Current time: 11-29-2024, 11:40 AM Hello There, Guest! (LoginRegister)


Post Reply 
[HowTo] Make ispCP more Secure !
Author Message
fulltilt Offline
Member
***

Posts: 1,225
Joined: Apr 2007
Reputation: 5
Post: #31
RE: How to make VHCS more Secure !
Hallo BeNe,

Habe vor einigen Monaten das aus Deinem HowTo mal ausprobiert:
Prevent DOS-Attacks mod_evasive

Allerdings hatte ich da auch Mega Probleme mit CMS und einer Auktion ...
Bilder wurden nicht mehr dargestellt oder einfach eine blank page.

ATTENTION: This config may produce "403 Forbidden" Errors on regular sites (to example: typo3, gallery,...)

Wie kann ich mod_evasive nun einsetzen ohne das hier Probleme auftreten?
Also wie müsste die Config dann aussehen um das zu vermeiden:

Code:
<IfModule mod_evasive20.c>
    DOSHashTableSize    3097
    DOSPageCount        2
    DOSSiteCount        50
    DOSPageInterval     1
    DOSSiteInterval     1
    DOSBlockingPeriod   10
</IfModule>
12-27-2007 05:59 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #32
RE: [HowTo] Make ispCP more Secure !
Hy fulltilt,

yes i started to write down this HowTo. But the Section "Prevent DOS-Attacks mod_evasive" was not my Work. Sorry i can´t help you here.

Greez BeNe
12-28-2007 09:12 PM
Visit this user's website Find all posts by this user Quote this message in a reply
gutek Offline
Junior Member
*

Posts: 11
Joined: May 2008
Reputation: 0
Post: #33
RE: [HowTo] Make ispCP more Secure !
i think that BIND securing is a little wired in this how-to. I recommend do it that way:

in /etc/bind/named.conf add
Code:
allow-query {127.0.0.1; zzz.zzz.zzz.zzz;};
allow-transfer {xxx.xxx.xxx.xxx;};
instead of
Code:
recursion no;

zzz.zzz.zzz.zzz your public ip
xxx.xxx.xxx.xxx your secondary dns

After this change you can use localhost as DNS cache server.

Am I right?
05-31-2008 06:01 AM
Find all posts by this user Quote this message in a reply
ralph Offline
Junior Member
*

Posts: 17
Joined: Jun 2008
Reputation: 0
Post: #34
RE: [HowTo] Make ispCP more Secure !
has anyone thought about enabling suhosin patch + su_php ?
06-03-2008 11:10 PM
Find all posts by this user Quote this message in a reply
ephigenie Offline
Project Leader
*******
Administrators

Posts: 1,578
Joined: Oct 2006
Reputation: 15
Post: #35
RE: [HowTo] Make ispCP more Secure !
suphp is just slow.
And we use fastcgi / suexec which is much faster with min. equal level of security.
Suhosin is patched into debians php versions by default - its just about installing the module - and ... why not Wink
I think most of us have this already running.
06-03-2008 11:51 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ralph Offline
Junior Member
*

Posts: 17
Joined: Jun 2008
Reputation: 0
Post: #36
RE: [HowTo] Make ispCP more Secure !
i see, that sounds nice. i just have had problems before with other cps that i have problems tracking which virtual user the procs is starting from, therefore id prefer suphp but if php is through suexec/fastcgi that should solve the problem. anyone having successful stories of suhosin? does it bork many php apps by default cfg ex.?
06-04-2008 02:29 AM
Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #37
RE: [HowTo] Make ispCP more Secure !
Quote:anyone having successful stories of suhosin?
Of course - why not ? It works well with ispCP.

Greez BeNe
06-04-2008 03:41 PM
Visit this user's website Find all posts by this user Quote this message in a reply
einherjer Offline
Junior Member
*

Posts: 69
Joined: Mar 2008
Reputation: 0
Post: #38
RE: [HowTo] Make ispCP more Secure !
ralph Wrote:anyone having successful stories of suhosin?
It is default in OpenSuse and i have no problems with it. ispCP, Typo3, xoops, phpBB,... without any changes to the configuration.
06-04-2008 06:56 PM
Find all posts by this user Quote this message in a reply
Venus143 Offline


Posts: 1
Joined: Oct 2009
Reputation: 0
Post: #39
RE: [HowTo] Make ispCP more Secure !
ispCP is an open source project founded to build a Multi Server Control and Administration Panel. This Control Panel is usable by any Internet Service Provider. But honestly speaking I don't have an idea on how to make an ispCP more Secure. But if I could see some information about that, I will tell you. Promise!


_________________
Temporary Medical
(This post was last modified: 12-10-2009 08:33 PM by Venus143.)
10-05-2009 01:49 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #40
RE: [HowTo] Make ispCP more Secure !
(10-05-2009 01:49 PM)Venus143 Wrote:  I abatement beneath the latter, but I do apperceive added cases area humans would wish to affectation this info. So in my view, the best way to do this is to actualize a ambience which can be on/off to affectation 1 & 3 aloft at least.
_________________
Temporary medical

If this is a serious post... I don't understand anything...
10-05-2009 05:59 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)