HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   How do i secure my Centos Server? (http://www.howtoforge.com/forums/showthread.php?t=10772)

sposs 21st February 2007 13:18

How do i secure my Centos Server?
 
Hi all, first post and linux noobie.

I have a dedicated server running centos 4 , im using it to learn linux and server management mainly, i have a website up and running on the server.

My hosting company contacted me the other day to tell me my server was being used to run a phishing site.I switched off apache and deleted the phishing files.Im worried about switching on apache again without knowing how to prevent future abuse.

I patch the server regularly doing a YUM update.

However i need to know how i can stop this happening again, what additional
security can i put in place?

martinfst 21st February 2007 13:34

You need to find out how the pisher got access to your server. ssh? broken php application (and abused the apache user)? Any other ports open (like webmin ports)

Still any open port as a backdoor open to the pisher? I got hacked once because of a faulty PHP app, and the hacker installed some backdoor listening on an obscure port.

Start looking at /var/log and scan all log files. Try to identify something unusual.
Then execute
Code:

ps -ef
to see if any strange program is running. And you might consider installing 'chkrootkit' and run a test. Also do
Code:

netstat -tap
and see if something strange on an unusual port is listening. HTH

sposs 21st February 2007 13:42

Great thanks will start doing that now.


All times are GMT +2. The time now is 00:55.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.