD : http://cipherdyne.org/psad/
fwsnort : http://cipherdyne.org/fwsnort/
Securing VPS: https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
0
 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 166 total points
Comment Utility
You should look to do defense in depth.

An example program you can look into installed is Artillery from Trusted Sec. Artillery can proactively block from several different styles of attacks.

https://www.trustedsec.com/artillery/

Also follow the above guides posted by madunix.

Then the two most important pieces:
1. Consider firing up another VPS which acts as just a firewall/web app firewall. Here is an example of an open source WAF - https://www.modsecurity.org/. Configure the traffic so all traffic destined to the web server has to go through the WAF first. The WAF will be able to protect against many web application attack vectors.. and also give you ACL capabilities.

Qualys also has a cloud WAF option - https://www.qualys.com/enterprises/qualysguard/web-application-firewall/

2. The key piece to remember here is web application security. You can secure the OS as much as you want but if your web sites running are poorly coded, you are still open to attack. And with 60 sites running on the same VPS, the entire server is only as secure as the most insecure web site running on it. So 59 websites could be coded with best practices but that last website have security flaws and it causes everything to be compromised. So ensuring secure websites is going to be crucial to your success.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now