Archive › Hosting Security

Find out Files modified within the Last x Days in Linux

Just use this simple command to recursively find out what files in the current directory has been modified within the last 6 days:

find . -type f -mtime -6

 

To find modified files in the current directory but to not look in certain sub-directories such as Maildir or logs:

find . -type f -mtime -6 | grep -v "/Maildir/" | grep -v "/logs/"

 

This would come very handy in:

  1. Finding files that have been hacked or maliciously uploaded.
  2. Finding files that are modified or updated by you in the last few days for backup or recovery or simply synchronization.

More tips can be found in this article as well.

Comments Off on Find out Files modified within the Last x Days in Linux

WordPress Security Tips

Oftentimes, when a customer complains of their site being defaced or infected with malware, we will investigate and discover that they are using a CMS such as WordPress. The danger in using these packages, from a security standpoint, is that they are so common as to make a large target for malware writers. Combine this with their support for third-party add-ons and the rapid speed of development, and it’s easy to see how vulnerabilities can creep in.

If you’re looking for a quick and dirty security intro, here it is — Update, update, update. Check release notes for any vulnerability fixes; if you see any, it’s time to upgrade. In addition, audit your plug-ins. Third-party add-ons are often not checked as thoroughly as the core code. Just because a plug-in is popular doesn’t mean that it’s secure.

Having said that, when it comes to more comprehensive information specific to WordPress, we’d prefer to direct you to the experts:

http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/development/2009/09/keep-wordpress-secure/

As always, we welcome your questions and feedback!

Comments ( 1 )

Terse yet extremely to the point Linux Security tips and step to step guide

If you are just like me who is disgusted of reading through large chunks of texts for the only particular thing that he’s interested, securing Linux can’t be any more straightforward with this exhaustive list written by Kurt Seifried. Specially made for Linux novices who are just starting to harden his servers against malicious attempts, it is a good read not only because it’s useful but also because it’s easy to follow and digest.

Here we go: http://seifried.org/security/os/linux/20020324-securing-linux-step-by-step.html

Comments Off on Terse yet extremely to the point Linux Security tips and step to step guide

Typical iptables Firewall Rules for a Server that Hosts Websites

iptables is a rather handy tool to protect your server from unwanted and potentially malicious connection attempts. To list the current rules, run in SSH:

iptables -L

A typical set of firewall rules set by iptables on a simple server, be it VPS or dedicated, for hosting and serving websites should be like this:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 8001,8002,8003,8004,8005,8006,8007,8008,8009,8010 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT

Which enables

  1. ports 80 and 443 for web pages serving via HTTP and HTTPS
  2. port 21 and a series of tcp ports for FTP (passive mode) so that you can upload stuff to the server with your favorite FTP client
  3. port 22 for SSH access which can be modified for more security. If you have altered the default SSH connection port 22 to a random one, make sure you also change the port in the iptables rules set accordingly or the server will reject you.
  4. port 3306 for MySQL database server. Note that you may or may not need to open port 3306 for MySQL. For example, if you use ‘localhost’ as database server, there’d be no need most of the time.

And disables everything else.

These commands will only be in effect for the current session, once the server is restarted, all rules will be lost. In order to save these rules and make the server automatically load and apply them every time you reboot, write them into a file to be loaded upon every system start. Run:

iptables-save > /etc/iptables.up.rules

Command iptables-save saves the rule set to the file /etc/iptables.up.rules from the memory. Now configure the server to read and apply the rule set file /etc/iptables.up.rules every time it starts:

nano /etc/network/interfaces

And add a line immediately below ‘iface lo inet loopback’:

pre-up iptables-restore < /etc/iptables.up.rules

Now you are set. Reboot the server and see if all takes effect.

Comments ( 1 )

Customize or change the default SSH port 22 to a random custom one of your choice

By default, all newly set up servers listen and accept SSH login on port 22 which is known universally. To make it a little harder for hackers to break into your user account, one of the first steps you want to take is to change the default SSH port to a different on that’s randomly chosen by you.

To do this, simply modify the sshd configuration file by:

nano /etc/sshd/sshd_config

For novice SSH users, nano is more intuitive than vi. After loading the file in the editor, find and change this line:

Port 22

To

Port 8433

Ctrl + o and ctrl + x should save the change and get you out of the editor.

The port number can be anything between 1024 and 65535, inclusive. You can make it instantly in effect by reloading the new configurations:

/etc/init.d/ssh reload

Now the server will only accept SSH accesses on the port 8433. After modifying this, make sure you also change the remote port setting in your local SSH client or it will be rejected by the hosting server.

Comments ( 2 )