HOWTO secure plesk on rhel

[webcie]

Hello,

One of our servers has been hacked today. Currently we are working to get the sites back online.

Does anyone have a best practice how to secure plesk on rhel.

A few things come to mind:
how can I prevent scripts in /tmp being executed?
can I safely change permissions on perl to 700?
how can I prevent the apache user from running shell scripts?

thanks


Jef

 

[Lithgow]

Good question dude, I'd like to know a little too

I did get Mod_security installed on the box I work with at least =)

 

[webcie]

any usefull info to get it installed? or was is it just as a standard installation?


Jef

 

[radialhosting]

Do you know how it was hacked? It sounds like it was an application vault security hole or custom PHP app?

Try to keep the version of Plesk up to date and use a firewall to protect access to your server. Never open SSH up to users, dont use password authentication for SSH; use RSA keys.

Maybe only allow port 80, 443 and 53 in to your plesk server.

 

[webcie]

that's the problem. the machine was up2date. Both OS and plesk were patched. I'm using a firewall and still the evil guy managed to upload and execute scripts. While doing that he or she was able to delete the /var/log folder which requires root access afaik.

I want to lockdown the server:
*files can be uploaded but should not be excutable
*I'd like to shutdown perl as almost none of my clients uses it and the ones using it I can put together on one server.
*I want to remove any rpm that isn't absolutly required for running standard plesk.
*...

We did get only one complaint due to our fast communication but I want to avoid these situations. I can live with hardware failure but not with ... ;-)

Jef

 

[atomicturtle]

Check out ASL, we can do all that either kernel-level security policies or through the userland IPS.