June 25, 2008
What is a Rootkit?
Rootkits are programs designed to access your dedicated server systems to intrude on and compromise your server. These rootkits are often designed as Trojans so that you do not suspect but can open a backdoor to your dedicated server so that they can attach and upload suspicious programs and applications to degrade your performance or bring down your website.
What is Rootkit Detection?
Rootkit detection can be handled in two ways:
- Via Managed Hosting from your dedicated web hosting provider.
- Via rootkit detection programs, which are a way you can self-manage your web server.
How do rootkit detection programs work?
Rootkit detection software is designed to detect rootkits and distinguish them from normal hidden files that are not suspicious and concealed for a purpose either by you as a webmaster or by the operating system by default. Most often, rootkit detection programs compare various views of your server system to find mismatches. When there is a mismatch, it usually points to something suspicious and the rootkit check will alert you to suspicious software, programs, Trojans, spyware, or malware on your machine.
Originally, rootkit checks would perform a check on the entire dedicated server system to view all files while inside the OS and then boot the Recovery Console to see that file list for comparison. In the second list, the rootkit program will search for files that do not show up in the first list. These hidden files are often rootkit culprits!
Do they work?
As with all software programs, it depends. Rootkit management programs are not meant to be used as a standalone system for customers new to dedicated server hosting. If you fall into that category, you are still better off purchasing Managed Hosting from your dedicated service provider, as they are professionals who will know the difference between default hidden files and corrupted malware.
Also, take note that rootkit programs are sold or downloaded AS IS, so there is never any guarantee of their success.
June 24, 2008
As a webmaster, you know the importance of a good spam blocking and virus protection program, and maybe you have learned from our dedicated server tutorials how to set con jobs for scheduled tasks, how to protect your system or administer backups, but did you know that there may be things you are unaware of trying to hack your server?
One of these necessary evils of dedicated server hosting is called a rootkit. A rootkit is simply a program usually designed by hackers who attempt to take control of your dedicated server without authorization. They can gain complete access to your system or install themselves as drivers, kernel modules, or other malware. They often go undetected and can seize control of your operating system and obscure the presence of potentially harmful viruses, commands, or Trojans.
Oftentimes, once a rootkit has hidden utility programs in your system, they open a backdoor to your server at any time of the day and can thus be severely harmful to the health of your dedicated server.
If your dedicated web host has a Managed Hosting option, you should look into it, as they often perform rootkit checks to ensure the security of your dedicated server. Remember, a good dedicated web hosting provider doesn’t want your server brought down either and will do everything in their power to keep you a happy customer.
June 18, 2008
You may be thinking why do I want to block IP addresses from my dedicated server? If you have never run a dedicated server before, you might not be aware that there are people who attempt to hack entire servers to bring websites down. There are many types of server attacks, and one of the most popular can occur from a single dedicated IP address – a DdoS attack!
In order to subdue the attacker and ban them from coming back, you will need to block their IP address from your dedicated server entirely. Luckily, you can do this in one simple step.
Add the following code to your .htaccess file, which can be found in your web server’s document root directory. More than likely this is named public_html, httpdocs, or webdocs.
<Limit GET>
order deny,allow
deny from 209.23.123.110
</Limit>
Adding this to .htaccess will block a single IP across your entire website and server! Be aware though: spammers and hackers alike can change their IP addresses very easily and most IPs that come from a home computer, for example, are not static and may update often. You can always add more IPs to your server, but this really showcases the importance of having a workable managed hosting solution on your dedicated server.
May 13, 2008
Big businesses and even startups and web 2.0 networks all have one thing in common – they need to market their website audience and they need to do it well and without getting spam-blocked by the end-user. There are actually several ways to avoid getting blacklisted, because unfortunately, even on a dedicated server, this can happen to you.
The first way to avoid getting blacklisted is to only market to customers or pre-sales clients who know they are entering into your mailing list and/or will need your product or service. Make sure you are using a mailing list client that has the option to include an unsubscribe link, as your marketing techniques are illegal otherwise. Also, if you have the ability to have customers opt or even double opt-in to receive the promotions and marketing materials, this would be a great idea.
Another thing to keep in mind is the number of emails you are marketing to. If you have a customer or marketing base that consists of thousands or even hundreds of thousands of email addresses, you’ll need to be especially careful. Sending out over 500 emails in one hour is the biggest concern of any dedicated server hosting customer, because not only can you get spam-blocked for sending out that many emails that quickly but your server might also get blacklisted by certain email providers like AOL and Yahoo, who are quick to act on spam-related issues.
A good way to keep the number of emails sent per hour down to a safe amount is through using cron jobs, which can be scheduled to send, for example, 5 emails per minute. If you have a customer base of 1500 recipients, that will only take 5 hours to complete. The best way you can handle this many emails is to talk to your dedicated web hosting provider upfront to see what their specific restrictions are for sending emails and marketing customers using mailing lists.
April 23, 2008
Apache, or sometimes known as Apache HTTP server is one of those magical things that make the web go around. If your server hosting was a picnic at the park, then Apache would be the blanket under that picnic meal.
It is used to serve static and dynamic content from a server on the web. Many of the Web’s applications are designed with Apache in mind or thanks to what it provides. It is the web server component also of the popular LAMP (linux, apache, mysql, perl). The biggest competitor to Apache is Microsoft’s IIS or Internet Information Services as it is sometimes called.
There is some debate as well on how Apache got it’s name. Some people say it was named after the Indian tribe with the same name and others say that it was due to the project’s roots as a set of patches to the codebase of NCSA HTTPd 1.3 - making it “a patchy” server.
April 7, 2008
Backing up your website is extremely important to the server security of your dedicated server, but you can’t forget about your server databases either! Your MySQL databases are the backbone of your website, especially if you are using it for database server hosting. In either situation, you cannot rely on manual backups of your dedicated server databases if you access them every day and if they are integral to your website’s success and uptime.
So below, we have included some helpful scripts that can be setup via cron jobs (scheduled tasks) on your server. These will automatically backup your databases for you, so you’ll never have to worry again! There are two options for these backups – you can either have them emailed to you or FTPed to you, both of which will assist with your dedicated web hosting experience.
MySQL backup via cron - Emailed to You
<?
$datestamp = date(”Y-m-d”); // Current date to append to filename of backup file in format of YYYY-MM-DD
/* CONFIGURE THE FOLLOWING SEVEN VARIABLES TO MATCH YOUR SETUP */
$dbuser = “”; // Database username
$dbpwd = “”; // Database password
$dbname = “”; // Database name. Use –all-databases if you have more than one
$filename= “backup-$datestamp.sql.gz”; // The name (and optionally path) of the dump file
$to = “you@remotesite.com”; // Email address to send dump file to
$from = “you@yourhost.com”; // Email address message will show as coming from.
$subject = “MySQL backup file”; // Subject of email
$command = “mysqldump -u $dbuser –password=$dbpwd $dbname | gzip > $filename”;
$result = passthru($command);
$attachmentname = array_pop(explode(”/”, $filename)); // If a path was included, strip it out for the attachment name
$message = “Compressed database backup file $attachmentname attached.”;
$mime_boundary = “<<<:” . md5(time());
$data = chunk_split(base64_encode(implode(”", file($filename))));
$headers = “From: $from\r\n”;
$headers .= “MIME-Version: 1.0\r\n”;
$headers .= “Content-type: multipart/mixed;\r\n”;
$headers .= ” boundary=\”".$mime_boundary.”\”\r\n”;
$content = “This is a multi-part message in MIME format.\r\n\r\n”;
$content.= “–”.$mime_boundary.”\r\n”;
$content.= “Content-Type: text/plain; charset=\”iso-8859-1\”\r\n”;
$content.= “Content-Transfer-Encoding: 7bit\r\n\r\n”;
$content.= $message.”\r\n”;
$content.= “–”.$mime_boundary.”\r\n”;
$content.= “Content-Disposition: attachment;\r\n”;
$content.= “Content-Type: Application/Octet-Stream; name=\”$attachmentname\”\r\n”;
$content.= “Content-Transfer-Encoding: base64\r\n\r\n”;
$content.= $data.”\r\n”;
$content.= “–” . $mime_boundary . “\r\n”;
mail($to, $subject, $content, $headers);
unlink($filename); //delete the backup file from the server
?>
MySQL backup via cron - FTPed to You
<?
$datestamp = date(”Y-m-d”); // Current date to append to filename of backup file in format of YYYY-MM-DD
/* CONFIGURE THE FOLLOWING THREE VARIABLES TO MATCH YOUR SETUP */
$dbuser = “”; // Database username
$dbpwd = “”; // Database password
$dbname = “”; // Database name. Use –all-databases if you have more than one
$filename= “backup-$datestamp.sql.gz”; // The name (and optionally path) of the dump file
$command = “mysqldump -u $dbuser –password=$dbpwd $dbname | gzip > $filename”;
$result = passthru($command);
/* CONFIGURE THE FOLLOWING FOUR VARIABLES TO MATCH YOUR FTP SETUP */
$ftp_server = “”; // Shouldn’t have any trailing slashes and shouldn’t be prefixed with ftp://
$ftp_port = “21″; // FTP port - blank defaults to port 21
$ftp_username = “anonymous”; // FTP account username
$ftp_password = “”; // FTP account password - blank for anonymous
// set up basic connection
$ftp_conn = ftp_connect($ftp_server);
// Turn PASV mode on or off
ftp_pasv($ftp_conn, false);
// login with username and password
$login_result = ftp_login($ftp_conn, $ftp_username, $ftp_password);
// check connection
if ((!$ftp_conn) || (!$login_result))
{
echo “FTP connection has failed.”;
echo “Attempted to connect to $ftp_server for user $ftp_username”;
exit;
}
else
{
echo “Connected to $ftp_server, for user $ftp_username”;
}
// upload the file
$upload = ftp_put($ftp_conn, $filename, $filename, FTP_BINARY);
// check upload status
if (!$upload)
{
echo “FTP upload has failed.”;
}
else
{
echo “Uploaded $filename to $ftp_server.”;
}
// close the FTP stream
ftp_close($ftp_conn);
unlink($filename); //delete the backup file from the server
?>
**MAKE ABSOLUTELY SURE that either script you use from above includes a .php extension. That file should have 755 permissions, and you MUST change the first variables to those specific to your website’s setup. Also, you MUST have a cron job setup in Cpanel and the path to the script needs to look like this: php /home/username/path-to-the-php-script. Just make sure you replace path-to-the-script with your script’s physical path. 
When talking about management of a dedicated server, there is a big tent of tasks and jobs that could fit under that description. Nobody has ever said, “Ok, these 12 things are what server management is all about” because new tasks always seem to be added to that list. Some of the rolls might include (but are not limited to):
Operating system updates, script updates, monitoring over the server, simple network and hardware monitoring, tech support for the dedicated server, security monitoring (including antivirus and firewall issues) DDoS protection and prevention and disaster recovery.
As you can see the job of anybody managing a server is a really big one. That isn’t even counting things like load balancing, performance tuning, software installs and more. As you can see I could go on and on with what is expected of a person or team who does the monitoring for any given server. If these are things you really have no real desire to do or jump into with both feet then you might be a good candidate for semi-managed or managed hosting.
April 4, 2008
You should have a look at the first 4 parts of this tutorial series on installing, configuring, and running APF (Advanced Policy Firewall) on a Dedicated Server before proceeding here, just to be sure your dedicated server is setup correctly with APF configurations. Here is a quick list to roundup these tutorials on dedicated web hosting and APF setup:
1. Installing APF on a Dedicated Server
2. Configuring APF on a Dedicated Server
3. Configuring AntiDOS on a Dedicated Server for APF (optional)
4. Starting APF on a Dedicated Server
Now, here are some helpful commands for your Firewall Usage. With these codes and options, you can do nearly everything necessary to run APF, block IP addresses, flush the firewall, etc. Please review these APF codes below and keep them handy for future reference.
Firewall Usage
Usage /usr/local/sbin/apf [OPTION]
OPTIONS are as below
-s|–start ……………………. load firewall policies
-r|–restart ………………….. flush & load firewall
-f|–flush|–stop ……………… flush firewall
-l|–list …………………….. list chain rules
-st|–status ………………….. firewall status
-a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall
-d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall
As an example, if you would like to deny an IP from accessing your sites, execute,
apf -d 123.123.123.123
Hopefully this tutorial series for APF on a Dedicated Server has been extremely helpful to you, but if you’re ever stuck, contact your dedicated web hosting provider and ask for Managed Hosting solutions.
April 3, 2008
After you have successfully installed and configured APF (Advanced Policy Firewall) on your dedicated server, you can optionally configure AntiDOS for DOS protection. Once done, you will need to start and run APF on your server, and below, you will find the steps necessary to do so.
Starting APF on Your Web Server
1. Edit /etc/apf/allow_hosts.rules and enter your IP (not a mandatory step, but will avoid being locked out of the server)
2. Start the firewall by executing the command apf -s
You should then see,
Development mode enabled!; firewall will flush every 5 minutes.
Now try to access all the services, including mail, ssh, and websites.
3. If you are able to access all the services, then open up /etc/apf/conf.apf, change the DEVEL_MODE=”1″ to read DEVEL_MODE=”0″
Then simply restart the firewall by executing apf –r and you should be done!
4. As a last step, you should execute the command “chkconfig –list apf” and confirm whether you see a similar entry like
apf 0: off 1: off 2: off 3: on 4: on 5: on 6: off
You should see it, exactly similar to above, but in case it is not like that, execute chkconfig –level 345 apf on
Congratulations, you have successfully installed APF! If these tutorials were over your head or you feel you may have done something erroneously, you ought to purchase Managed Hosting from Lunarpages, as they can offer APF installation completely free with your Managed Hosting purchase.
Please refer to our earlier tutorials on Installing APF on a Dedicated Server and Configuring APF on a Dedicated Server. If you do not wish to setup anti-DOS on your server, you can skip this series in the tutorial and move onto Starting APF.
Please note that this configuration is completely optional when setting up a dedicated web hosting server. While it can help protect your server and website from DOS attacks, there are also other ways to do this.
AntiDOS Configuration
1. Open up /etc/apf/ad/conf.antidos
2. Change LP_KLOG=”0″ to LP_KLOG=”1″
3. CONAME=”Your Company”
Enter your company name within quotes similar to CONAME=”Lunarpages”
4. USR_ALERT=”0″ to USR_ALERT=”1″
Change it to 1 only if you wish to receive email alerts.
5. USR=”you@yourco.com”
Enter your email address here similar to the entry made in step 3 (i.e in quotes).
6. Antidos is intended to operate via cron. This is a critical setup point as if not done, antidos will simply not operate.
Execute the command
crontab -e
*/2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1
This will run antidos every two minutes.
If this sounds too confusing for you or you are unsure about managing your dedicated server, you should definitely look into Managed Hosting from Lunarpages, as they offer free APF installation with your purchase. Check out our Dedicated Hosting Coupons page for more information on the latest deals from Lunarpages Dedicated Web Hosting.
