Out of curiosity, and my own benefit, I would really like to know what all the server admins are doing to protect their servers from outside attacks and possible threats.

In other words, what are you guys doing to protect your servers.

I feel a growing paranoia, that as long as I continue to grow(my compnay) more and more enemies will arise, whom are out to get me, and bring us into the ground. I don't know if this is a shared paranoia.

Typically, I've used:

1. mod_security
2. mod_evasive
3. SSHblack
4. PortSentry

ensure that any externally accessible applications on your servers are free of known exploits, subscribe to the app's news feed (to watch for security updates), and make sure they're patched regularily.

What doe portSentry do. I haven't come across that yet.

I can guess *-)

If your really willing to protect your self, it is a good idea to find someone who knows servers really well, and have them join your team. I currently have 5 server techs who monitor my servers around the clock. My techs know what to protect. I've had my share of hackers, but nothing to serious. But again, it is a good idea to get someone who knows what their doing to help you out a bit.

Just my 2 cents

I do currently have a few people. Not as many as you though. However, being the owner of the server, I'd like to know every aspect of it. I'm not they type of guy who can just let others do something for me. I like to get involved, and know what's going on.

This is why I raised the question . Thanks for your advice tho. It really would have been helpful.

A few key pointers off the top of my head

1) Don't give up any information about your server software or platform. Change favicons, default server headers, default error messages etc.

2) Limit access to known admin ports such as web based server admin ports, ssh, ftp etc. Lock them down to specific ip addresses. Something like IPFilter is good for this.

3) If you use any open source blogging or similar apps change the default file locations especially to admin folders.

4) Ensure all forms thouroughly clean and validate any user input.

5) Ensure you have a strict password policy and learn about username/password enumeration to prevent brute forcing.

6) Don't allow directory listings.

7) Don't use predictable directory names such as "admin".

8) Be paranoid.

Quote:

Originally Posted by Monkey Do

8) Be paranoid.

Just because I'm paranoid doesn't mean someone isn't out to get me.

Thanks for the info Monkey . Appreciate it.

Complex passwords, firewall, and brute force blocking is the minimum I would recommend.

IDS Sensor and Checkpoint

All of our servers have 2 nics in them, one on a private network and one exposed to the public. Services like SSH are accessable only through the private network (which I can access with my local machine using a VPN).

It's pretty nice, because it means the only ports that the world can see are 80 and 443. Everything else is hidden.

Quote:

Originally Posted by Monkey Do

7) Don't use predictable directory names such as "admin".

Although I have used/installed Wordpress on a site before it has been some considerable time since I last used it myself. A couple days ago I installed Wordpress 2.5.1 in a subdirectory of a new project I am involved with.

I changed the wordpress directory name because I prefer another name. No posts have been made on the blog yet. I have only customized a theme for the blog so far.

I am pretty sure I read, some years ago, when I first used Wordpress, that changing directory names, etcetera, from defaults could cause problems when you backup Wordpress and when you do other "maintenance" tasks.

I would like to follow your advice and definitely change the Wordpress "admin" name(s) and, possibly, the "admin" directory, but I really need to avoid causing myself problems associated with making such changes.

If such name changing is still a problem I figure that changing the "admin" name might manifest it.

Is anyone aware of such Wordpress issues?

Incidentally, IF changing the "admin" name does not cause problems should I have changed its name before I uploaded and "activated" the wordpress blog or does it not matter?

Change the name of mysite.com/wp-admin/*admin.php*, mysite.com/*wp-admin*/, mysite.com/*wp-login.php*/ or all three?

mysite.com/wp-login.php/ appears to redirect to mysite.com/wp-admin/

Use a the klingon dictionary for passwords.

Try "Ssentry.com" <- this is my small "child", still beta... I want to finish works into two weeks.