Setting Up Zend Optimizer Tutorial Published: Oct 02, 2004
  • Rating

    3/5

10 Steps to Securing your Server is an easy to follow guide that everyone should use to secure the basics of a web server. Follow this guide to prevent your server from getting hacked.

10 Steps to Securing your Server

So many people are getting their own dedicated servers but are completely clueless about security. Usually they leave it up to the company where they purchase it or hire someone. That's fine but make sure you have these 10 items covered.

1) Use a Firewall
Make absolutely sure that your server has a firewall running all the time. A firewall is like a screen door to your porch. It blocks out flies, rodents and other pests but you can still walk out and use your BBQ. If someone ever were to get into your server, which is very very likely, the first thing they're going to try and do is upload something to start a daemon or their own service like an IRC server or use a port to launch attacks to other systems. A firewall with egress and ingress protection can stop both incoming and outgoing attacks even when you're not aware of it. We recommend using APF on Linux systems or TinyFirewall on Windows Servers. These are software firewalls so there's no extra monthly cost like a hardware firewall. For very busy systems a hardware firewall is recommended so it takes the burden off your system CPU/RAM and resources to do the work.

Know what ports are open and why, know how to block and unblock an IP. These are basic things you need to understand in the daily security of your system. If someone from an IP begins a brute force attack you want to know how to stop them, right away. Installing APF Firewall, Preventing Brute Force Attacks, Installing KISS Firewall

2) Update your kernel and OS
Make sure your server is using current, updated software. Use the stable version which has been tested more than any beta and update as soon as possible. An old kernel can lead to an easy target for your server. If you're not sure then ask your provider for the latest update.


3) Monitor Logs
Do you know what logs record which activities? How often are they updated and rotated?
LogWatch is a great tool to email you the daily reports of your systems activity of anything it determines unusual, EG repeated failed logins. Besides using this you should check your logs manually to see what’s up. Tail –f /var/log/messages and view your Apache logs as well. Apache Log Files Explained

4) Backups
I still never understand why no one backs up their data yet you spend hundreds of hours working on your website or application then you absolutely must have a second hard drive for backups or use a remote back up system or a combination of these. Second Hard Drive Means Life or Death

5) Limit Access to a Minimum
Do not give users more access than the absolute minimum they require. Never give them shell access, restrict file access to a bare minimum and leave other services turned off by default until specifically requested and you determine that its safe to do so.


6) Lock down PHP and use Mod_Security with Apache
PHP is actually a large security risk but there are a few things to do to help lock it down. CGI has Suexec,which helps runs proccesess as the user and PHP has something similar called PHPSuexec but there are a few downfalls. You should also use open_base directory protection, have safe_mode on system wide, turn off register_globals, enable_dl and allow_url_open to help lock things down further.

You can use server wide protection with mod_security, a web server filter that can watch all requests to see if they match a rule and react by logging, denying the request or other programs. I highly recommend this on Apache based servers and can be extremely useful in blocking attacks and stopping hackers before they do any damage. Securing Safe Mode , Installing Mod_Security


7) Lock /tmp /var/tmp and /dev/shm partitions
On Linux each partition can have certain access restrictions. Since /tmp /var/tmp and /dev/shm are world writable directories they’re often home to uploads, sessions storage and hacker executables. Since anyone can read-write-excute anything from these directories it becomes a major security concern. With /etc/fstab however you can limit what can be done in these locations. If you see defaults beside the /tmp line remove it and replace it with noexec,nosuid this will stop any executables from being allowed to run. Do the same for /dev/shm and make /var/tmp and shortcut (symbolic link) to /tmp. Securing Your TMP Partition

8) Intrusion Detection System (IDS)
An intrusion detection system or IDS is like a burglar alarm on your server. It keeps a record of which files were changed when and alerts you of anything new or altered. This is critical because hackers usually try to replace binary applications like ps, top, netstat and others. This means when you run this new version of ps or top to see processes running they make it so it actually HIDES their hacker software, even though its running it won’t show up. Some IDS systems include TripWire, Snort and AIDE. Installing Chkrootkit

9) Review Processes Running and Remove Extra Software
You can’t protect a system if you don’t know what’s on it. If a hacker adds an extra process that you see in PS but you wouldn’t notice if you didn’t know what should be there usually. Know what runs on your system and why which user. How does Perl or Apache run, under which user? You can check your processes usually with top or ps auxfww which gives you a tree view. Check these every time you login to your server. Getting started with Shell (SSH) , Common Shell Commands

10) Keep an Eye on the Servers Performance
Know what speed your server is running at and how much bandwidth it uses on a daily basis. If an attacker compromises your system and you don’t know you’ll probably notice the system responding slowly or using a lot of bandwidth. If you don’t know what your system is usually like how will you notice something out of the ordinary. This is all common sense but some people never bother to check until they ask their provider after a system has been slow for 2 weeks – it’s usually to late then. Server Loads Explained

Knowing your system makes you one step ahead of an intruder. Check it often and ask an expert if you’re ever over your head. There are MANY other things you can and should do to ensure your server is secure but these are a few basics that everyone should use.

If you have anything you’d like to add please post in our forums or comment on this article.

About the Author:
Steven Leggett is the editor of the server resource and hosting tutorial site, www.webhostgear.com and specializes in system administration and web development.

  • Rating

    3/5

Related Articles

Comments (18)

  • Gravatar - Danny Medina
    Danny Medina 17:34, April 24, 2005
    Excellent Zend setup tutorial. It worked beautiful. Thanks :)
  • Gravatar - Alberto Marlboro
    Alberto Marlboro 01:31, June 1, 2005
    Good Ideia of Zend.(?!?!@)<br />
    <br />
    Gives Zend Optimizer for FREE...(ohh) and CHARGES you 960 U$ for the encoder.<br />
    <br />
    Let me know if Im wrong.
  • Gravatar - Petter Rogstad
    Petter Rogstad 15:45, September 9, 2005
    When I try to run install.sh (from the browser?) - it can not be found.<br />
    <br />
    An other question - can you uncompress after you have uploaded the file?<br />
    <br />
  • Gravatar - John barnes
    John barnes 07:26, November 16, 2005
    I am trying to get my OS Commerce powered system listed on the internet. I am not tech savy. Will the zend optimizer allow me to do that particular procedure?
  • Gravatar - Worked
    Worked 03:35, February 14, 2006
    Awesome guide, worked flawlessly
  • Gravatar - Sib
    Sib 18:08, May 25, 2006
    This is the best tutorial I have seen until now. Very hard to find this especialy for noobs like me. But still i'm looking for answers.<br />
    My serever is running whit plesk 7.5 and not cpanel;<br />
    my OS is FedoraCore 2 - linux 2.6.5-1.358; <br />
    Do i upload in binary or acsii mode;<br />
    When you talk about uncompress.. install.... is it still via ftp or is it SSH that I recently discovered; <br />
    in wich folder schould i install....<br />
    <br />
    Well in case of reply thank you for you'r time?<br />
    Sib.
  • Gravatar - Ray Bridges
    Ray Bridges 18:13, May 25, 2006
    Great Tutorial. I'm getting pretty good with the CL thanks to online Tutorials like this. Pretty soon I'll have some real skills.
  • Gravatar - sib
    sib 18:35, May 25, 2006
    This is the best tutorial I have seen until now. Very hard to find this especialy for noobs like me. But still i'm looking for answers.<br />
    My serever is running whit plesk 7.5 and not cpanel;<br />
    my OS is FedoraCore 2 - linux 2.6.5-1.358; <br />
    Do i upload in binary or acsii mode;<br />
    When you talk about uncompress.. install.... is it still via ftp or is it SSH that I recently discovered; <br />
    in wich folder schould i install....<br />
    <br />
    Well in case of reply thank you for you'r time?<br />
    Sib.
  • Gravatar - insight
    insight 14:34, July 12, 2006
    This is really easy, just log into your Linux server as root and type this in the comand line<br />
    <br />
    /scripts/installzendopt<br />
    <br />
    and now just follow the prompts !
  • Gravatar - user
    user 22:09, December 11, 2006
    dont work.
  • Gravatar - Ash
    Ash 17:48, March 19, 2007
    @insight : that only works if you have Cpanel/WHM installed on your server.
  • Gravatar - Gaurav Mudgil
    Gaurav Mudgil 09:56, April 17, 2007
    Hi i followed your tutorial to install the zend optamizer .But when it ask me to restart the web server i press yes and after some time it gives me the msg "Installation failed to restart please restart it manually"<br />
    <br />
    then i restart my web server.<br />
    <br />
    but when i type php -v it gives the following message<br />
    <br />
    PHP Warning: Unknown(): Unable to load dynamic library '/usr/lib/php4/php4_cybersource.so' - libstdc++.so.4: cannot open shared object file: No such file or directory in Unknown on line 0<br />
    PHP 4.3.10 (cgi) (built: Dec 21 2004 10:27:48)<br />
    Copyright 1997-2004 The PHP Group<br />
    Zend Engine v1.3.0, Copyright 1998-2004 Zend Technologies<br />
    with Zend Extension Manager v1.2.0, Copyright 2003-2007, by Zend Technologies<br />
    with Zend Optimizer v3.2.6, Copyright 1998-2007, by Zend Technologies<br />
    <br />
    After that when i go to install my hotel reservation system and open it's index.php it gives the parse error of unexpected T_STRING.<br />
    <br />
    So plz help me out to solve this problem.<br />
    <br />
    With Regards<br />
    Gaurav Mudgil<br />
    <br />
  • Gravatar - khurram
    khurram 18:21, June 24, 2008
    Excellent tutorial......and overall outstanding website with greatly n nicely explained tutorials.......keep it up...<br />
    three cheers for webhostinggear.com
  • Gravatar - arunsv
    arunsv 06:30, October 24, 2008
    Gr8..nice work..excllent tutorials...<br />
    <br />
    Cheers...
  • Gravatar - Charles
    Charles 04:41, December 11, 2008
    Dear Sir,<br />
    <br />
    I am a new user of Dedicated Server, Please help me to install Zend Optimizer, thanks!<br />
    <br />
    1. My system: Fedora Core 6.0<br />
    I should download which Zend Optimizer?<br />
    <br />
    2. How to install<br />
    I should Unzip and upload Zend Optimized to server and which folder?<br />
    <br />
    3. What's my next step?<br />
    <br />
    Regards!<br />
    <br />
    Charles<br />
  • Gravatar - Abhijit
    Abhijit 11:18, September 18, 2009
    Dear Sir i followed your steps but it didnt happen..<br />
    <br />
    I use php4 on godaddy hosting....<br />
    <br />
    i never had an ./install.sh file this is what i get : -<br />
    <br />
    [letsgetjobs@p3nlh192 ~]$ tar xvfz ZendOptimizer-3.3.9-linux-glibc23-i386.tar.gz<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/md5<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/Inventory.xml<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/EULA-ZendOptimizer<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/README-ZendOptimizer<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/LICENSE<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_3_x_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_3_x_comp/ZendOptimizer.so<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_1_x_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_1_x_comp/ZendOptimizer.so<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_2_x_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_2_x_comp/ZendOptimizer.so<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_0_x_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_0_x_comp/ZendOptimizer.so<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_4_x_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_4_x_comp/ZendOptimizer.so<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/poweredbyoptimizer.gif<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_2_0_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/4_2_0_comp/ZendOptimizer.so<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/<br />
    ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so<br />
    [letsgetjobs@p3nlh192 ~]$ cd ZendOptimizer-3.3.9-linux-glibc23-i386<br />
    [letsgetjobs@p3nlh192 ZendOptimizer-3.3.9-linux-glibc23-i386]$ ls -1<br />
    EULA-ZendOptimizer<br />
    Inventory.xml<br />
    LICENSE<br />
    README-ZendOptimizer<br />
    data<br />
    md5<br />
    [letsgetjobs@p3nlh192 ZendOptimizer-3.3.9-linux-glibc23-i386]$<br />
    <br />
    but there is no install.sh file .....<br />
    <br />
    Please help
  • Gravatar - baggins
    baggins 23:05, January 4, 2010
    I have the web program trying to install, it says it is encoded with zend encoder and needs zend optimizer to run the install.<br />
    The server I am going to have the website on is an MTA one, and a windows server using PLESK not C. I down loaded the optimizer (the LINUX and windows), uploaded the windows one to the server and trying to install it there, but it wont install or even go to the install wizard. <br />
    How do you get this program to install on the server, it will go into the install wizard on my windows computer but not on the server.
  • Gravatar - Linux
    Linux 10:51, November 15, 2010
    I can't find install.sh file when i unzip ZendOptimizer packet :(

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2018 WebHostGear.com