Mobile app version of vmapp.org
Login or Join
Murphy175

: Securing Linux Servers I recently started hosting business and have several cPanel VPS and Dedicated Servers. Recently one of my cPanel Server root password was hacked and got back control after

@Murphy175

Posted in: #Cpanel #Security

I recently started hosting business and have several cPanel VPS and Dedicated Servers.
Recently one of my cPanel Server root password was hacked and got back control after lots of trouble.

Can any list the Security Checks i should perform or implement to secure my Servers?

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Murphy175

1 Comments

Sorted by latest first Latest Oldest Best

 

@Lengel546

One of the most important things you can do is utilize strong passwords. E.g., at least 8 characters and characters from at least 3 character sets, e.g., letters, numbers, and special characters, such as a dash, dollar sign, etc. Too many people don't realize that there are people throughout the world who have automated scripts that search for systems with weak passwords. When I logged into the root account on one of my Linux servers yesterday, I saw the message below indicating there had been about 50,000 attempts to log into the root account on the server in just two days, which isn't unusual.

Last login: Wed Dec 24 11:51:06 EST 2014 on pts/0
Last failed login: Fri Dec 26 22:48:10 EST 2014 from 103.41.124.49 on ssh:notty
There were 46898 failed login attempts since the last successful login.


Attackers know the default accounts on systems and will use scripts that will go through commonly used passwords pairing them with default account names. One can easily find lists of the most commonly used passwords online. And attackers typically go through word dictionaries, also, pairing every word in the dictionary with default account names.

Sometimes they will use name dictionaries paired with word dictionaries to break into accounts. When I ran an FTP server, I regularly saw attackers pairing name dictionaries with word dictionaries. Name dictionaries are readily available online, e.g., for expecting parents looking for a name for a baby. They might start with a name such as "abe" and then try every word in the word dictionary as a password against it. Then they would move on to another name, such as "alan" and do the same thing going all the way through every name in the name dictionary down through names such as zachary. So any account with a weak password becomes an entry point into the system. If the account doesn't have root privileges, it can still represent a jumping off point to gain further information about potential vulnerabilities on the system and try privilege escalation techniques, if the account is compromised.

And attackers may try other dictionaries for passwords. E.g., one that contains sports team names or car models, since some people will use those as passwords.

Or they can just try random combinations of characters looking for short passwords. E.g., if a password is only 4 characters long, it won't take a computer long to try every possible combination of 4 characters as a password.

Of course, no one is going to sit at a keyboard and type all of those name and password combinations, so they use scripts. It may only take a few seconds for such scripts to try thousands of name and password combinations, if your server doesn't limit or block access to itself after a certain number of failed password attempts.

When I was running the FTP server, which had only two legitimate accounts, one for my wife and one for one of her friends, so they could exchange files, I observed 4 to 5 such attacks running regularly against the system when I monitored such attempts with kripp, a script that showed me the userids and passwords they were attempting to use, just to see what was happening. The server was in the U.S.; I would see dictionary attacks from within the U.S., but also from Brazil, China, etc. occurring at the same time.

Of course, strong passwords are just a starting point for securing any system. One additional method of securing a Linux server is too employ Security-Enhanced Linux, which can be enabled under most versions of Linux. Note: you may find postings by people online advising others not to deploy it, because it could be difficult to configure, but there have been improvements over the years to make it easier to deploy. You can find information on how to deploy it online and in Linux system administration books, e.g., you can search Amazon for "SELinux" or "hardening Linux"

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme