Ukončen

Centos/WHM CSF setup and Wordpress Malware

Awhile back I disabled CSF and maybe related to that I am having some Wordpress malware issues. The most desired candidate would know how to get CSF set up on the CentOS/WHM server and could help find the Wordpress security issue.

One known Wordpress issue is a alternative page launches in addition to the expected page. The alternative is for system scans and other spam.

This is a sample of the CSF error messages to be resolved:

Firewall Check
RESTRICT_SYSLOG option check
Due to issues with syslog/rsyslog you should consider enabling this option. See the Firewall Configuration (/etc/csf/csf.conf) for more information
SMTP_BLOCK option check
This option will help prevent the most common form of spam abuse on a server that bypasses exim and sends spam directly out through port 25. Enabling this option will prevent any web script from sending out using socket connection, such scripts should use the exim or sendmail binary instead
LF_SCRIPT_ALERT option check
This option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scripts
SYSLOG_CHECK option check
This option helps prevent brute force attacks on your server services
URLGET option check
This option determines which perl module is used to upgrade csf. It is recommended to set this to use LWP rather than HTTP::Tiny so that upgrades are performed over an SSL connection
LF_IPSET option check
If support by your OS, you should install ipset and enable LF_IPSET when using Country Code (CC_*) filters
PT_ALL_USERS option check
This option ensures that almost all Linux accounts are checked with Process Tracking, not just the cPanel ones

Server Check
Check MySQL LOAD DATA disallows LOCAL
You should disable LOAD DATA LOCAL commands in MySQL by adding the following to the [mysqld] section of /etc/my.cnf and restarting MySQL:
local-infile=0
See this link
Check for cxs
You should consider using cxs to scan web script and ftp uploads and user accounts for exploits uploaded to the server
Check for CloudLinux
You should consider upgrading to CloudLinux which provides advanced security features, especially for web servers

SSH/Telnet Check
Check SSH PasswordAuthentication
For ultimate SSH security, you should consider disabling PasswordAuthentication and only allow access using PubkeyAuthentication
Check Background Process Killer
You should enable each item in the WHM > Background Process Killer

Mail Check
Check root forwarder
The root account should have a forwarder set so that you receive essential email from your server

Apache Check
Check Apache weak SSL/TLS Ciphers (SSLCipherSuite)
Cipher list []. Due to weaknesses in the SSLv2 cipher you should disable SSLv2 in WHM > Apache Configuration > Global Configuration > SSLCipherSuite > Add -SSLv2 to SSLCipherSuite and/or remove +SSLv2. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Check apache for TraceEnable
You should set TraceEnable to Off in: WHM > Apache Configuration > Global Configuration > TraceEnable > Off. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Check apache for ServerSignature
You should set ServerSignature to Off in: WHM > Apache Configuration > Global Configuration > ServerSignature > Off. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Check apache for ServerTokens
You should set ServerTokens to ProductOnly in: WHM > Apache Configuration > Global Configuration > ServerTokens > ProductOnly. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Check apache for FileETag
You should set FileETag to None in: WHM > Apache Configuration > Global Configuration > FileETag > None. Do not forget to Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf

PHP Check
Check php version
[/usr/local/bin/php]
Any version of PHP (Current: 5.4.45) older than v5.6.* is now obsolete and should be considered a security threat. You should upgrade exclusively to PHP v5.6+
Check php for enable_dl or disabled dl()
[/usr/local/bin/php]
You should modify /usr/local/lib/php.ini and set:
enable_dl = Off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration
Check php for disable_functions
[/usr/local/bin/php]
You should modify the PHP configuration and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
Check php for ini_set disabled
[/usr/local/bin/php]
You should consider adding ini_set to the disable_functions in the PHP configuration as this setting allows PHP scripts to override global security and performance settings for PHP scripts. Adding ini_set can break PHP scripts and commenting out any use of ini_set in such scripts is advised

WHM Settings Check
Check cPanel login is SSL only
You should check WHM > Tweak Settings > Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
Check boxtrapper is disabled
Having boxtrapper enabled can very easily lead to your server being listed in common RBLs and usually has the effect of increasing the overall spam load, not reducing it. You should disable it in WHM > Tweak Settings > BoxTrapper Spam Trap
Check max emails per hour is set
To limit the damage that can be caused by potential spammers on the server you should set a value for WHM > Tweak Settings > The maximum each domain can send out per hour
Check Reset Password for cPanel accounts
This poses a potential security risk and should be disabled unless necessary in WHM > Tweak Settings > Reset Password for cPanel accounts
Check Reset Password for Subaccounts
This poses a potential security risk and should be disabled unless necessary in WHM > Tweak Settings > Reset Password for Subaccounts
Check cPanelID for cpaneld
You should only enable this option if you are going to use it otherwise it is a potential security risk in WHM > Manage External Authentications > cpaneld
Check cPanelID for webmaild
You should only enable this option if you are going to use it otherwise it is a potential security risk in WHM > Manage External Authentications > webmaild
Check cPanelID for whostmgrd
You should only enable this option if you are going to use it otherwise it is a potential security risk in WHM > Manage External Authentications > whostmgrd
Check compilers
You should disable compilers WHM > Security Center > Compilers Tweak
Check FTP Logins with Root Password
Allowing root login via FTP is a considerable security risk and should be disabled WHM > FTP Server Configuration > Allow Logins with Root Password > No
Check proxy subdomains
This option can mask a users real IP address and hinder security. You should disable WHM > Tweak Settings > Proxy subdomains
Check accounts that can access a cPanel user
You should consider setting this option to "user" after use. WHM > Tweak Settings > Accounts that can access a cPanel user account
Check Referrer Blank Security
You should enable WHM > Tweak Settings > Blank referrer safety check
Check Referrer Security
You should enable WHM > Tweak Settings > Referrer safety check
Check Password ENV variable
You should enable WHM > Tweak Settings > Hide login password from cgi scripts
Check SMTP Restrictions
This option in WHM will not function when running csf. You should disable WHM > Security Center > SMTP Restrictions and use the csf configuration option SMTP_BLOCK instead
Check nameservers
At least one of the configured nameservers:
ns3.linkuphosting.net
ns4.linkuphosting.net
should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)
Check AppConfig as root
You should disable WHM > Tweak Settings > Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the "all" ACL in WHM

Server Services Check
Check server startup for portreserve
On most servers portreserve is not needed and should be stopped and disabled from starting if it is not required. This service is currently enabled in init and can usually be disabled using:
service portreserve stop
chkconfig portreserve off

Dovednosti: PHP, Bezpečnost na webu, WordPress

Zobrazit více: wordpress full setup, wordpress affiliate setup, setup wordpress pay setup small business website, setup dkim whm, setup dkimspf whm, eshop wordpress plugin setup, wordpress basic setup, setup invoices whm, wordpress design setup, setup ssh tunneling centos, wordpress site setup, wordpress blog setup job, setup ftp accounts centos, wordpress eshop setup, setup ssh tunnel centos, setup software raid centos linux, setup vpn server centos pptp, whm centos, setup vpn server centos, setup billing whm, tutorial setup billing whm autopilot paypal, setup pptp vpn centos, csf iptables centos, wordpress blog setup

O zaměstnavateli:
( 3 recenzí ) Albuquerque, United States

IČ projektu: #12209907

29 freelancerů učinili na tento projekt nabídku v průměrné výši $155

nmans

We are highly interested to work with you on this project and can assure you quality results ready to start immediately some of our developed websites are listed below Wordpress: http://www.wilsontenniscamps.c Více

$736 USD za 10 dní
(481 recenzí)
8.2
scriptphp87

Hello, I'm a professional programmer for web programming with php language to build the system website, Besides, I'm also expert in MySQL , HTML,HTML5,CSS, JS I'm always top in Vietnam freelancer [url removed, login to view] Více

$155 USD za 3 dní
(238 recenzí)
7.9
sapotacorp

Hi sir. Could you let me know what's your website? And what security system are you using? I'm an expert and professional guy. I have developed more than 200 wordpress sites. I can start immediately and provide highest Více

$143 USD za 3 dní
(309 recenzí)
7.3
NeOLiO

Hi there, I have checked project description. I am Neo and I am serving as system administrator at inboxdime.com. You are right that CSF module is the major security audit for WHM servers. I can fix your server a Více

$133 USD za 1 den
(147 recenzí)
6.9
VnBestSolutions

Dear Sir. We claim to get it done perfectly for you EXACTLY in the way you want it - Kindly give we a chance and we will prove myself - Ready to prove our words, let's get it done right away and I mean RIGHT AWAY !! Lo Více

$155 USD za 3 dní
(168 recenzí)
6.7
instaservpvtltd

Hi, Top 2% IN WORDPRESS AND PREFERRED GOLD BADGE WINNER BY THE FREELANCER.COM. We are a PREMIER GOOGLE PARTNER STATUS COMPANY ([url removed, login to view];idtf=2113617194;) and hence ensure all ou Více

$206 USD za 10 dní
(118 recenzí)
6.5
odessky

Hello! My name is Andrey. I'm from Odessa, Ukraine. I have right skills and great experience for begin working on your project just right now! You may show good reviews at my profile [url removed, login to view] Více

$111 USD za 2 dní
(131 recenzí)
6.3
codetrance

Do you update/upgrade your Wordpress regularly?. I can help you server side security setup. I'm looking forwards to your response. Thank you.

$100 USD za 1 den
(94 recenzí)
6.0
mvaqasuddin

hi there, how are you doing ? did you install any nulled plugin ? you could pm me right away and lets discuss the project details. Thanks

$250 USD za 3 dní
(137 recenzí)
6.3
arfharwinder

Hi, I can setup CSF and remove malware from wordpress site within few hours. I have fixed 2k+ wordpress sites from malware successfully. Thanks

$120 USD za 0 dní
(178 recenzí)
6.1
sr33raj

hello im a professional security researcher i found vulnerabilities on twitter yahoo dropbox etc check my profile here [url removed, login to view] i can remove the malware from your website and will help you to secure Více

$50 USD za 0 dní
(121 recenzí)
5.7
itsoftwarelab

Hi, We are an experienced and dynamic team of designers/ programmers, expertise in php, wordpress, Html,xHTML, javascript, jQuery (average years of experience of 10 years) and we work independently, efficiently, and Více

$277 USD za 3 dní
(50 recenzí)
5.7
leliksansl

Can help you with malware removal. SSH access required. thanks.......................................

$133 USD za 3 dní
(70 recenzí)
5.3
$100 USD za 1 den
(21 recenzí)
4.8
nizamec2012

Hello, I can check and resolve all the issue but i need more information about server configuration so please contact me so that i can check and proceed further. Thank you

$50 USD za 3 dní
(50 recenzí)
5.0
cuibeauty

Dear Sir, I am happy to be here to contact you. Sometimes a chance may change the whole life, and it will be that great chance of success of your business and life. "No pains, no gains", but you get me here, yo Více

$155 USD za 3 dní
(4 recenzí)
4.6
rockstars99

Hello, I am a 3+ year experienced php programmer having experience in wordpress custom plugin development and standard plugin usage like EventPro, WooCommerce, NextGen, SbLogin etc and developed logic based big p Více

$222 USD za 3 dní
(24 recenzí)
4.8
nivasoftvietnam

My hourly rate is ONLY $5 per hour = $40 per day (for 8 working hours).“Trial 30% your work before, pay later” is my work principle. We have a production warranty in 12 months if there are errors from what we made Can Více

$133 USD za 3 dní
(28 recenzí)
4.8
RWHTech

I run a web hosting service (WHM/CentOS) and have lots of experience setting it up, along with CSF. I will go over your entire WHM configuration, including CSF/Modsec, then I'll clean out the infected Wordpress instal Více

$150 USD za 1 den
(34 recenzí)
4.6
adamlachut

Hello, I clean and *secure* compromises website/hosting accounts on a daily basis so I'm sure I can help you with your Wordpress. I'll clean your hosting account from malware, but I will not configure CSF - in the co Více

$50 USD za 2 dní
(18 recenzí)
3.9