+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Contributions Area (/forum-40.html)
+--- Forum: Howtos (/forum-41.html)
+--- Thread: [HowTo] Make ispCP more Secure ! (/thread-257.html)
RE: How to make VHCS more Secure ! - fulltilt - 12-27-2007 05:59 AM
Hallo BeNe,
Habe vor einigen Monaten das aus Deinem HowTo mal ausprobiert:
Prevent DOS-Attacks mod_evasive
Allerdings hatte ich da auch Mega Probleme mit CMS und einer Auktion ...
Bilder wurden nicht mehr dargestellt oder einfach eine blank page.
ATTENTION: This config may produce "403 Forbidden" Errors on regular sites (to example: typo3, gallery,...)
Wie kann ich mod_evasive nun einsetzen ohne das hier Probleme auftreten?
Also wie müsste die Config dann aussehen um das zu vermeiden:
Code:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>RE: [HowTo] Make ispCP more Secure ! - BeNe - 12-28-2007 09:12 PM
Hy fulltilt,
yes i started to write down this HowTo. But the Section "Prevent DOS-Attacks mod_evasive" was not my Work. Sorry i can´t help you here.
Greez BeNe
RE: [HowTo] Make ispCP more Secure ! - gutek - 05-31-2008 06:01 AM
i think that BIND securing is a little wired in this how-to. I recommend do it that way:
in /etc/bind/named.conf add
Code:
allow-query {127.0.0.1; zzz.zzz.zzz.zzz;};
allow-transfer {xxx.xxx.xxx.xxx;};Code:
recursion no;zzz.zzz.zzz.zzz your public ip
xxx.xxx.xxx.xxx your secondary dns
After this change you can use localhost as DNS cache server.
Am I right?
RE: [HowTo] Make ispCP more Secure ! - ralph - 06-03-2008 11:10 PM
has anyone thought about enabling suhosin patch + su_php ?
RE: [HowTo] Make ispCP more Secure ! - ephigenie - 06-03-2008 11:51 PM
suphp is just slow.
And we use fastcgi / suexec which is much faster with min. equal level of security.
Suhosin is patched into debians php versions by default - its just about installing the module - and ... why not
I think most of us have this already running.
RE: [HowTo] Make ispCP more Secure ! - ralph - 06-04-2008 02:29 AM
i see, that sounds nice. i just have had problems before with other cps that i have problems tracking which virtual user the procs is starting from, therefore id prefer suphp but if php is through suexec/fastcgi that should solve the problem. anyone having successful stories of suhosin? does it bork many php apps by default cfg ex.?
RE: [HowTo] Make ispCP more Secure ! - BeNe - 06-04-2008 03:41 PM
Quote:anyone having successful stories of suhosin?Of course - why not ? It works well with ispCP.
Greez BeNe
RE: [HowTo] Make ispCP more Secure ! - einherjer - 06-04-2008 06:56 PM
ralph Wrote:anyone having successful stories of suhosin?It is default in OpenSuse and i have no problems with it. ispCP, Typo3, xoops, phpBB,... without any changes to the configuration.
RE: [HowTo] Make ispCP more Secure ! - Venus143 - 10-05-2009 01:49 PM
ispCP is an open source project founded to build a Multi Server Control and Administration Panel. This Control Panel is usable by any Internet Service Provider. But honestly speaking I don't have an idea on how to make an ispCP more Secure. But if I could see some information about that, I will tell you. Promise!
_________________
Temporary Medical
RE: [HowTo] Make ispCP more Secure ! - joximu - 10-05-2009 05:59 PM
(10-05-2009 01:49 PM)Venus143 Wrote: I abatement beneath the latter, but I do apperceive added cases area humans would wish to affectation this info. So in my view, the best way to do this is to actualize a ambience which can be on/off to affectation 1 & 3 aloft at least.
_________________
Temporary medical
If this is a serious post... I don't understand anything...