Well i just got the 512SRV from http://thesrv.com/vps/ and im wondering what security i need to instal, ect ect?
+rep for helpies
Ross

Is it going to be a public or private server and will it have cPanel?

I'd setup (mainly for a public server):
- Notifications on root SSH login
- ClamAV antivirus
- Block PHP functions you don't need that may be used in shell scripts
- Install lfd, tripwire, rkhunter, chkrootkit
- Use IPTables or something to block people after 10 failed FTP/SSH attempts
- Use Mod_Security on Apache
- PHP Suexec
- Use secure passwords with punctuation
- Use PHP open_base dir
- Jail SSH access to the user's home directories

No im trying to find which package to get, it def wont have cpanel if you click order and see the packages im not entirely sure which ones best for what i need, the sever will be used for smstopaypal so it'l be public.
Ross

Ah ok!

CentOS 5.5 is the best one for a webserver IMO, you'll find loads of support for it because generally it's what people use for services like yours. Ubuntu is easier, but it isn't as stable as CentOS.

Get CentOS or Debian on it (my preference is CentOS) and install Virtualmin (it's free).

Virtualmin is a free control panel that will install all the basics for you - apache, php, mysql, mail servers, clamav

From a completely fresh installation of the operating system (no custom repositarys or anything) login as root

# wget http://software.virtualmin.com/gpl/scripts/install.sh
# sh install.sh

say yes when it asks.

# yum update (if on CentOS) apt-get upgrade (if on Debian)

When it's finished (it will take a while) visit https://youripaddressordomain:10000

You can view email accounts etc from https://youripaddressordomain:20000 once you've got domains set up.

I'm not that security conscious and leave things at that, but as you're dealing with money and customer details you're going to want to secure things a little.

Change the SSH port to something over 10000 and take a look at some things on Tom's list.

ross if you message me when your on msn next time i can help you with almost all this
unless it is absolutely necessary i wouldn't use a control panel at all and just use sftp if at all possible

Were also wanting to have more than 1 domain connected, thus pretty much having 4-5 accounts. for different sites (our network of sites pretty much) would i need additional software for that?
+Colin i'v msged u

virtual admin, kloxo or any other control panel will allow that

If you need to ask this question your VPS will be crazy insecure. I suggest you do get someone who knows what they're doing to set it up for you.

If you need to ask this question your VPS will be crazy insecure. I suggest you do get someone who knows what they're doing to set it up for you.

A default installation of CentOS/Debian is pretty secure as it is other than the SSH port. It's when you start changing things/installing things that it becomes less secure and especially when you have other people accessing SSH.

A default installation of CentOS/Debian is pretty secure as it is other than the SSH port. It's when you start changing things/installing things that it becomes less secure and especially when you have other people accessing SSH.
Apache can leave huge holes if you do it wrong. This is why I got someone else to do it all for me.

Apache can leave huge holes if you do it wrong. This is why I got someone else to do it all for me.

The holes in apache only really apply if you're a webhost and/or allow users to upload files. Assuming it's just him with access to upload files etc it's fine.

A lot of securing things on Linux is actually about limiting/securing things that people who have some sort of access can do. If there's just one administrator with nobody having any access other than browsing and interfacing with the website then the default setup is fine. However running a website like his, no securing of things like apache is going to help if his codebase and usersystem aren't secure.

If you need to ask this question your VPS will be crazy insecure. I suggest you do get someone who knows what they're doing to set it up for you.

I'd have to agree here, you're handling other people's money and in that sense I'd be getting someone in to secure it for me. It's just small things, as Nick says, the more people you allow access to the server with and the more software you install, the less secure it becomes. Literally less than a day after most of my VPS's go online, without telling people, there are randomers from the far east trying to get into various accounts on things like FTP and SSH, let alone people who will possibly be looking for vulnerabilities when the site has launched.

Block port 22 with a firewall and move SSH to an obscure port, disable SSH v1 (I think, it's something v1 in the SSH config) and if you really wanted to, you could disable password based authentication and stick to keys.

Yeah, you get automated SSH login attempts from servers trying to find vulnerable ones to access. But if you actually look at the attempts they're for things like username: John Password: John Username: root Password: password. Not that big of an issue unless your password is as insecure as that lol. And the way to deal with it is moving SSH to a port other than 22 and/or disable password authentication.

Hi,

I can have one of my sysadmins install desired software packages, harden software platforms such as PHP, secure SSH and configure a firewall for a one-time fee.

Feel free to message me.

Thanks.

I'll harden the server for you for a small fee.
[email protected]