Ten recommended steps to prevent your server being hacked

Posted on April 21, 2011 by Russ

This list is by no means definitive, but addresses some of the more common issues that can lead to your server being hacked.

1. Always change default passwords and ensure you replace them with strong passwords which use a combination of numbers, letters and special characters. Further information on how to create strong passwords can be accessed from the ForLinux knowledge bank.

2. Only install the services that are required on the system. When setting up the server, do not install any services you are not going to be using. For example, if you are using a server purely for running databases, do not install Apache or a mail server, as these increase the number of available ‘attack vectors’, methods by which a hacker can access your server.

3. Updates/Patching. Make sure you regularly update and patch your operating systems, applications and any other software you have running on the server in order to take full advantage of security updates, bug fixes, etc. If you use any specific third-party software, for example forums or bulletin boards, it is worth signing up to their mailing lists, so you are notified of any updates and/or security issues as quickly as possible.

4. Ensure services do not broadcast their version numbers. If a hacker knows which version of a service you are running, they can check for known exploits. In Apache this is set by the ServerTokens directive which needs to be set to Prod, so it only broadcasts the ‘product’, i.e. ‘Apache’, and not the full version details. With PHP you need to ensure the expose_php directive is set to 0 or Off – depending upon your version of PHP. Similar settings can be found for most other applications.

5. Install a firewall. Allow ports you need – e.g. port 80 for web, ports 25, 110, 143 for email, etc – but then block ALL others. By default Linux installations use iptables, but these can be tricky to configure by hand, if you are not familiar with the rulesets. It is much easier to use something like APF (Advanced Policy Firewall) from RFXN, which allows you to configure the iptables using simple configuration files. It is also worth installing BFD (Brute Force Detection), which allows you to identify and block IP addresses which fail authentication checks. It can be set up to email you details of any addresses it blocks.

6. Move well known services to other ports. For example, move FTP and SSH off their standard 21 and 22 ports. This will stop some of the novice hackers (‘script kiddies’) from running brute force attacks against these services.

7. SSH access. Ask well as moving the daemon off port 22, it is a good idea to disable root logins. You should also keep the number of user accounts with SSH access to an minimum, and make sure they all have strong passwords.

8. Web code. Make sure your code is written to good standards, and all user inputs are thoroughly checked and sanitised to prevent code injections. It is advisable to read up on best practices for the language you are coding in, and make sure you follow security guidelines closely.

9. Install Logwatch. This is a log analyser that runs nightly, and then emails the results to you. Make sure you check the emails each day and block the IP addresses of any connections that look suspicious in your firewall.

10. Permissions. Always avoid using full 777 permissions on files and directories that are displayed via your web server. This can allow a compromised web script to upload files, which will typically include a PHP shell, allowing the hacker to gain greater access to the server.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting, Web Security and tagged , , , , , , , , , , , , . Bookmark the permalink.

Comments are closed.