Application Security Issues
From Oxxus Wiki
For most-secure VPS servers take a look at our VPS hosting offer.
Application level security issues - brute-force attacks
Brute-force attacks are the most common on the Internet. Remote hosts trying to get into your Linux box are sending dictionary based username/password combinations to your server until they get authenticated. Users usually set simple passwords and make the whole host vulnerable to this type of the attack. Since remote hosts are checking huge number of users against your server, they usually raise load to the extent that your server becomes unavailable. The brute-force attacks target pop3, imap, ssh, ftp servers.
The solution to this problem is:
1. Make your passwords strong (8+ characters - mix of letters, numbers and characters).
2. Install software that would ban users who fail authentication more than 5-10 times BFD
By default, we have pam_abl installed on all the servers, and they should ban failed authentications, but they don't prevent them from trying and thus raising load. Installing BFD for this matter would be useful, or contact us to install it for you.
Application level security issues - exploits
Exploits are not so common today, although they took fair-share of vulnerabilities in the past of Linux development. They exploit usually either local or remote vulnerabilities of the softwares running on your Linux box. To locally exploit the server, they would have to have an account on your server or to get it over remote exploit. They usually target web servers, scripts on web servers (php script usually), ftp, smtp daemons. The most common exploit usage nowadays is over php scripts. Users gain access this way to your Apache's user shell. Local exploits usually target kernel bugs and gain local root. Effective protection against local exploits should be regular kernel and distribution update or kernel Intrusion detection systems like PaX, grsecurity, openwall, LIDS, ...
Protections against these exploits are:
1. Update your server software regularly. If you are on CentOS/Fedora use yum update or apt-get update if you are on Debian/Ubuntu.
2. If you manually installed software or PHP portal, check for updates regularly.
3. Keep your applications running under separate users. Don't run them as root.
4. Use security modules like apache mod_security that would protect against most known php attacks.
5. Chroot daemons that are highly vulnerable (technic to virtually change root that application sees using chroot() syscall and thus isolate it from the rest of the system). An article for chrooting daemons doesn't exist as yet, but send us a support ticket if you are interested and we will explain how to do it.
6. Change application versions so they don't become targeted by remote hostile scanners. For example, you can set FTP server's version that it sends to something like 'My FTP server' during compilation, change postfix banner to sendmail, turn off Apache server/module version sending, etc. Scanners automatically target vulnerable versions, so that should keep you protected when hackers mass-scan the networks for vulnerable services.
7. Hide paths to php software that you use. For example, instead of addressing /phpMyAdmin address it like /Kmyadmin You can change that in /etc/httpd/conf.d/phpmyadmin.conf
There are also number of additional security measures like intrusion detection systems built in the kernel that would protect against some buffer-overflow vulnerabilities, but they are only possible to implement on the Dedicated servers, not the VPS. If you own a dedicated server, we can implement kernel-level security on your Linux box.