Bahas JaMaYcKa hacker Defacer


Status
Not open for further replies.

rendy

Hosting Guru
Verified Provider
kalau yang ts kopas sih itu memang bugs tahun lalu

kalau yang sekarang saya belum nemu bugsnya

tapi memang cpanel sendiri sistemnya ngga secure banget, mudah diisengin
 

IIXPLANET

Expert 2.0
saya ada tips sedikit yg mungkin berguna untuk security web server :

1. install CSF - Config security server , yg bisa di lihat di web www.configserver.com untuk instalasi nya , csf ini cukup berguna untuk handle masalah attacking , injection ataupun root hack yg bisa diset dengan 3 tingkat level security , low, medium , high.

2. Install CHKROOTKIT , scanner directory server yg tiap hari automatic scanning untuk mencari vulnerabillity script atau konten yg mungkin berbahaya di server kita , yg nantinya akan direpot ke email admin tiap harinya.

Code:

cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44
make sense

To run chkrootkit

At command prompt type:
Code:

/root/chkrootkit-0.44/chkrootkit

3. Install root branch / root detector and email warning
fitur ini adalah warning kepada pemilik server jika ada user yg mencoba masuk ssh server menggunakan user id : ROOT

Code:

pico .bash_profile

Scroll down to the end of the file and add the following line:
Code:

echo ‘ALERT - Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” [email protected]

Save and exit.

4. Tweak Setting in WHM
Goto Server Setup =>> Tweak Settings
Check the following items…

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
(according to ELIX - set this to FAIL, which is what I am going to do to reduce server load)

Under System
Use jailshell as the default shell for all new accounts and modified accounts

Goto Server Setup =>> Tweak Security
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.

Goto Server Setup =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.

Goto Server Setup =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection

When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP

Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users (except yourself)

Goto Mysql =>> MySQL Root Password
Change root password for MySQL

Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:
Code:

/sbin/depmod
/sbin/insmod
/sbin/insmod.static
/sbin/modinfo
/sbin/modprobe
/sbin/rmmod

5. Restrict SSH Port ( ini untuk mengubah port ssh ke port lain ) berguna untuk mencegah root take off

At command prompt type:
Code:

pico /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:
Code:

#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::

Uncomment and change
Code:

#Port 22

to look like
Code:

Port 5678

(choose your own 4 to 5 digit port number (49151 is the highest port number AND do not use 5678 lol )

Uncomment and change
Code:

#Protocol 2, 1

to look like
Code:

Protocol 2

Uncomment and change
Code:

#ListenAddress 0.0.0.0

to look like
Code:

ListenAddress 123.123.123.15

(use one of your own IP Addresses that has been assigned to your server)

6. Disabled TELNET
To disable telnet, SSH into server and login as root.
At command prompt type:
Code:

pico -w /etc/xinetd.d/telnet

change disable = no to disable = yes
Save and Exit
At command prompt type:
Code:

/etc/init.d/xinetd restart

7. Insvestigating DDOS
Untuk mencek apakah web server anda sedang di DDOS atau tidaknya bisa dicek dengan cara cmd berikut :

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

hasil yg didapat adalah berapa koneksi yg sedang aktif dalam server anda.

8 . Install Config Mail Queque
bisa didapat di web : www.configserver.com
berguna untuk handle spam email dan lainnya.

Semoga berguna sedikit referensi ini.
 

gresshost

Poster 2.0
Yup, betul juga kata bung Visualhost.

sekalian folder /tmp di amanin, kalo ga salah dari cPanel juga ada deh :

# /scripts/securetmp

Trus bikin script buat laporin ke email kita klo ada orang yg login ke server via SSH.

ya mudah2an kita smua ga kena yak... ( saya pake CentOs juga neh...:D, seleeemm )
 
Last edited:

IIXPLANET

Expert 2.0
yg aku liat td sebagian web yg dah dihack aku trace , kebanyakan NS nya ke ns dapur hosting ya , sepertinya root mereka yg kena , jadi kliennya ikut terkena juga.
 
Status
Not open for further replies.

Top