Mail Server Settings

[Diveanx]

Okay. Here within the last 3 days, I updated my Plesk with the latest updates.

I am curreclty running 7.5.4 on CentOS3.5
I have been hacked 3 times and my mail server turned into a relay and it is killing my resources on my CPU and causing the server to run very very slow.

I havent changed any settings on my Plesk Is there different settings that I should use as far as my mail server to help make it more secure?

 

[jamesyeeoc]

Plesk itself is not the security problem, it's just a fancy GUI.

You should check out ART's Atomic Secured Linux and other security stuff.

http://www.atomicrocketturtle.com/subscription.html

As to the mail server settings, you have made sure it is NOT set for relay, nor POP3 auth, but IS set for Long Usernames, "Check the passwords for mailboxes in the dictionary", SMTP Auth only, right?

Made sure there are no Formmail scripts on any of the domains?

Made sure there are no exploitable versions of other software (notably phpBB)?

Done a cursory glance through the passwords in the database to make sure your clients are not using 'simple' passwords?

The list is long...

 

[Diveanx]

Thanks for your reply. I ahve to admit I am rather new at this so I am learning the hard way I guess.

I did find one Nuke site that has an older version of phpbb (2.0.5)

I upgraded it last night. I will go through and check the things your mentioned.

 

[Whistler]

But - that said - if you've been hack 3 times already - you should really consider spending money on having your datacenter tie down your server/os to a minimum (killing non used services, enabling firewall etc.) - also a big problem for you might be - that once your server is compromised the hacker might have left a number of open exploits on the server to use even though you think you're safe.

The hacking (as jamesyeeoc also writes) most certainly is not related to the fact that you use Plesk but to the fact that a number of exploits have been used in non-updated / disabled software on your server.

And if you're new and "don't have a clue" to what to do with it - you should really consider paying someone to clean/check your server.

 

[Diveanx]

Well my box is hosted with my buddy and he is pretty good but he mostly has gaming servers and can do alot of the stuff for me.

I do have a question because the route both of us have actually taken is we host alot of sites that use Nuke or Mambo.

As you know, people use these scripts because they are easy and fast.

Nuke is the main one we both have on our servers now you spoke of a mailform script. Now as far as I know all content management systems have these scripts built in. (I think this is my problem)

What is the best way to make the server more secure other then making sure easy site has an updated version of the software they are running?

Would you suggest the Qmail Manager module for Plesk?

Or what can I look for on a regular basis?

 

[Whistler]

Originally posted by Diveanx
I do have a question because the route both of us have actually taken is we host alot of sites that use Nuke or Mambo.

What is the best way to make the server more secure other then making sure easy site has an updated version of the software they are running?

Would you suggest the Qmail Manager module for Plesk?

Or what can I look for on a regular basis?

Upgrading, patching, closing securityholes is always a good start - and Nuke has a bad history of security as far as I remember.

But actally you can't depend on that - so you need to tie down the Apache/PHP, securing your system etc.

Watch out never to disable PHP safe_mode, don't disable open_basedir restrictions, don't share sessions/tmp_upload_dir between vhosts, don't allow people to run their own CGI scripts etc.

And no, I won't write you a complete securityguide - as I said - I think you need skilled people to do that.

But again - it's not Plesk that's giving you these problems - you could disable old versions of applications in the Application Vault if you use that.

A Plesk Qmail module won't save you any problems with hackers/mailforms - most mailforms are not a direct security risk for your server - just used as a tool to send out spam.

But - again - you NEED to find out what's causing your problems - it could be anything - and updating your CMS applikations won't save you the days work if it's some other part of your system thats compromised...