?
Solved

How to protect a vps server against virus and hacking?

Posted on 2014-12-01
8
Medium Priority
?
314 Views
Last Modified: 2014-12-03
HI

We have a Linux Server (VPS) configured with WHM and Cpanel in order to offer hosting services, there are more than 60 sites and everything used to be working very well, but since a few months ago we have had alot of virus and hacking issues. I know this situations should be fixed by the datacenter but we need to to develop a strategy in order to prevent and/or correct those problems faster and even before than datacenter.

We would like your suggestions about a list of points to be performed during continuous monitoring in order to avoid these problems.

Thanks in advance.
0
Comment
Question by:dimensionav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40474317
Which virus? How did you find it?
0
 

Author Comment

by:dimensionav
ID: 40474434
Well basically has been malicious code (maybe I should call it malware) and defacement (like the attached image).

In other cases the hacker could get into WHM and create new hostings.
defaced.jpg
0
 
LVL 25

Accepted Solution

by:
madunix earned 1336 total points
ID: 40474576
I use rkhunter and chkrootkit. I run them regularly.
Make sure you have a good last Backup, Firewall protection, Patches, Updates Auditing and Logging.
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 62

Expert Comment

by:gheist
ID: 40474737
First rule of incident handling is not to lie to people trying to help you.
0
 

Author Comment

by:dimensionav
ID: 40474862
gheist:
I am sorry if I didn't explain myself correctly, but I believe "lie" does not fit in this conversation.
0
 

Author Comment

by:dimensionav
ID: 40475842
Madunix,  how would you recommend to do the Auditing and Loggin?
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1336 total points
ID: 40475876
I think, it is essential to collect logs of various services on the server and analyse them carefully at periodic time. To enable logging all commands by a specific user I would suggest you to use audit logs by using "audit" utility, it works by allowing users to write rules that can log a wide variety of events. You can also configure more restrictive access on the server itself by having deploying tools like psad and fwsnort with firewall policy generated by APF.

Please refer to the following document carefully before implementing them on the server.
Advanced Policy Firewall: http://www.rfxn.com/projects/advanced-policy-firewall/
PSAD : http://cipherdyne.org/psad/
fwsnort : http://cipherdyne.org/fwsnort/
Securing VPS: https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
0
 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 664 total points
ID: 40476109
You should look to do defense in depth.

An example program you can look into installed is Artillery from Trusted Sec. Artillery can proactively block from several different styles of attacks.

https://www.trustedsec.com/artillery/

Also follow the above guides posted by madunix.

Then the two most important pieces:
1. Consider firing up another VPS which acts as just a firewall/web app firewall. Here is an example of an open source WAF - https://www.modsecurity.org/. Configure the traffic so all traffic destined to the web server has to go through the WAF first. The WAF will be able to protect against many web application attack vectors.. and also give you ACL capabilities.

Qualys also has a cloud WAF option - https://www.qualys.com/enterprises/qualysguard/web-application-firewall/ 

2. The key piece to remember here is web application security. You can secure the OS as much as you want but if your web sites running are poorly coded, you are still open to attack. And with 60 sites running on the same VPS, the entire server is only as secure as the most insecure web site running on it. So 59 websites could be coded with best practices but that last website have security flaws and it causes everything to be compromised. So ensuring secure websites is going to be crucial to your success.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question