How to change proftp FTP password from SSH shell

Today I have got a request from a client that has a server with no control panel on it to change one ftp password. Server is using proftpd as it’s ftp server. This is really easy task to do if proftp is setup by default and uses /etc/passwd for storing it’s passwords.

If you know username all you need to do is type in

passwd USERNAME

(replace USERNAME with actual username), enter new password two times and you’re done.

If you however don’t know the username (and that can happen too) you can open /etc/passwd file and try and locate it in there.

Tags: proftpd change password, proftpd change user password, change proftpd password, proftpd password change, change ftp password proftpd, change password proftpd, proftpd default password

How to install CSF firewall

In order to protect your server the best way possible, beside running iptables you should install some additional software. I can recommend ConfigServer Security & Firewall. I’m using it on couple of servers right now and it’s prove it self to be stable and low on resource usage. It also has WHM/cPanel plugin that helps you managing your firewall even if you’re not very experienced user/admnin.

Before installing you must be sure that you do not have any other firewalls installed (such as APF)
Installation is really simple. You just need to run those couple of commands in SSH:

cd /usr/local/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Don’t forget to disable testing flag by setting TESTING = 0.
You can do that easily in WHM/cPanel: after logging in at WHM and in Plugins section of sidebar you’ll find “ConfigServer Security&Firewall”. Then click on Firewall Configuration and change testing value. Save it and restart firewall and there you go! Your CSF firewall is up and running!

csf firewall cpanel plugin

Continue Reading

How to setup and use iptables

What’s iptables?

Iptables is the current Linux firewall and routing service. It controls incoming and outgoing network.

 

How to stop/start/restart iptables?

Basically just like any other Linux service:

service iptables start 
service iptables stop 
service iptables restart

 

How to check if iptables is currently running?

Simply call service status

service iptables status

and check the result:

Firewall is stopped.

If the status message is “Firewall is stopped.” that means that iptables are not running and you should start it with sertvice iptables start. If you get some tables with bunch of geek stuff that means that iptables are running.

 

How to automatically start iptables service on Linux boot?

To enable iptables starting on boot run

chkconfig iptables on

or run code below to disable it

chkconfig iptables off

Continue Reading

Tags: service iptables status

Security by obscurity

This simple guide will help you secure your server in indirect way by hiding software versions from possible attackers. This can help you prevent many automated attacks and attacks based on software version number. If a hacker want’s to probe your system for hole he’ll start from collecting all version numbers from your running services. This guide will teach you setup common services not to give away their version numbers. This is called Security by obscurity and it’s not something to rely on but it can lower chances of getting your system hacked.

Apache (Web Server)

Let’s start with Apache first. It’s config file should at path

/etc/httpd/conf/httpd.conf

Open that with an editor of choice. For beginners I always suggest Midnight Commander but if you’re more experienced you can use antother editor like pico or vi. Anyway, in MC open file for editing by pressing F4 while the file is selected.

Locate those two lines and set it as follows. If you cant find them – add them.

ServerSignature Off
ServerTokens Prod

Server Signature will remove the identification of Apache version from error pages, and ServerTokens will identify Apache as “apache” without version number or OS information. Save the file and restart the Apache.

service httpd restart

Continue Reading