Well said. To expound a bit more:
Your server's protection needs to not be done one time and then "ooh, I'm done with it". No, that's not how things work. In fact, that makes things MORE vulnerable, because people tend to take that approach, and ignore updates completely.
#1: Start with a good firewall. Something like CSF . Now, this won't protect you FULLY from "hack/crack" attempts, but it will do well in closing things off, alerting you when funny stuff happens, and banning multiple password failures, if you let it.
#2: Listen to what your server (and thusly your firewall) is telling you. Believe it or not, they have voices, and they WILL tell you when something funny is acting up. You may not understand it, but they will. Go through your logs, have them mailed to you (or the condensed versions anyways), know when someone logs in, from where, and what they're doing.
#3: UPDATE YOUR SOFTWARE!!!
This is critical. Many people think that they can get by with kernels which are out of date, or php which is out of date because they don't want to update. No, these updates come out for a reason, and many of them come out with exploit fixes.
#4: Patch php!!!
DON'T use phpsuexec (or suphp), but DO use something like suhosin to harden php up, secure the vulnerabilities and whatnot.
#5: Use Externals!
External software (mod_dosevasive, mod_security (with the right ruleset), etc) is very good for keeping things (somewhat) secure.
Keeping a server secure , updated, and running is an art. It's not something you're going to learn overnight, hell it's something I'm still learning after 10+ years in the Linux business. As attacks change base, you need to change the methods of security with them. A few years back, all you really needed was a firewall, now you need MUCH more than that to keep things going decently.
|