It is assumed that you have already installed APF (Advanced policy firewall) on your cPanel dedicated web server. Once, APF is installed do the following:

Edit the antidos configuration file of APF with the command:

nano /etc/apf/ad/conf.antidos

Find the string LP_KLOG=”0″ and change it to LP_KLOG=”1″

Now, find for CONAME=”Your Company”

Enter your company name within quotes for example

CONAME=”SupportFacility.Com”

Now find for the string USR_ALERT=”0″ and change it to USR_ALERT=”1″

This is so that you can receive email alerts.

Now enter your email address here:

USR=”something@yourdomain.com”

Now you have to set it in cron for this give the following command:

crontab –e

*/5 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1

This will run antidos every five minutes.

This article is released by SupportFacility.Com — the leaders in providing outsourced technical support, live chat support & help desk support for web hosts. Interested ? Opt for a trial now.

Any web hosting provider would like to secure SSH root access on their dedicated web servers, to achieve this, my little contribution to you all. I hope this helps you all.

Add a user on the dedicated server

To begin, SSH into your server as root. Once you’re logged in, you should see a shell prompt similar to:

root@server[~]#

The command to add a user is as below. I will be using the username as “support”.

root@server[~]# /usr/sbin/adduser support

Once the user is added you can verify by using the below command:

root@server[~]# cat /etc/passwd | grep support

Set a password for the user (support)

Use the below command to set password for the user “support”:

root@server[~]# passwd support

Note: Make sure you pick a secure password which will consist between 6-8 characters, and will contain letters, numbers, and punctuation marks.

To make sure this user account that you have created works, open another SSH window and proceed to log in with the user “support”. Once you’ve successfully verified that this account works, you may exit the session.

Verifying su’s command permissions, and ownership

Verifying “su” command is owned by root and the wheel group is suggested. At the same time check the permissions are set correctly.
This can be checked by the below command:

root@server [~]# ls -la /bin/su

The output should be:

-rwsr-x---  1 root wheel 61168 Nov 18 07:17 /bin/su*

If the output is as above you can skip this below command:

—
Su user ownership, permission can be set by the below command:
root@server [~]# chmod 4750 /bin/su
root@server [~]# chown root:wheel /bin/su
—

Now, add the user to the wheel group

We will have to add our new user “support” to the wheel group in order to allow it to gain root access, with *NO* root privileges. That means that this user will be able to log into the server, but won’t be able to perform any root tasks until the user switches to the root user.

In SSH you have to type the below command:

root@server[~]# /usr/sbin/usermod –G wheel support

Before proceeding, re-login to your server using the “support” account. At the SSH prompt, type “su” followed by the Enter key, and then enter in the root password. If you were successful, you should be at a root prompt:

root@server [~]#

To confirm that you are root, at the SSH prompt type the command whoami , which should display your root account.

Editing the sshd_config file, and restarting SSH daemon

Now we have to disable direct root access to your dedicated web server. Use the below command:

nano /etc/ssh/sshd_config

Scroll down until you see the following come across the screen:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

To disable SSH root login, remove the hash symbol (#) before PermitRootLogin , and change the “yes” next to PermitRootLogin to “no” so now it looks like:

#LoginGraceTime 120
PermitRootLogin no
#StrictModes yes

Note: If you see the value of LoginGraceTime different from my value of 120, you do not need to worry as it does not affect the functionality.

Restarting SSH daemon

Finally, to make the changes take effect, you have to restart SSH by running the following command (as root):

root@server [~]# service sshd restart

Best of luck!

This article is released by SupportFacility.Com — the leaders in providing outsourced technical support, live chat support & help desk support for web hosts. Interested ? Opt for a trial now.

ionCube is an encoder (encryption method) used to help protect the php files from software piracy. It is normally used by software vendors to deliver their php software(s) in some sort of encoded format to help protect their copyrights and licensing distribution.

The ionCube version of Ultimate Locator is meant for Linux, Unix and FreeBSD platform servers. ionCube can also be run on a Windows server though.

Here are the installation steps for ionCube loader:

Download link: http://www.ioncube.com/loaders.php

wget http://downloads2.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz

tar -zxvf ioncube_loaders.tar.gz

cd ioncube

mv ioncube /usr/local/

You can check the path of the php.ini file with the below command:

php -i | grep php.ini

Edit the php.ini file with the following command:

nano php.ini

Then, add the below line in the php.ini

zend_extension=/usr/local/ioncube/ioncube_loader_lin_5.2.so

So, now determine if ionCube is on your dedicated web server, do the following:

Add the below code in you a php file, usually in case of cPanel server it is under your public_html directory

<?php phpinfo() ?>

And, access the file in your favourite browser.

Using SSH you can check it with the command:

php –v

Best of luck for your installation.

This article is released by SupportFacility.Com — the leaders in providing outsourced technical support, live chat support & help desk support for web hosts. Interested ? Opt for a trial now.