Security
cPanel Brute Force Protection – regaining access
cPanel comes with a great feature called brute force protection. The problem is, if you mis-type your password 5x in a row or if you have multiple people in the office, like we do, that try to get into various services and they combine to have 5 missed passwords in a row (ssh, mail, and whm logins all quality) then you will lock yourself out of your system. Here are some tips & tricks that will help you regain access. Gaining Initial Access The easiest and quite possibly ONLY way to get back into your system is by logging in from a different IP address. Sometimes you can do this by re-initializing your modem/router if you are on a DHCP assigned address from your ISP. This is usually the case for residential service from DSL companies like AT&T (no other ...
Cyber Sprocket IP Blacklist
The following IP addresses have been blacklisted on our servers due to excessive break-in attempts. If your internet service provider (ISP) or internet presence provider/web host (IPP) is on this list your servers (or desktop computer) will not be able to access any of the Cyber Sprocket servers or the servers we manage for our clients. If your IP address is on this list and you wish to be removed send us a request via the Contact Us form requesting access to our servers, the reason for your access request, and the specific IP address that you want to use to talk to our servers. Each whitelist request will be considered on a case-by-case basis. We also recommend that you contact your ISP/IPP and ask them to deal with the hackers that ...
0 Comment | Posted in Security,System Administration,blog
June 30, 2010
Upgrading Logwatch on CentOS 5
Introduction I finally got tired at looking at the thousand-plus line daily reports coming to my inbox from Logwatch every evening. Don't get me wrong, I love logwatch. It helps me keep an eye on my servers without having to scrutinize every log file. If you aren't using logwatch on your Linux boxes I strongly suggest you look into it and turn on this very valuable service. Most Linux distros come with this pre-installed. The problem is that on CentOS the version of logwatch that comes with the system was last updated in 2006. The logwatch project itself, however, was updated just a few months ago. As of this writing the version running on CentOS 5 is 7.3 (released 03/24/06) and the version on the logwatch SourceForge site is 7.3.6 (updated March 2010). In this latest version there are a log of nice updates to the scripts that ...
0 Comment | Posted in Networking Utilities,Security,System Administration,Tips & Tricks,applications,blog
May 31, 2010
SFTP Tips & Tricks
Using Keyfiles To Access SFTP Services You can use the private key .pem files to allow you to connect via SFTP on a server that only allows key access. The trick is to get the .pem file that Amazon gives you onto the sever that you will be using to connect to the EC2 instance. When you store the .pem file on the local box, you will need to ensure the security level is set to 500 (r-x------). Here is an example: # sftp -o IdentityFile=my-amazon-given-key.pem root@domU-11-22-33-00-CC-11 We often use this trick to talk to our Amazon EC2 instances as they do not allow password based authentication by default. This is a good security mechanism as only people with an authorized key file can gain access. It also gives you a quick an easy way to shut down all access keys by disabling a single key file, essentially shutting down access from an entire group ...
0 Comment | Posted in Networking Utilities,SSH,Security,Tips & Tricks,blog
December 09, 2009
Logon To Your Linux Box Using SSH Keys
I've been recently working with AWS EC2 instances and have found that the SSH keys that they require for secure login practices actually have some nice benefits. For one thing, once I've generated a keyfile that uniquely identifies me on my local PC, I can use that keyfile to quickly and easily login to any server without having to remember passwords and login credentials. Having to get in and out of over a dozen different servers every week, and nearly 100 different servers over the course of a year, the use of key sharing certainly has the potential to save a lot of keystrokes. In a nutshell, here is the pieces that make it work: Create a unique fingerprint on your local machine Initalize the SSH environment for your user login on the remote environment Store that fingerprint in the SSH environment on the remote system Once you have completed these steps, you will be ...
0 Comment | Posted in Cloud Computing,Desktop Apps,SSH,Security,Tips & Tricks,blog
November 12, 2009
IP Based Firewall with cPanel
CPanel/WHM Based Systems If you are using a web server from a web hosting company, chances are the CPanel/WHM is the system admin interface you use to manage your server. The current revision of CPanel/WHM (Mar 5th, 2008) appears to rely on the host access file as a method of preventing access to the system. Access to iptables or ipchains rules is not readily apparent, however it is possible that we have overlooked these options. Blocking An IP Range The steps below will help you research who is connecting to your box and how to block them from gaining access to your system through software based IP blocking. Real World Example This implementation is based on our experiences after turning on the Logwatch utility on our web server. The logwatch report for PAM shows sshd authentication failures. From our most recent report: --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: ...
0 Comment | Posted in Hosting,Security,System Administration,blog
March 05, 2008
Creating and Installing SSL Certs via SSH
Certificate Signing Request (CSR) Apache + Open SSL Login as root cd /usr/bin/ (/your path to openssl/) openssl genrsa -des3 -out <name_of_your_certificate>.key 1024 You will need to enter a passphrase for your key here, and then enter it again in the next step. openssl req -new -key <name_of_your_certificate>.key -out <name_of_your_certificate>.csr At this point you'll have to enter information about the site/owner of the SSL cert. Keep in mind that the common name (CM) is actually the address of the site (without http://, etc), and that each cert is only for one host. IE: yoursite.com is not the same as www.yoursite.com. Some certs can be created with multiple/alternative common names. You'll need the contents of the csr file to create the cert on godaddy or whichever cert site you're using. Either download it or VI, and copy and paste the contents. Installing SSL Certificate and the Intermediate Certificate Once you've gotten the actual certs from the cert site ...
