Hello, I have the last ispconfig 3.0.5.3 installed on ubuntu 10.04LTS updated. One of my customer with an old joomla site was hacked. Few hours after, a lot of spam are sent from his site. This is the fact. All spam come from [email protected]e. Now i have stopped the site, clean the postfix queue from all spam mail and now i try to understand if my server is secure and if I do other actions for secure it. Because is not possible for me control every site and every plugin of my customers, my question is: Is possible disable send mail from the user [email protected]e or is necessary for correct ispconfig functions, and how; there is a secure configuration that is possible apply for the sites with CMS installed or php function to disable for push-up the security ? thx in adv.
This is not nescessary for ispconfig, but it is nescessary for your websites. If you would disable it, no contact form, shopping cart, website registration confirmation and other functions will work on your server. The website configuration itself is secure, you see that for example in the mail sernder addresses. Addresses like [email protected]e, show you that each site runs under its own linx user, so suexec is working fine. You can use mod_security to protect outdated or insecure cms installations. Mod_security is very effective, but you will get some false positives at the beginning. This can be handled by running mode_security in detection mode for a while and disable rules for specific website paths / urls on your server. Another option is to use a malware scanner like maldet to scan all sites regularily. Also you might want to disable some php functions like exec, system, passthru etc. which are used to execute external commands in /etc/php5/cgi/php.ini
Ok Till, thx for your fast reply. For installing mod_security with ispconfig there'is a tutorial or an how-to ? for this compromised site is a good idea put in the php.ini from the ispconfig panel, in custom php settings, disable_functions = mail ?
The installation is not ispcofig specific, so any tutorial for ubuntu 10.04 should work. Here is a guide for mod_security that I found with a quick search at google: http://www.7loop.com/content/installing-mod-security-ubuntu-1004 Here you can get a more detailed overview on mod_security: http://www.modsecurity.org/documentation/ If the site does not use any contact forms, then you can disable the mail function lke that.
