1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Securing Server - Qmail

Discussion in 'Plesk for Linux - 8.x and Older' started by chromedome, Oct 27, 2005.

  1. chromedome

    chromedome Guest

    0
     
    We've had issues over the last year or so where we have been playing cat and mouse with php exploits and perl scripts generating massive amounts of spam, filling our quuue's, and making life generally miserable.

    Steps we have taken in the past:

    Upgrade php
    move /tmp to it's own partition and setting up noexec
    Installed and regularly run chkrootkit
    Installed qmHandle to monitor and clean the queue

    We have 2 servers that have gotten hit. One is FreeBSD 5.3, the other is CentOS 3.3, both are running Plesk 7.5.4

    Here are my questions:
    What is the best way to search out for old/exploitable php scripts?
    What is the best way to "lockdown" qmail so that these scripts can not turn the box into a spam-generator
    What general "lockdown" recommendations would you add to what we have already done?


    Your help is appreciated
     
  2. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
  3. ShadowMan@

    ShadowMan@ Guest

    0
     
    Not sure Qmail can be locked down as you are thinking. It would have no way of knowing if a message has originated from an exploited script or not.
    ART's Atomic Secured Linux (ASL) Project

    AtomicRocketTurtle's ASL
     
  4. chromedome

    chromedome Guest

    0
     
    Are you each using the systems listed above? It appears that ART's ASL project contains several of the suggestions listed by eilko.

    Assuming i were to put a dev machine online with these new changes, do they play nice with Plesk, or would we be married to ART's updates? (nothing against them - just curious)

    Thank you for your suggestions.
     
  5. ShadowMan@

    ShadowMan@ Guest

    0
     
    The ASL project is IMO a more complete approach. Once installed, you would do best to continue to get the updates for all related packages from ARTs yum repository. I suppose you could try mixing in updates from other sources, but it would definitely not necessarily be in your best interests.

    The ASL is not really Plesk related at all, so should not pose any problems with Plesk.

    You could also do your Plesk updates from ARTs repository (I do without any problems), as well as other packages (such as php, mysql, etc).

    ART = atomicrocketturtle = an original founder of Plesk before the SWSoft buyout = he is astounding at what he does.
     
Loading...