Server Security Archives

How to migrate Migrate to EasyApache 4 cPanel server

Post author:Jobair Alam Bipul
Post published:May 23, 2018

migrate Migrate EasyApache 3 to EasyApache 4 its too Easy :) Just run the following command : /usr/local/cpanel/scripts/migrate_ea3_to_ea4 --run This…

Symlink Protection for cPanel

Post author:Jobair Alam Bipul
Post published:July 8, 2017

Symlink Protection for cPanel is much important . Symlink attack occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users.

Symlink race condition vulnerability

If you enable both of the SymLinksIfOwnerMatch and FollowSymLinks configuration settings, Apache becomes vulnerable to a race condition through symlinks. This symlink vulnerability allows a malicious user to serve files from anywhere on a server that strict OS-level permissions do not protect.

Filesystem-level solutions : Enable mod_ruid + jailshell for your apache webserver.

To enable this option, recompile Apache and then enable EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2 and cPanel jailshell in WHM’s Tweak Settings interface (Home >> Server Configuration >> Tweak Settings).

Using cageFS

CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. This option is available on all cPanel-supported platforms today, and it is already included with CloudLinux.

(more…)

How to Install maldet on cPanel server

Post author:Jobair Alam Bipul
Post published:February 19, 2016

How to Install maldet on cPanel server

login to your server via SSH as root , Enter the following commands:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh

After complete the installation you may see the message : (more…)

How to disable HTTP access by .htaccess

Post author:Jobair Alam Bipul
Post published:May 9, 2015

Sometimes we need to disabled HTTP access to make down a website . Today I’m showing how to disable HTTP…

How To Protect Your Linux Server from the GHOST Vulnerability

Post author:Jobair Alam Bipul
Post published:February 2, 2015

GHOST vulnerability affecting Linux systems was discovered in the C library of GNU / Linux (glibc) that gives control to attackers without requiring system credentials.

GHOST creates a buffer overflow that affects all the gethostbyname*() functions in the glibc library. These functions change a hostname into an IP addresses. A hacker exploiting this can gain complete access of the Linux machine.

(more…)

How To Detect And Clean Crypto PHP Malware

Post author:Jobair Alam Bipul
Post published:November 24, 2014

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

After being installed on a webserver the backdoor has several options of being controlled which include

command and control server communication, mail communication as well as manual control.

More details : https://foxitsecurity.files.wordpress.com/2014/11/cryptophp-whitepaper-foxsrt-v4.pdf

Picture : foxitsecurity.files.wordpress.com

How To Detect And Clean CryptoPHP Malware?
(more…)