How to optimize server and protect from DDoS and other attacks...
I would like to see what else I can do to secure my server and optimize it's performance, It's load used to be at a good 0.5-0.8 but now it's like 5-6 always and slower performance. What can I do to optimize and protect from DDoS attacks?
This is what I have:
Please note, this is a long post and asks several questions which I have tried to find on my own before posting, anything I found out I used and put here. Please be as specific and knowledgable/helpful as possible, this post hopefully will help me and hundreds of other members here as well.
APF
Brute Force Detection
Pmon Socket Monitor
=== system integrity monitor (SIM) should I install this?
/scripts/compilers off
#chmod 750 /usr/bin/rcp
#chmod 750 /usr/bin/wget
#chmod 750 /usr/bin/lynx
#chmod 750 /usr/bin/links
#chmod 750 /usr/bin/scp
Are there any other directories I should chown/chmod to make inaccessable. My box is fedora right now but will be getting a red hat 9.0 box soon, both using cpanel.
mod_security
-settings: http://eth0.us/faq/modsec.txt , are theese good settings?
rkhunter installed
.htaccess for blocking attacks:
==============================
file: .htaccess
order deny,allow
deny from 123.123.123.123. (replace with IP address to deny) does this work? is there a way I can FORwARD or redirect the ATTACK to another IP and possibly the originating ip the attack came from?
==============================
Edited httpd.conf:
===============================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 300
KeepAliveTimeout 15
MinSpareServers 15
MaxSpareServers 30
StartServers 5
MaxClients 1024
MaxRequestsPerChild 0
===============================
Are these appropriate apache settings? What else should I install or do?
I heard to do this, but I do not know how to exactly and I don't like to experiment and f' things up.
You guys know how to do this? More tips would be helpful, I would like to make my box as secure and optimized as possible.
=============================================
Change your SSH Port to something obscure.
Assign a dedicated IP for SSH.
Disable Telnet
Add MySQL Port to the APF ports list. (3306)
Add SFTP port to APF porst list. ( 215 )
=============================================
What else can I do?
Specific questions I know I would like to do:
Make it so ONLY ONY account can access shell, period. That account should be my root account (or renamed admin if needed and knew how). I'd like to not allow ANY one else period to access shell at all, no telenet or anything.
I'd like to know how to install and use:
safemode
openbase_dir?
php suexec?
anything else I miss?
In my php.ini, I have :
===================================
safe_mode = off
max_execution_time = 30
memory_limit = 2M
file_uploads = Off
upload_tmp_dir = Off
upload_max_filesize = 2M
allow_url_fopen = Off
disable_functions = "dl,exec,system,popen,passthru,proc_open,shell_exec"
===================================
Did I miss anything?
I do not have safe mode on right now, since I have a script in EVERY DOMAIN in the server that needs to access ONE and the same /home/usr152/public_html/index.php file, it is a free redirection service which if a subdomain is called on one of the other 200+ domains, it includes("/home/usr152/public_html/index.php") and when I turned safemode on, it did not allow me to do that. Is there a fix for this, such as I can have safe mode on, BUT allow ALL domains/websites to access ONE domain which is that "usr152" and they are not allowed access on ANY other website/domain period?
safemode, openbase_dir, php suexec, these three are good for what exactly?
OH YEA, and possibly the MOST important question ever, how do I block DDoS the extreme amount, I know you can't stop them but I'd like to know if APF is good for it or if there is a better firewall or apache rules I can add or mod I patch or .htaccess/to redirect the attack back on origin, and HOW TO BLOCK DDoS at KERNEL level? I heard that is the absolute best way and I've been digging around the forums for a few hours now trying to find out how, not much luck.
Thanks a million in advance~!!!!
MouseAttack
