Likes: 
Ik heb CSF geinstalleerd op DirectAdmin en bij extra features/administrator settings de Brute force monitoring aangezet. Dit is echter de eerste keer dat ik zelf de beveiliging probeer te regelen.
Dat het nodig is blijkt min of meer direct:
Ik zie dat deze ip's nu automatisch op de Deny IP list staan bij CSF. Ik heb echter nog een aantal warnings en ik zou graag heel China blocken (zoals ik via htacces ook doe op mijn websites). Echter bij CSF stond een warning dat bij een te groot land de server traag zou worden. Toch maar niet doen dus?A brute force attack has been detected in one of your service logs.
IP 116.10.191.164 has 80 failed login attempts: sshd5=80
IP 116.10.191.170 has 189 failed login attempts: sshd5=189
IP 116.10.191.177 has 122 failed login attempts: sshd5=122
IP 116.10.191.197 has 195 failed login attempts: sshd5=195
IP 116.10.191.198 has 165 failed login attempts: sshd5=165
IP 116.10.191.202 has 159 failed login attempts: sshd5=159
IP 116.10.191.211 has 102 failed login attempts: sshd5=102
IP 116.10.191.218 has 196 failed login attempts: sshd5=196
IP 116.10.191.224 has 121 failed login attempts: sshd5=121
IP 116.10.191.231 has 86 failed login attempts: sshd5=86
IP 116.10.191.238 has 204 failed login attempts: sshd5=204
IP 198.23.143.160 has 70 failed login attempts: sshd4=18 & sshd5=52
IP 208.43.101.243 has 12 failed login attempts: sshd4=12
IP 5.34.244.111 has 14 failed login attempts: dovecot1=14
IP 60.190.71.52 has 44 failed login attempts: sshd4=34 & sshd5=10
IP 61.174.50.177 has 103 failed login attempts: sshd5=103
IP 61.174.51.201 has 200 failed login attempts: sshd5=200
IP 61.174.51.204 has 165 failed login attempts: sshd5=165
IP 61.174.51.205 has 150 failed login attempts: sshd5=150
IP 61.174.51.214 has 98 failed login attempts: sshd5=98
User admin has 471 failed login attempts: sshd5=471
User minecraft has 9 failed login attempts: sshd4=9
User nagios has 7 failed login attempts: sshd4=7
User oracle has 8 failed login attempts: sshd4=8
User postgres has 6 failed login attempts: sshd4=6
User root has 2016 failed login attempts: sshd5=2016
User test has 16 failed login attempts: dovecot1=14 & sshd4=2
Ik heb nog de volgende "fouten" in de security check
Firewall Check
Stonden zo veel warnings bij met een lijst afhankelijken die ik allemaal niet herken dat ik het niet om durf te schakelen.Code:RESTRICT_SYSLOG option check Due to issues with syslog/rsyslog you should consider enabling this option. See the Firewall Configuration (/etc/csf/csf.conf) for more information
Server Check
Niet kunnen vinden in de DirectAdmin UI plugin van CSF.Code:Check MySQL LOAD DATA disallows LOCAL You should disable LOAD DATA LOCAL commands in MySQL by adding the following to the [mysqld] section of /etc/my.cnf and restarting MySQL: local-infile=0 See this link
Ben niet van plan nu al van OS te wisselen.Code:Check for CloudLinux You should consider upgrading to CloudLinux which provides advanced security features, especially for web servers
SSH/Telnet Check
Levert dit geen probleem op omdat DirectAdmin de SSH toegang regelt? Users die ik los aanmaak via root kunnen namelijk uberhaupt geen SSH gebruiken tenzij ik "AllowUser" aan de config toevoeg.Code:Check SSH on non-standard port You should consider moving SSH to a non-standard port [currently:22] to evade basic SSH port scans. Don't forget to open the port in the firewall first!
Zou ik nog een keer kunnen proberen met behulp van Google. Geen ervaring mee tot heden.Code:Check SSH PasswordAuthentication For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
Levert dit nog problemen op? Draai zelf geen dns.Code:Check SSH UseDNS You should disable UseDNS by editing /etc/ssh/sshd_config and setting: UseDNS no Otherwise, lfd will be unable to track SSHD login failures successfully as the log files will not report IP addresses
Mail Check
Nog nooit van exim gehoord.Code:Check exim for extended logging (log_selector) You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add: log_selector = +arguments +subject +received_recipients to /etc/exim.conf
Apache Check
OK
PHP Check
Zit hier iets bij wat problemen oplevert met Joomla of Wordpress?Code:Check php for disable_functions You should modify the PHP configuration and disable commonly abused php functions, e.g.: disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
Zit hier iets bij wat problemen oplevert met Joomla of Wordpress?Code:Check php for ini_set disabled You should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised
DirectAdmin Settings Check
Geen SSL certificaat.Code:Check DirectAdmin login is SSL only You should enable SSL only login to DirectAdmin
Server Services Check
"Most servers", wanneer dan wel?Code:Check server startup for portreserve On most servers portreserve is not needed and should be stopped and disabled from starting if it is not required. This service is currently enabled in init and can usually be disabled using: service portreserve stop chkconfig portreserve off
Ik hoop dat er iemand met wat meer ervaring is die een aantal van deze puntjes kan toelichten!
mvg
Quote
