I have a question for you. Does your server have a firewall running on your server? For those who do know what a firewall is, let’s go to our good friend Wikipedia:

‘In computing, a firewall is a network security system that controls the
incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted.’

As avid readers of the blog know, I like to ground these ideas with every day analogies. You can think of a firewall like a door to your home. When the door is opened, people can walk directly into your house. Should you want to keep people out, you close and lock the door. This is the way a firewall works on a server. You place the firewall onto your server to keep intruders from the internet from accessing your data.

Firewalls can be either hardware or software based. If you go with a hardware based firewall, the firewall is connected to your switch that allows for traffic to be filtered upon a rule set you determine. You would use a hardware based firewall if you had a dedicated server. A software based firewall is installed within your server. It still blocks traffic based off rule sets you create, but it just does it from within the server and not out in front like a hardware based firewall.

For the rest of this article, I will provide you the steps to install CSF, which is short for ConfigServer Security and Firewall. This firewall is supported across many different Operating Sytems, RedHat Enterprise, Centos, CloudLinx, Fedore, Virtuozzo, VMWare, to name a few. You can read more about the supporeted systems here: http://configserver.com/cp/csf.html

This firewall can be installed with the following steps on your Linux based server:

mkdir /usr/local/src <– Creates the directory to install CSF

cd /usr/local/src <– Changes your location on the server to the newly created directory

wget http://www.configserver.com/free/csf.tgz <– downloads the CSF software to your server

tar xfz csf.tgz <– Extracts the software
cd csf <– Changes your location on the server to the CSF directory

./install.sh <– Installs the CSF firewall

CSF, when installed, and configured properly, places a preset list of rules onto your server. These rules can be configured directly within the csf.conf file or the csf configuration file. If you have a cPanel based server,  you want to ensure that you have the following ports opened for inbound and outbound:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,143,443,465,587,993,995,2078,2082,2083,2086,2087,2095,2096”

# Allow outgoing TCP ports
TCP_OUT =”20,21,22,25,37,43,53,80,110,113,443,465,587,873,995,1167,2086,2087,2089 ”

Those ports cover most of the ports you will need for your cPanel or non-cPanel server to function. You can read more about ports and their functions here: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Once you do that, you may want to limit the amount of connections each user can make to your server. This can be set by changing CT_Limit in your csf.conf to the number of connections you want each user to be able to make. For example, CT_Limit = “150” will only allow each user to make 150 connections to your server.

You may also want to remove port 22 from TCP_IN along with setting your SSHD_config file to do only public_key authentication. Why would you do this? This will lock down your server from the outside and only allow people who have SSH keys installed into your server to gain access using SSH.

CSF can be configured in a multitude of ways to add another layer of security to your server. I highly recommend going to http://configserver.com/cp/csf.html and using the forums to learn more about the many features of CSF and how tweaking the settings can help ensure you’re providing a stable, safe and secure server environment

Follow Us :
Share :

Today, spam is a fact of life. Because of the daily spam deluge (and those over-zealous anti-spam systems) many email communications require a follow up phone call… “did you get my email?”

You may not realize it, but if you send emails through your web hosting server or virtual server and operate a web hosting business, web development business or host your email with a web hosting company, you have likely had some trouble getting your emails through. Often the reason is that your server has been used to send spam without your knowledge. Most of today’s web hosting companies employ automated protection to stop such things, and catch abuse before it gets out of hand. But spammers are getting more clever and an increasing number of stealth spamming techniques can bypass these systems.

Many web hosting companies resell web hosting, and their resellers (unbeknownst to them) send out spam. This can result in the blacklisting of the entire server, and everyone on it, which will keep most (if not all) emails sent from the server from ever reaching their destinations. Of course, it is the web host’s responsibility to carefully monitor their clients and web sites on their server(s) to make sure this never happens. Traditionally, this hasn’t been too difficult. Today’s modern web hosting systems employ advanced abuse tracking and header info in every email making it easy to catch and stop this type of abuse before it becomes a problem.

Lately, however, this has become a lot harder. There is a new wave of spam abuse that hides under the radar, bypassing the web server’s normal email system(s) by opening up a small cgi program, which then operates as a small mail sending server, which then floods spam out onto the Internet. Unfortunately, none of the traditional monitoring systems are able to detect this sort of stealth spamming. Naturally, for this reason, it has become very popular.

Fortunately, here at TurnKey, we’ve figured out a fix for web hosts and developers using cPanel (this will work on other servers, such as Plesk and DirectAdmin as well). Our fix will stop stealth spam dead in its tracks! Until it is a built-in a feature in all hosting companies’ server offerings, make sure you ask your web hosting company to set this up for your server. Alternatively, you can pick a web hosting company that takes care of it themselves (like TurnKey Internet).

First, login to your cPanel server via the unix shell and install CSF firewall. Follow the usual instructions here:

mkdir /usr/local/src
cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar xfz csf.tgz
cd csf
./install.sh

On a cPanel based server, all the default settings are what you want, with 2 exceptions:

Open the configuration file in your favorite text editor (/etc/csf.conf) and change the following lines:

TESTING = “1” change to TESTING = “0”

NEXT:  you need to change 2 more lines, the SMTP_BLOCK and SMTP_ALLOWLOCAL to the following values:

SMTP_BLOCK = “1”

SMTP_ALLOWLOCAL = “0”

This will block outbound emails from anyone other than the mail server software, and prevent any unauthorized access to the mail daemon from local scripts.  Your web hosting clients, and web pages will still be able to send email like before (they use a proper method of communicating to the mail daemon already, this above trick is just to block stealth spammers from working).

 

restart the firewall by typing:

/etc/init.d/csf restart

If all goes well your server will now be protected by a firewall with an added check to prevent spammers from sending emails that avoid the normal php_mail or other local mail sending method (which lets you track and log all emails, put in abuse headers by default, etc.).

Next time on Ask the Expert, we will show you how to optimize your server to really cut down on abuse from spammers.

Follow Us :
Share :