Knowledgebase

Portal Home > Knowledgebase > Articles Database > Server Security


Server Security




Posted by smrtalex, 10-09-2007, 12:05 PM
Trying to determine what I want to put on my server for security. I have secured my /tmp, /var/tmp, and /dev/shm. I am now contemplating mod_evasive, mod_security, and/or APF Firewall. 1.) Should I install all three, or will APF Firewall, provide the same or similar security as mod_security, or vice versa? 2.) Will they all work together without conflicts? 3.) Does installing these services have any affect on overall server performance? 4.) Any other services you might recommend installing and why? Thanks in advance for any assistance!
Posted by @Matt, 10-09-2007, 12:20 PM
You may want to think of installing rootkit and BFD.
Posted by internetbrother, 10-09-2007, 12:29 PM
My probider installed i rootkit and BFD\ but am I safe now? I suppose I have to configure them but I do not know how need a 100min video tutorial for that
Posted by smrtalex, 10-09-2007, 01:16 PM
I agree on the rootkit and BFD. But still wondering about my first 3 questions.
Posted by chrda, 10-09-2007, 05:29 PM
You should install all 3 APF is your core firewall BFD used APF, checks logs for fishy people and bans them throug apf You can config Mod_evasive to ban through apf, if it find the webuser fishy Mod_security is good, if you find live update rulesets But it eat more of your hardware. But using all 3 will make your system more secure.
Posted by smrtalex, 10-09-2007, 06:50 PM
Thanks! You have confirmed my thoughts. Last question, would be how these services affect overall server performance?
Posted by whmcsguru, 10-10-2007, 10:36 AM
Instead of APF/BFD/ETC , you should consider CSF, which can interact with things like mod_security easily enough, and is easily enough configured. mod_evasive really isn't a "security" measure, and isn't necesary if a proper firewall is installed.
Posted by chrda, 10-10-2007, 11:57 AM
I still set my finger on APF If you test the RAB settings, you will be amazed It automatic bans the ip if it tries more than etc 3 ports. Istead of etc psad that scans the logs for port scans. So every portscanner will get a instant deny instead of a delayed one.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
CPanel with Multiple Ethernet Adapters (Views: 464)
What kind of Certificate do I need? (Views: 480)
Problems moving a H-Sphere account. (Views: 465)
Empty reply from server (Views: 455)
MCHost Forums Gone? (Views: 500)

Language: