Three security problems on my server. How do I fix it?

[nman14]

Ok, I have had three problems in the past. The first was I had someone sending spam emails from my server and the provider shut my server down. ( not even giving me time to make backups) The second problem I have had was a hacker getting into my server and starting to delete many accounts. I rebooted the server and changed the pass before he could get to them all. And the last problem I sometimes have is clients using too much of my servers resources. Now lets get to the questions:

1: How do I stop people from sending spam emails? Is there a way to set how many emails can be sent out in an hour? If so how do I set it? (Cpanel/whm Linux fedora)

2: I had a firewall installed when the hacker got into my server but not BFD. Could this have been the problem? I also had somewhat of a week password. (xxxxxx##) What can I do to prevent this from happening again?

3: How do I limit the amount of recourses an account can use?

any help would be great. Thanks!

 

[ANMMark]

hello nman14, and welcome to HD.

I will run down through your questions in order.

Q1a: How do I stop people from sending spam emails?

A: If you figure this one out, let us all know.

Q1b: Is there a way to set how many emails can be sent out in an hour? If so how do I set it? (Cpanel/whm Linux fedora)

A: Absolutely. Log into WHM. The first section on your menu on the left should be "Server Configuration". Under that section, click "Tweak Settings". You will find a setting there for: "The maximum each domain can send out per hour (0 is unlimited):". Simply adjust this as you see fit.

Additionally, check the box next to "Prevent the user "nobody" from sending out mail to remote addresses (PHP and CGI scripts generally run as nobody if you are not using PHPSuexec and Suexec respectively.)"

Q2: I had a firewall installed when the hacker got into my server but not BFD. Could this have been the problem? I also had somewhat of a week password. (xxxxxx##) What can I do to prevent this from happening again?

A: Firewalls are not the end all of security. Some firewalls can be easily bypassed, and if the hacker can crack your password, there is no amount of Firewall protection that will help you, because a firewall can then be disabled by an experienced hacker. Start with the basics, and make your password stronger. Use letters, numbers, and symbols in your password. These are much harder to crack and can even take brute force attacks decades to determine the correct calculation and formula.

Q3: How do I limit the amount of recourses an account can use?

A: This is done when creating your hosting packages, and can also be done when you edit a user's account via WHM.

The best thing to do is read WHM/CPanel's documentation as it outlines much of this already.

 

[ldcdc]

The best thing to do is read WHM/CPanel's documentation as it outlines much of this already.

It looks to me like the OP also needs someone to manage that server.

 

[nman14]

When I say limit resources, I mean Ram and CPU usage. Thanks

 

[ANMMark]

Similarly, you would login to WHM, and go to the Security section, and then Modify Apache Memory Usage.

This will calculate your memory usage based on past usage, and set new safe limits. Once you do this it will add a few extra lines to httpd.conf which will outline the new limits in bytes, and if you're comfortable editing httpd.conf, you can lower the limits manually, etc.

 

[nman14]

thanks for the help. Any more info would be great!

 

[indyamail]

I assume you have a dedicated server -

1: How do I stop people from sending spam emails? Is there a way to set how many emails can be sent out in an hour? If so how do I set it? (Cpanel/whm Linux fedora)

-- Spamassasin/MailScanner/ClamAV (Or all 3). for controlling spam.
-- Get your SPF Records done, same for Domainkeys and SenderID
-- WHM Tweak Settings option will let you limit/cap the outbound emails per hour (per domain)

2: I had a firewall installed when the hacker got into my server but not BFD. Could this have been the problem? I also had somewhat of a week password. (xxxxxx##) What can I do to prevent this from happening again?

-- Install CSF Firewall or APF with antidos protection
-- Make sure WHM's security tweaks are all in place and enabled
-- Make sure server is secured or find someone (A server admin) for the same
-- Consist root passwords (or any passwords) using both upper and lower case alphabets, numbers and symbols like ($ or @).

3: How do I limit the amount of recourses an account can use?

-- WHM Reseller Settings
-- CPanel Modify Account
-- WHM - install mod security & mod bandwidth.

Hope this helps.

 

[kevins]

Maybe IPSentry, cheap and works great.

 

[ANMMark]

kevins, I believe the OP was looking for assistance, not product placement, or product/service suggestions.