KamranOnline
August 18th, 2008, 02:44
WebServer Management Service (http://ehost.ir/webmanagement.php)
سیستم مدیریت سرورهای اختصاصی و مجازی شرکت ای هاست بدین صورت است:
*
WHM/CPanel Technical Issues
System updates, debugging errors, patching bugs, system compatibility checks, etc....
* 3rd Party Software Installation
Fantastico, RVSkin, CpanelPro, CpanelXp, ClamAV, Mailscanner, URCHIN, ZendOptimizer, Ioncube, GD, Curl, Freetype, Eaccelerator, Ruby on Rails, ImageMagick, Perl modules, etc....
* Initial Server Setup
If you have a new server, we'll setup and configure the server completely from scratch to get the server ready for your use!
* The removal of any unnecessary software and insecure packages
* Server Backup Restoration
If your server requires a restore, we'll restore all of your backups returning your server back to normal.
* Disaster Recovery & Hack Recovery
If your server is crashed or hacked, we will determine the cause and rebuild your system from backups
* Server Migration
If you are moving accounts from one server to another, we will migrate them for you from the old server to the new server. You must have root access and CPanel running on both the old server as well as the new server.
CHKRootKit - a simple program that detects hacker software and notifies you if any has been detected via email
RootKit Hunter - scanning tool to ensure your system does not have any backdoors or exploits
Securing and Upgrading of SSH Server - increases security during ssh connections
APF Firewall - the most commonly used policy based iptables firewall system (CSF Firewall can be installed upon request instead of APF)
Anti-DoS configuration for APF Firewall - helps mitigate denial of service type attacks
Brute Force Detection - notifies you of numerous login authentication failures and automatically blocks the attackers ip in the firewall
Log Analysis Software Installation - Emails are dispatched daily, the amount of detail in the emails can be changed on request
System Integrity Monitor - 24x7 Internal Monitor that checks all services and restarts them if they are down
SPRI - changes the priority of different processes in accordance to level of importance, hence increasing server performance
Secure and Optimize Apache (HTTP) - tweaks apache to perform better, and prevent unnecessary information from being easily seen
MySQL optimization - increases performance of MySQL
host.conf hardenening - prevent dns lookup poisoning & spoofing protection
nsswitch.conf modification - secure and optimize DNS lookups
sysctl.conf hardening - helps prevent TCP/IP stack from syn-flood attacks and other network abuses
FTP Hardening - upgrade and secure your ftp software
Removal of unused software - prevents exploits and wasted resources
Removal of old logs - regain wasted space by deleting old archived logs
Shell Fork Bomb/Memory Hog Protection - prevents a user logged into a shell from consuming all the resources on the server
Root Logger - logs and emails you everytime someone accesses root with the timestamp and their ip address
MyTOP - tool for monitoring MySQL threads and processes
Filemanager - allows you to edit system files through WHM in case SSH is inaccessible
Mod_Security - protects against common url based hack injections (installed upon specific request only)
Mod_Evasive - defends http based attacks (installed upon specific request only)
PHP Tightening - tweaks php to run in a safer and restricted evironment (installed upon specific request only)
* An upgrade of the kernel
* A discussion and planning of the deployment strategy using either the phone or instant messenger
* Doing an audit of vulnerability on the host
* Installing all upgrades for the operating system software by the operating system vendor
* Services and SSH server hardening
* Disabling any dangerous PHP functions
* The installation and configuration of either the host firewall or the firewall of your choice
* Bruteforce protection on your system
* A configuration for active response when common attacks occur
* The installation necessary to install system resource reports
* Hardening of sysctl and host.conf
* Making mount points safe and secure
* Limiting network and compiler applications
* Daily scanner reports from Rootkit and/or Exploit
* Checks to verify file system integrity, including the installation and configuration of Samhain
* An audit of your system and hardware optimization, along with any recommendations to help optimize your system
* The installation and configuration of Mod_Security on your system
* Allow live apache traffic monitoring on your system by setting up mod_scoreboard
* iptables SPI firewall (csf) csf is a full featured SPI (Stateful Packet Inspection) iptables firewall configuration application written by ourselves
* Login failure detection (lfd) lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits
* Stop unnecessary processes Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running
* Logcheck Logcheck is configured to send you logs file emails once per hour using regular expression matches on the major server log files
* Logwatch Logwatch is a daily report that summarises the information contains in the major server log files
* WHM configuration check WHM configuration options are checked for security and performance configuration and changes where deemed appropriate
* OpenSSH configuration check OpenSSH is checked to ensure only SSHv2 protocol is enabled
* Switch from proftpd to pure-ftpd Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers
* Rootkit Hunter Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation
* Chkrootkit Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach mod_security mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. We will install and configure the optional cPanel mod_security module for Apache v1 and v2
* Host spoof protection Helps prevent IP spoofing and DNS cache poisoning
* Operating System check Check to ensure that the servers OS is updating and, if not, an update is run Name server configuration check If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups
* Disk check Ensure disks are correctly mounted and clean up any old files to free space where possible
* Kernel check Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation)
* Apache tune and check *** Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary
* MySQL tune and check *** Check that mysql is correctly configured and tuned for your servers requirements
* Enhanced log rotation Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability
* Day of the week backup rotations If you have a separate backup disk and sufficient space for additional backup rotations we will add "day of the week" backup rotations that renames the daily/ backup to the day of the week plus the date so that you will always have 7 daily backups.
سیستم مدیریت سرورهای اختصاصی و مجازی شرکت ای هاست بدین صورت است:
*
WHM/CPanel Technical Issues
System updates, debugging errors, patching bugs, system compatibility checks, etc....
* 3rd Party Software Installation
Fantastico, RVSkin, CpanelPro, CpanelXp, ClamAV, Mailscanner, URCHIN, ZendOptimizer, Ioncube, GD, Curl, Freetype, Eaccelerator, Ruby on Rails, ImageMagick, Perl modules, etc....
* Initial Server Setup
If you have a new server, we'll setup and configure the server completely from scratch to get the server ready for your use!
* The removal of any unnecessary software and insecure packages
* Server Backup Restoration
If your server requires a restore, we'll restore all of your backups returning your server back to normal.
* Disaster Recovery & Hack Recovery
If your server is crashed or hacked, we will determine the cause and rebuild your system from backups
* Server Migration
If you are moving accounts from one server to another, we will migrate them for you from the old server to the new server. You must have root access and CPanel running on both the old server as well as the new server.
CHKRootKit - a simple program that detects hacker software and notifies you if any has been detected via email
RootKit Hunter - scanning tool to ensure your system does not have any backdoors or exploits
Securing and Upgrading of SSH Server - increases security during ssh connections
APF Firewall - the most commonly used policy based iptables firewall system (CSF Firewall can be installed upon request instead of APF)
Anti-DoS configuration for APF Firewall - helps mitigate denial of service type attacks
Brute Force Detection - notifies you of numerous login authentication failures and automatically blocks the attackers ip in the firewall
Log Analysis Software Installation - Emails are dispatched daily, the amount of detail in the emails can be changed on request
System Integrity Monitor - 24x7 Internal Monitor that checks all services and restarts them if they are down
SPRI - changes the priority of different processes in accordance to level of importance, hence increasing server performance
Secure and Optimize Apache (HTTP) - tweaks apache to perform better, and prevent unnecessary information from being easily seen
MySQL optimization - increases performance of MySQL
host.conf hardenening - prevent dns lookup poisoning & spoofing protection
nsswitch.conf modification - secure and optimize DNS lookups
sysctl.conf hardening - helps prevent TCP/IP stack from syn-flood attacks and other network abuses
FTP Hardening - upgrade and secure your ftp software
Removal of unused software - prevents exploits and wasted resources
Removal of old logs - regain wasted space by deleting old archived logs
Shell Fork Bomb/Memory Hog Protection - prevents a user logged into a shell from consuming all the resources on the server
Root Logger - logs and emails you everytime someone accesses root with the timestamp and their ip address
MyTOP - tool for monitoring MySQL threads and processes
Filemanager - allows you to edit system files through WHM in case SSH is inaccessible
Mod_Security - protects against common url based hack injections (installed upon specific request only)
Mod_Evasive - defends http based attacks (installed upon specific request only)
PHP Tightening - tweaks php to run in a safer and restricted evironment (installed upon specific request only)
* An upgrade of the kernel
* A discussion and planning of the deployment strategy using either the phone or instant messenger
* Doing an audit of vulnerability on the host
* Installing all upgrades for the operating system software by the operating system vendor
* Services and SSH server hardening
* Disabling any dangerous PHP functions
* The installation and configuration of either the host firewall or the firewall of your choice
* Bruteforce protection on your system
* A configuration for active response when common attacks occur
* The installation necessary to install system resource reports
* Hardening of sysctl and host.conf
* Making mount points safe and secure
* Limiting network and compiler applications
* Daily scanner reports from Rootkit and/or Exploit
* Checks to verify file system integrity, including the installation and configuration of Samhain
* An audit of your system and hardware optimization, along with any recommendations to help optimize your system
* The installation and configuration of Mod_Security on your system
* Allow live apache traffic monitoring on your system by setting up mod_scoreboard
* iptables SPI firewall (csf) csf is a full featured SPI (Stateful Packet Inspection) iptables firewall configuration application written by ourselves
* Login failure detection (lfd) lfd is integrated with csf to block hacking attempts from your internet facing services and detects system intrusions/rootkits
* Stop unnecessary processes Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running
* Logcheck Logcheck is configured to send you logs file emails once per hour using regular expression matches on the major server log files
* Logwatch Logwatch is a daily report that summarises the information contains in the major server log files
* WHM configuration check WHM configuration options are checked for security and performance configuration and changes where deemed appropriate
* OpenSSH configuration check OpenSSH is checked to ensure only SSHv2 protocol is enabled
* Switch from proftpd to pure-ftpd Pure-ftpd is considered more secure and lighter on server resources compared to proftpd on cPanel servers
* Rootkit Hunter Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation
* Chkrootkit Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach mod_security mod_security apache module is a security layer in apache that helps prevent exploitation of vulnerable web scripts. We will install and configure the optional cPanel mod_security module for Apache v1 and v2
* Host spoof protection Helps prevent IP spoofing and DNS cache poisoning
* Operating System check Check to ensure that the servers OS is updating and, if not, an update is run Name server configuration check If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups
* Disk check Ensure disks are correctly mounted and clean up any old files to free space where possible
* Kernel check Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation)
* Apache tune and check *** Check that apache is correctly configured and tuned for your servers requirements and that it is the latest version and upgrade if necessary
* MySQL tune and check *** Check that mysql is correctly configured and tuned for your servers requirements
* Enhanced log rotation Not all server logs files are correctly rotated on a default cPanel server, so we add rotation options to logrotate to ensure that they are correctly rotated to help disk performance and application stability
* Day of the week backup rotations If you have a separate backup disk and sufficient space for additional backup rotations we will add "day of the week" backup rotations that renames the daily/ backup to the day of the week plus the date so that you will always have 7 daily backups.