Few Tips to on how to secure a VPS

Few Tips to on how to secure a VPS

A) To disable Formmail in order to stop spam mails –

1) Command to find Mails –
find / -name “[Ff]orm[mM]ai*”

2) Command to find CGI mails –
find / -name “[Cc]giemai*”

3) To disable form mails –

chmod a-rwx /path/to/filename

this is will disable all the scripts.

B) Root kits should be installed –

– Set a root kit on a cron job, this will show if any one has hacked in the roots.
– Update the roots

1) Command to install chrootkit –

cd /root/
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvzf chkrootkit.tar.gz
cd chkrootkit-0.44

2) To run chkrootkit –


C) Installation of a root breach detector and warning of any emails –

pico .bash_profile

At the end of the page –


echo ‘ALERT – Root Shell Access on:’ `date` `name` | mail -s “Alert: Root Access from `the person accessing | awk ‘{print $6}’`” [email protected]

Thereafter save the changes


2) To release an SSH message –

pico /etc/motd

thereafter enter the message

Save changes


D) Changes to be made in WHM/cpanel to secure server –

Log in to cpanel>Server setup>Tweak settings

a) Domains –

Prevent users from parking/adding domains.

b) Mail –

Prevent pop3 connections loading

c) System –

Jailshell should be used as a default shell for all the accounts.

d) Server setup>Tweak security
1) Enable php open_basedir Protection
2) Enable mod_userdir Protection

e) Server setup>Manage Wheel Group Users
1) Remove all other users except for root and main account users.

f) Server setup > Shell Fork Bomb Protection
1) Enable Shell Fork Bomb Protection

g) Service Configuration>FTP Configuration
1) Disable Anonymous FTP

h) Account Functions>Manage Shell Access
1) Disable shell access

I) Mysql>MySQL Root Password
1) Change root password

j) Security>Run Quick Security Scan>Trojan Horses –
1) The following are not Trojan –


Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.