1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

HOWTO secure plesk on rhel

Discussion in 'Plesk for Linux - 8.x and Older' started by webcie, Jan 21, 2007.

  1. webcie

    webcie Guest

    0
     
    Hello,

    One of our servers has been hacked today. Currently we are working to get the sites back online.

    Does anyone have a best practice how to secure plesk on rhel.

    A few things come to mind:
    how can I prevent scripts in /tmp being executed?
    can I safely change permissions on perl to 700?
    how can I prevent the apache user from running shell scripts?

    thanks


    Jef
     
  2. Lithgow

    Lithgow Guest

    0
     
    Good question dude, I'd like to know a little too :D

    I did get Mod_security installed on the box I work with at least =)
     
  3. webcie

    webcie Guest

    0
     
    any usefull info to get it installed? or was is it just as a standard installation?


    Jef
     
  4. radialhosting

    radialhosting Guest

    0
     
    Do you know how it was hacked? It sounds like it was an application vault security hole or custom PHP app?

    Try to keep the version of Plesk up to date and use a firewall to protect access to your server. Never open SSH up to users, dont use password authentication for SSH; use RSA keys.

    Maybe only allow port 80, 443 and 53 in to your plesk server.
     
  5. webcie

    webcie Guest

    0
     
    that's the problem. the machine was up2date. Both OS and plesk were patched. I'm using a firewall and still the evil guy managed to upload and execute scripts. While doing that he or she was able to delete the /var/log folder which requires root access afaik.

    I want to lockdown the server:
    *files can be uploaded but should not be excutable
    *I'd like to shutdown perl as almost none of my clients uses it and the ones using it I can put together on one server.
    *I want to remove any rpm that isn't absolutly required for running standard plesk.
    *...

    We did get only one complaint due to our fast communication but I want to avoid these situations. I can live with hardware failure but not with ... ;-)

    Jef
     
  6. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Check out ASL, we can do all that either kernel-level security policies or through the userland IPS.
     
Loading...