?
Solved

How to protect a vps server against virus and hacking?

Posted on 2014-12-01
8
Medium Priority
?
325 Views
Last Modified: 2014-12-03
HI

We have a Linux Server (VPS) configured with WHM and Cpanel in order to offer hosting services, there are more than 60 sites and everything used to be working very well, but since a few months ago we have had alot of virus and hacking issues. I know this situations should be fixed by the datacenter but we need to to develop a strategy in order to prevent and/or correct those problems faster and even before than datacenter.

We would like your suggestions about a list of points to be performed during continuous monitoring in order to avoid these problems.

Thanks in advance.
0
Comment
Question by:dimensionav
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40474317
Which virus? How did you find it?
0
 

Author Comment

by:dimensionav
ID: 40474434
Well basically has been malicious code (maybe I should call it malware) and defacement (like the attached image).

In other cases the hacker could get into WHM and create new hostings.
defaced.jpg
0
 
LVL 25

Accepted Solution

by:
madunix earned 1336 total points
ID: 40474576
I use rkhunter and chkrootkit. I run them regularly.
Make sure you have a good last Backup, Firewall protection, Patches, Updates Auditing and Logging.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 62

Expert Comment

by:gheist
ID: 40474737
First rule of incident handling is not to lie to people trying to help you.
0
 

Author Comment

by:dimensionav
ID: 40474862
gheist:
I am sorry if I didn't explain myself correctly, but I believe "lie" does not fit in this conversation.
0
 

Author Comment

by:dimensionav
ID: 40475842
Madunix,  how would you recommend to do the Auditing and Loggin?
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1336 total points
ID: 40475876
I think, it is essential to collect logs of various services on the server and analyse them carefully at periodic time. To enable logging all commands by a specific user I would suggest you to use audit logs by using "audit" utility, it works by allowing users to write rules that can log a wide variety of events. You can also configure more restrictive access on the server itself by having deploying tools like psad and fwsnort with firewall policy generated by APF.

Please refer to the following document carefully before implementing them on the server.
Advanced Policy Firewall: http://www.rfxn.com/projects/advanced-policy-firewall/
PSAD : http://cipherdyne.org/psad/
fwsnort : http://cipherdyne.org/fwsnort/
Securing VPS: https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
0
 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 664 total points
ID: 40476109
You should look to do defense in depth.

An example program you can look into installed is Artillery from Trusted Sec. Artillery can proactively block from several different styles of attacks.

https://www.trustedsec.com/artillery/

Also follow the above guides posted by madunix.

Then the two most important pieces:
1. Consider firing up another VPS which acts as just a firewall/web app firewall. Here is an example of an open source WAF - https://www.modsecurity.org/. Configure the traffic so all traffic destined to the web server has to go through the WAF first. The WAF will be able to protect against many web application attack vectors.. and also give you ACL capabilities.

Qualys also has a cloud WAF option - https://www.qualys.com/enterprises/qualysguard/web-application-firewall/ 

2. The key piece to remember here is web application security. You can secure the OS as much as you want but if your web sites running are poorly coded, you are still open to attack. And with 60 sites running on the same VPS, the entire server is only as secure as the most insecure web site running on it. So 59 websites could be coded with best practices but that last website have security flaws and it causes everything to be compromised. So ensuring secure websites is going to be crucial to your success.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question