• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Securing Server - Qmail

C

chromedome

Guest
We've had issues over the last year or so where we have been playing cat and mouse with php exploits and perl scripts generating massive amounts of spam, filling our quuue's, and making life generally miserable.

Steps we have taken in the past:

Upgrade php
move /tmp to it's own partition and setting up noexec
Installed and regularly run chkrootkit
Installed qmHandle to monitor and clean the queue

We have 2 servers that have gotten hit. One is FreeBSD 5.3, the other is CentOS 3.3, both are running Plesk 7.5.4

Here are my questions:
What is the best way to search out for old/exploitable php scripts?
What is the best way to "lockdown" qmail so that these scripts can not turn the box into a spam-generator
What general "lockdown" recommendations would you add to what we have already done?


Your help is appreciated
 
Originally posted by chromedome
What is the best way to "lockdown" qmail so that these scripts can not turn the box into a spam-generator
Click to expand...
Not sure Qmail can be locked down as you are thinking. It would have no way of knowing if a message has originated from an exploited script or not.
Originally posted by chromedome
What general "lockdown" recommendations would you add to what we have already done?
Click to expand...
ART's Atomic Secured Linux (ASL) Project

AtomicRocketTurtle's ASL
 
Are you each using the systems listed above? It appears that ART's ASL project contains several of the suggestions listed by eilko.

Assuming i were to put a dev machine online with these new changes, do they play nice with Plesk, or would we be married to ART's updates? (nothing against them - just curious)

Thank you for your suggestions.
 
The ASL project is IMO a more complete approach. Once installed, you would do best to continue to get the updates for all related packages from ARTs yum repository. I suppose you could try mixing in updates from other sources, but it would definitely not necessarily be in your best interests.

The ASL is not really Plesk related at all, so should not pose any problems with Plesk.

You could also do your Plesk updates from ARTs repository (I do without any problems), as well as other packages (such as php, mysql, etc).

ART = atomicrocketturtle = an original founder of Plesk before the SWSoft buyout = he is astounding at what he does.
 
You must log in or register to reply here.

Similar threads

I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
3K
iainh
I
Automata
  • Poll
Input FEATURE REQUEST: Add SSH2 extension to PHP default extensions to improve security.
Replies
2
Views
3K
Automata
Automata
burnley
Question [Plesk 17.5.3] Dovecot integration: per-domain INBOX prefix configuration on the same server
Replies
3
Views
2K
ChristophRo
ChristophRo
custer
Important Removing deadweight in Plesk Onyx 17.8
Replies
3
Views
7K
Laurence@
Laurence@
P
Issue Spam Issue - Need Assistance
Replies
2
Views
2K
PleskyStuff
P
Back
Top