Server Protection - best practices

[glennj]

I have just upgraded to Plesk 8 after my Plesk 7.5 server somehow was compromised and was actioning UDP attacks!

I'm not new to hosting servers, but I'm now concerned about how this happened and how best to prevent it happening again.

Naturally complex passwords and only opening ports that are being used in the firewall module are all good ideas, but what other good practices are there to protect a server?

Anyone have a good example of firewall settings for best protection?

I think this would be helpful for newbies and old hands alike.

Cheers.

 

[eilko]

servers are usually hacked by faulty webscripts. I would recommend to use mod_security. See www.gotroot.com for a how to.

 

[glennj]

How about mod_evasive? Anyone use it?

 

[phatPhrog]

mod_security FC4 Plesk 8

If you are running a Fedora Core 4 Plesk 8 box on Linux the yum repos are already setup in your /etc/yum.repos.d that allow you to install mod_security

See: http://forum.swsoft.com/showthread.php?s=&postid=144661#post144661

Like eilko says though, do use gotroot for the rules and information on the mod_security.conf file.

mod_dosevasive is a bit more to install though.

You can either get an ASL subscription from atomicrocketturtle or go through the steps to install it yourself. (ART is the better choice)

If you do it your self, you will have to run

yum install httpd-devel before you install it.

 

[glennj]

Excellent tips guys...

I now have mod_evasive installed and mod_security with all the rulesets as mentioned.

I feel a bit happier now!

If there's anything else worth installing please let me know...