ATTENTION!
There is a new updated Version in the Wiki.
Please use-->
[HowTo] Make ispCP more Secure
Greez BeNe
-----------------------------------------------------------------------------------
Hello,
is started to find out some Infos about the Securtity of my Server and ispCP Omega with some Tools out there in the word wide web.
1.) Disable the ServerSignature like this one:
Code:
Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 mod_perl/2.0.2 Perl/v5.8.8
Put only these lines in your httpd.conf
Code:
# Disable ServerInfo
ServerSignature Off
ServerTokens Prod
2.) Disable Debugging functions
An attacker may use this flaw to trick your legitimate web users to give
him their credentials. Add the following lines for each virtual host in your configuration file to disable the Debugging:
Code:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
3.) Disable ProFTPD Banner
When you connect to your FTP-Server it looks like this:
Code:
Verbindung mit 62.75.xx.xx wurde hergestellt.
220 ProFTPD 1.3.0 Server (vsxxxxxx) [62.75.xx.xx]
Benutzer (62.75.xx.xx:(none)):
Here can you see the ProFTPD Version -> 1.3.0
To Disable the Banner add, the following line to the proftpd.conf:
Dont forget to restart the Daemons after changing the config.
@Dev-Team: Could also implemented into ispCP for more Security
Search
Member List
Calendar
Help
/
[HowTo] Make ispCP more Secure !
