Author Topic: How to Secure CWP webserver  (Read 63931 times)

0 Members and 4 Guests are viewing this topic.

Offline
**
How to Secure CWP webserver
« on: April 18, 2016, 07:52:53 AM »
My cwp webserver is getting hacked , can somebody guide me to make it more secure. Thanks

Offline
*****
Re: How to Secure CWP webserver
« Reply #1 on: April 18, 2016, 09:44:20 AM »
Hello.

If your PHP scripts have a "holes" you can use "File System Lock" from CWP.User . This will help.
But if the root password was compromised, nothing help. Reinstall OS only.
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
http://centos-webpanel.com/services-monitor
Join our Development Team and get paid !
http://centos-webpanel.com/develope-modules-for-cwp

Installation Instructions
http://centos-webpanel.com/installation-instructions
Get Fast Support Here
http://centos-webpanel.com/support-services

Offline
*****
Re: How to Secure CWP webserver
« Reply #2 on: April 18, 2016, 03:09:06 PM »
change ports for cwp and ssh, disable pure ftp if you're not using it. rebuild Apache to latest 2.2.31. use csf and Nginx reverse proxy.

Offline
**
Re: How to Secure CWP webserver
« Reply #3 on: April 19, 2016, 08:50:15 AM »
Thanks for the reply. I meant the some of the websites especially designed using wordpress are getting hacked. I am using csf but I don't know much about Ngnix.


Regards, 

Offline
*****
Re: How to Secure CWP webserver
« Reply #4 on: April 19, 2016, 09:07:03 AM »
nginx is more secure than apache use it as reverse proxy to handle all your legit traffic. most threats and ddos are stopped by nginx

WordPress sites are getting hacked mainly for outdated themes and plugins else the platform is secure
« Last Edit: April 19, 2016, 09:09:15 AM by Sandeep »

Offline
**
Re: How to Secure CWP webserver
« Reply #5 on: April 19, 2016, 09:41:24 AM »
Thanks for the reply. Could you please guide me how to configure nginx .


Regards,

Offline
*****
Re: How to Secure CWP webserver
« Reply #6 on: April 19, 2016, 01:17:27 PM »
Go to apache > web server > select apache + nginx
After installing nginx the installation will ask u to rebuild vhost.

Offline
**
Re: How to Secure CWP webserver
« Reply #7 on: April 20, 2016, 03:56:25 AM »
Thanks for the help

Offline
**
Re: How to Secure CWP webserver
« Reply #8 on: April 20, 2016, 05:18:52 AM »
Dear Sandeep,

Do you have any idea about using letsencrpyt with CWP.


Regards,

Offline
*
Re: How to Secure CWP webserver
« Reply #9 on: April 20, 2016, 06:26:35 AM »
I did play around with the letsencrypt SSL few days ago, taking me quite some times to get it installed.

First, you must make sure you have at least the Python v2.7.x or above, and also the virtualenv installed.

Install the letsencrypt.
Quote
cd /root
git clone https://github.com/letsencrypt/letsencrypt10
cd letsencrypt
./letsencrypt-auto

And if you get the following error, please refer to the link, https://www.digitalocean.com/community/tutorials/how-to-set-up-python-2-7-6-and-3-3-3-on-centos-6-4, to get the virtualenv installed.
Quote
virtualenv: command not found

In fact, I still got the error (not virtualenv error, could not remember thou) when running ./letsencrypt-auto command. So, I did in manual method to generate the SSL.
Quote
./letsencrypt-auto certonly --webroot -w /home/your_domain/public_html -d your_domain.com -d www.your_domain.com

Then,  copy the SSL into /etc/pki/tls directory.
Quote
cp -f /etc/letsencrypt/live/your_domain/cert.pem /etc/pki/tls/certs/your_domain.cert
cp -f /etc/letsencrypt/live/your_domain/fullchain.pem /etc/pki/tls/certs/your_domain.bundle
cp -f /etc/letsencrypt/live/your_domain/privkey.pem /etc/pki/tls/certs/your_domain.key

At your CWP, go to Apache settings >> SSL cert manager, on your right hand side form, choose the cert, user & enter your domain; then install SSL. Done.

Note: Make sure you have the 443 port open in firewall & listen to port 443.

You may test the score of SSL cert at https://www.ssllabs.com/ssltest.
At the beginning, I got the score C and after did some researches, I added the following lines onto this file /usr/local/apache/conf.d/vhosts-ssl.conf.
Quote
....
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
....
Restart the apache.

I got the score A now.  ;D Hope this guide will help you. Cheer.
« Last Edit: April 20, 2016, 07:02:19 AM by infinitech07 »

Offline
*****
Re: How to Secure CWP webserver
« Reply #10 on: April 20, 2016, 12:24:08 PM »
follow the guide posted above by infinitech07

Offline
*
Re: How to Secure CWP webserver
« Reply #11 on: April 20, 2016, 01:26:54 PM »
Thank you for your insparing posts. I created an account such as cp.domain.com and followed all steps.
Now, ssl works great but i cannot reach the cwp via 2031 port.

You can check the links below;

- https://cp.domain.com:2031/ (ERR_SSL_PROTOCOL_ERROR)
- http://cp.domain.com:2031/  (NON-SECURE CONNECTION)
- http://cp.domain.com:2030/  (ANOTHER NON-SECURE CONNECTION)

My purpose to provide secure connection to cwp. Could you help me to solve this?
« Last Edit: April 21, 2016, 09:44:49 AM by alafurtanfuni »

Offline
*****
Re: How to Secure CWP webserver
« Reply #12 on: April 20, 2016, 01:31:20 PM »
access
your server ip:2031

eg :
192.168.0.1:2031

Offline
*
Re: How to Secure CWP webserver
« Reply #13 on: April 20, 2016, 01:36:47 PM »
https://123.123.123.123:2031  :'( same result

I want to use a secure connection. Because of this, i created cp.domain.com account and ssl for that domain.

Let's Encyript SSL works on cp.domain.com quite well.
« Last Edit: April 21, 2016, 09:44:22 AM by alafurtanfuni »

Offline
*****
Re: How to Secure CWP webserver
« Reply #14 on: April 20, 2016, 02:32:06 PM »
check the port in this file : cwp-ssl.conf it must be 2031 not 2030 or any

Location :
Code: [Select]
/usr/local/cwpsrv/conf.d/cwp-ssl.conf
« Last Edit: April 20, 2016, 03:59:38 PM by Sandeep »