What makes a strong password ?
- It should be more than 8 characters
- It should contain alphabets, numbers and special characters like @#$%^&
- Use capital as well as small letters
- Do not use dictionary words or common words like 123, password, pass, your birth date, your name, etc
- Do not use same password for all your logins. Use a base word to help you remember your password but the password should not be exactly same.
How to create a password that is strong and easy to remember :
- Choose a base word lets say I choose I hate pass
- Now add some capital letters I Hate Pass
Make the 1st letter of every word capital.
- Add special characters I@Hate$Pass
Replace the spaces with special characters.
- Add some numbers I9@Hate8$Pass16
Add the the number of character in alphabets of 1st letter of each word at the end of word. Like here I is the 9th letter in alphabets so I added 9 after I similarly 8 for H and 16 for P.
- That’s it ! You have a strong password ready. Not you can modify the pattern slightly to use the same base word multiple times. For eg : while adding the number in the 4th step take the value of the last character in the word like 5 for E from Hate and 19 for S from Pass.
AjaXplorer helps you turn your web server into a powerful file management system : install once and access your files from anywhere. Organize, preview and share them, easily and securely. AjaXplorer comes fully equiped with a complete users management system, securing the whole installation at once. It can also be interfaced with existing authentication mechanisms, to implement a “Single-Sign On” system and make users life easier. Install AjaXplorer via Softaculous with just one click.
Here are some basic recommendations for securing your AjaXplorer installation :
1. Protect your folders from direct web access :
Under the main AjaXplorer installation folder, the following folders contents must be hidden from the web server. It is by default the case if you are using Apache, as .htaccess files are part of the distribution.
- ajaxplorer_install/data/[all subfolders except “public”], that is the default container for the « shared links » public files.
Note: concerning the .htaccess files under Apache, be sure to allow override of the Limit directives on your web server (contact your Webmaster).
If you can, do not use the default « files » folder placed inside the distribution, but create a repository pointing to a folder outside your web « document root ».
2. Basic security rules :
HTTPS usage is recommended by AjaXplorer, but you have to configure your server for that, it cannot be done automatically by AjaXplorer.
Always use strong passwords. There is a password minimum length option that is set to 8 characters by default.
3. Check for upgrade :
Security issues are always released with high priority by the AjaXplorer team, use the integrated upgrade tool to check if updates are available and apply them! You can also upgrade your AjaXplorer installation using Softaculous.
Soruce : http://ajaxplorer.info
Since the past few days the SSHD Rootkit issue has caused havoc amongst server admins. It is still unknown how the attackers manage to get root access to the servers and modify the keyutils-libs package. This has been affecting mainly 64 bit Operating Systems with control panels like cPanel, Direct Admin, Plesk, Webuzo, etc.
We recommend every server admin to check whether your server has been affected. To do so please type the following command :
root> ls -la /lib*/libkey*
If the list displays any of the following files, your server may be compromised :
The symlink of /lib64/libkeyutils.so.1 will be pointing to one of the above files instead of the following correct ones e.g. libkeyutils-1.2.so
In order to remove this, you will need to do the following :
1) Remove the wrong file which is there on your system, e.g.
root> rm -rf /lib64/libkeyutils-1.2.so.2
2) Remove the symlink as well, e.g.
root> rm -rf /lib64/libkeyutils.so.1
3) Make a symlink to the correct file :
root> ln -s /lib64/libkeyutils-1.2.so /lib64/libkeyutils.so.1
Then restart the system. Restarting the services will do no good. So please restart the system.
Though there is a possibility of the server being re-infected I have personally found from more than 20 servers I manage, that servers with NON-STANDARD SSH ports were not infected.
Hence please do change the SSH port for your servers safety.
Talk back: Have you noticed the SSHD rootkit on your servers? What have you done to clean up your infected servers? Please do share with everyone.
Simple Machines Forum SMF in short is a free, professional grade software package that allows you to set up your own online community within minutes.
Its powerful custom made template engine puts you in full control of the lay-out of your message board and with our unique SSI – or Server Side Includes – function you can let your forum and your website interact with each other. It is designed to provide you with all the features you need from a bulletin board while having an absolute minimal impact on the resources of the server. SMF is the next generation of forum software.
Once you have installed SMF one more task remains is to restrict bots from your forum. SMF can be installed with one click via Softaculous.
How to restrict bots from your SMF installation :
1. Email Activation
- Turn on email activation for all new registered members.
- Login to Admin panel » Administration Center » Registration » Settings
- Choose the method of registration for new members.
- This will not allow new members to post unless they activate their account.
2. Code Verification before posting for new members
- Login to Admin panel » Administration Center » Security and Moderation » Anti-Spam
- Change the value for “Post count under which users must pass verification to make a post” value to 10 (or more if you want).
- This will ask the user to pass verification unless they reach the above amount of posts.
3. Code Verification for new Registrations
- Login to Admin panel » Administration Center » Security and Moderation » Anti-Spam
- Enable “Require verification on registration page”
- This will make all the new registrations to enter a verification code in order to register on your forum.
- Choose among the various verification methods available.
4. That’s it !!
- We have made the registration process difficult for the bots.
- And even if they manage to register they wont be able to mess up due to code verification added in step 2.
Source : codefap.com
WordPress is one of the most popular blog today. As it is the most popular application there are numerous hackers who are honing their skills to make it to the big leagues.
WordPress is pretty secure and they provide frequent updates but we can make the installation more secure by following some simple steps :
1. The most easiest way is to be updated with WordPress
WordPress provides security updates immediately if a loop hole is detected, so being updated with WordPress will help you to be more secure. It hardly takes a minute to update WordPress with Softaculous.
2. Generic admin username
Most users make a mistake by continuing with the default username for the administrator account ie is admin. Its a common username and every hacker would know that. Choose a username other than admin you can use your name i.e. john as your username. You can choose the username on the install form.
3. Choose a Strong Password
Using a simple password is a bad idea. Use a password that is more secure to let the hackers stay away from you. Use a combination of alphabets, numbers and special characters.
4. Secure permissions to the config file
The wp-config.php file contains all the configuration and settings of WordPress, exposing this file to hackers is a very big threat to your blog they could easily inject malware into your blog or delete the content on your blog. The solution for this is to revoke the permission to the config file. The WordPress config file is wp-config.php which located in the root directory of your installation. Change the permission to something safe like 0600 if suPHP is enabled on your server. You can ask your host to confirm which permission is suitable on your server.
5. Backup regularly
Backing up your installation is very important because if your installation is hacked you can restore your installation from the backup. You should always take a back up of your database and files, it is recommended to take a weekly backup of your data there are several plugins that will do it for you or you can use Softaculous to backup and restore your installation.
Make a point to update the plugins when there is an update available. It is always a good idea to be updated. Also, if you are not using a specific plugin, delete it.