Snowman
23-01-2008, 02:46 PM
As some of you may know there has been a lot of new viruses and trojans appearing in recent weeks across the internet, including a spate of javascript and iframe injections on sites.
In order to ensure he continued security and stability of our servers we will be implementing a number of security changes to our cPanel servers effective from Midnight tonight.
SSH Users
For ultimate SSH security, we will be disabling PasswordAuthentication and only allowing access using PubkeyAuthentication. For more information on how to use SSH in this manner please refer to the following articles:
http://www.securityfocus.com/infocus/1810
and
http://www.unixwiz.net/techtips/putt...h.html#keypair (http://www.unixwiz.net/techtips/putty-openssh.html#keypair)
SSH will also no longer be accessible on port 22 but will now be on port 22351
PHP Changes
We will be turning off dynamic loading of modules in PHP dl() so if you are using a script that relies on things such as Ioncube loaders or any other module loaded dynamically you will need to check with the developers of your script for the alternative loading options
We will also be progressively turning all servers to Register Globals = Off over the upcoming weeks, however we will be doing this server by server and announcing 2 weeks prior so that everyone has pleny of time to adjust scripts, in particular oscommerce, to the new arrangement
People using Joomla and mambo will notice this change will secure their setups further and no warnings will be present after the change
We are also going to be installing SUHOSIN on all servers to harden the php configuration. You can read more info on this at http://www.hardened-php.net/suhosin/
This will be done at the same time as the register globals changes are done as the processes will require an apache rebuild to complete them.
OTHER SECURITY MEASURES
All clients and resellers are URGED to ensure that FTP, Cpanel and email passwords are secure and changed on a regular basis.
its also very advisable to make passwords random as using simple words etc make it very easy for people to gain access.
I suggest creating random passwords using the tool at http://www.pctools.com/guides/password/
if you do change your cpanel passes you can also update them in the Client Info section of our helpdesk so they are uptodate in our system.
All users are also encouraged to ensure they have the very latest anti virus software and updates to its virus library installed and run frequently on their PC's as we have seen a lot of people with problems of late, particularly with Internet Explorer 7 related trojans
I do apologise for the lack of pre warning of these changes but they are critical in our ongoing efforts to ensure the stability and security of our servers.
if anyone has any queries or concerns please let us know
Regards
Steve Kemp
Alpine Internet
In order to ensure he continued security and stability of our servers we will be implementing a number of security changes to our cPanel servers effective from Midnight tonight.
SSH Users
For ultimate SSH security, we will be disabling PasswordAuthentication and only allowing access using PubkeyAuthentication. For more information on how to use SSH in this manner please refer to the following articles:
http://www.securityfocus.com/infocus/1810
and
http://www.unixwiz.net/techtips/putt...h.html#keypair (http://www.unixwiz.net/techtips/putty-openssh.html#keypair)
SSH will also no longer be accessible on port 22 but will now be on port 22351
PHP Changes
We will be turning off dynamic loading of modules in PHP dl() so if you are using a script that relies on things such as Ioncube loaders or any other module loaded dynamically you will need to check with the developers of your script for the alternative loading options
We will also be progressively turning all servers to Register Globals = Off over the upcoming weeks, however we will be doing this server by server and announcing 2 weeks prior so that everyone has pleny of time to adjust scripts, in particular oscommerce, to the new arrangement
People using Joomla and mambo will notice this change will secure their setups further and no warnings will be present after the change
We are also going to be installing SUHOSIN on all servers to harden the php configuration. You can read more info on this at http://www.hardened-php.net/suhosin/
This will be done at the same time as the register globals changes are done as the processes will require an apache rebuild to complete them.
OTHER SECURITY MEASURES
All clients and resellers are URGED to ensure that FTP, Cpanel and email passwords are secure and changed on a regular basis.
its also very advisable to make passwords random as using simple words etc make it very easy for people to gain access.
I suggest creating random passwords using the tool at http://www.pctools.com/guides/password/
if you do change your cpanel passes you can also update them in the Client Info section of our helpdesk so they are uptodate in our system.
All users are also encouraged to ensure they have the very latest anti virus software and updates to its virus library installed and run frequently on their PC's as we have seen a lot of people with problems of late, particularly with Internet Explorer 7 related trojans
I do apologise for the lack of pre warning of these changes but they are critical in our ongoing efforts to ensure the stability and security of our servers.
if anyone has any queries or concerns please let us know
Regards
Steve Kemp
Alpine Internet