webmasterbeta
New Member
There are quite a few good management companies recommended here for monthly management but we are actually looking for a reputable company to do a 1 time hardening + checkup on our server (CentOS + cpanel). Not sure if these are 2 separate things but would like to get some opinions on who we should check out. Any feedback on who & why would be great!
Thanks!mod : i think this would be better in the offers / advertising section under employmentSince it is cPanel, I recommend PSM (<!-- m --><a class="postlink" href="http://platinumservermanagement.com">http://platinumservermanagement.com</a><!-- m -->)They are charging monthly, but you can cancel subscription after a month, and it will still be a lot cheaper than other companies' one-time fee.and you will have a whole month if anything goes wrong, or if you want to install other things.Thanks. Keep the recommendations coming please.PSM would be a good choice as already stated and having the entire month to make sure are setup the way you want would be good. You could always tell them what you are doing to so they do not think it is bad service related.mod : i think this would be better in the offers / advertising section under employment
He doesn't appear to be looking for offers, only recommendations. In that case, it's fine here.
For once off fixes and work, I've use Steven at Rack911 before. Does a great job, very efficient and thorough. Reasonable pricing, too.I'd suggest <!-- m --><a class="postlink" href="http://www.configserver.com/">http://www.configserver.com/</a><!-- m -->
We've used them on a number of client Cpanel servers and they seem to do a very good job.Greetings:
Hmmm... one time hardenings of a server....
Sigh....
One of the biggest mistakes I've seen people make over the past 12.5 years in business is believing a one time server hardening is better than no server hardening at all.
If you have equipment connected to the Internet, security has to be a way of life.
Hardening a server is like charging the battery; but the battery needs to be charged on a regular basis.
Thank you.Security hardening definitely should be done on a regular basis, but if you can't, then doing it once is better than absolutely nothing at all.Like on a few other threads I would recommend Total Server Solutions (totalserversolutions.com).Why $70 to do this?
php -i | grep php.ini
vi /usr/local/lib/php.ini
service httpd restart
cat /etc/redhat-release
uname -a
yum
cat /etc/grub.conf
yum update kernel
uname -a
vi /usr/local/lib/php.ini
service httpd restart
Does not equal this!
The internet is a very dangerous place and just because a server is new does not mean that it is secure. Even if your system has the latest updates from Redhat or your vendor it is still not secure in a shared hosting enviroment. This package will harden an existing system. If your system has been compromised and is hacked please contact us for a quote as there will be an additional charge which varies upon the complexity of the repair job. Steps to be taken:
* Security audit
* Limit compiler & fetch utilities access to root only
* Correct folder permissions to prevent directory transversal on unprivileged users
* Logwatch configuration
* Host.conf & sysctl hardening
* Noexec, Nosuid temporary directories
* RkHunter Installation.
* Installation and configuration of APF
* SPRI (System priority) installation
* Kernel update
* SSH Server Hardening
* TCP/IP Hardening
* Disable of dangerous php functions
* BFD (Brute Force Detection) Installation
* Update all server/control panel software
* Disabling Unused Services
* Install and configure Mod_Security with a mildly aggressive ruleset
* System Integrity monitor
* RPM Package Audit
* Check/secure configuration defaults on common services
* Mod_dosevasive
* Zend Optimizer Installation
No APF, BFD, etc etc
Should have just done it myself!Wait wait..which company did that, unclejjf? If you payed for the below and that's all they did then..yea that definitely doesn't give your $70 worth.Why would I want to give out the name for? They have all my root usernames and passwords for the server & the server host.To be honest I'm thinking about just hiring somebody F/T local to handle all of this. Kinda sad, would have been easier/cheaper to hire a full time management company to handle all of these servers then hiring a F/T employee. But I don't have the time to deal with all this!Change the password then ;-) Am sure you would have read what they did before ordering right?Yea, I would change all of my passwords after hiring an admin/company of any sort to do work on a server. Leaving them the same after anyone accesses it is just asking for trouble.
Thanks!mod : i think this would be better in the offers / advertising section under employmentSince it is cPanel, I recommend PSM (<!-- m --><a class="postlink" href="http://platinumservermanagement.com">http://platinumservermanagement.com</a><!-- m -->)They are charging monthly, but you can cancel subscription after a month, and it will still be a lot cheaper than other companies' one-time fee.and you will have a whole month if anything goes wrong, or if you want to install other things.Thanks. Keep the recommendations coming please.PSM would be a good choice as already stated and having the entire month to make sure are setup the way you want would be good. You could always tell them what you are doing to so they do not think it is bad service related.mod : i think this would be better in the offers / advertising section under employment
He doesn't appear to be looking for offers, only recommendations. In that case, it's fine here.
For once off fixes and work, I've use Steven at Rack911 before. Does a great job, very efficient and thorough. Reasonable pricing, too.I'd suggest <!-- m --><a class="postlink" href="http://www.configserver.com/">http://www.configserver.com/</a><!-- m -->
We've used them on a number of client Cpanel servers and they seem to do a very good job.Greetings:
Hmmm... one time hardenings of a server....
Sigh....
One of the biggest mistakes I've seen people make over the past 12.5 years in business is believing a one time server hardening is better than no server hardening at all.
If you have equipment connected to the Internet, security has to be a way of life.
Hardening a server is like charging the battery; but the battery needs to be charged on a regular basis.
Thank you.Security hardening definitely should be done on a regular basis, but if you can't, then doing it once is better than absolutely nothing at all.Like on a few other threads I would recommend Total Server Solutions (totalserversolutions.com).Why $70 to do this?
php -i | grep php.ini
vi /usr/local/lib/php.ini
service httpd restart
cat /etc/redhat-release
uname -a
yum
cat /etc/grub.conf
yum update kernel
uname -a
vi /usr/local/lib/php.ini
service httpd restart
Does not equal this!
The internet is a very dangerous place and just because a server is new does not mean that it is secure. Even if your system has the latest updates from Redhat or your vendor it is still not secure in a shared hosting enviroment. This package will harden an existing system. If your system has been compromised and is hacked please contact us for a quote as there will be an additional charge which varies upon the complexity of the repair job. Steps to be taken:
* Security audit
* Limit compiler & fetch utilities access to root only
* Correct folder permissions to prevent directory transversal on unprivileged users
* Logwatch configuration
* Host.conf & sysctl hardening
* Noexec, Nosuid temporary directories
* RkHunter Installation.
* Installation and configuration of APF
* SPRI (System priority) installation
* Kernel update
* SSH Server Hardening
* TCP/IP Hardening
* Disable of dangerous php functions
* BFD (Brute Force Detection) Installation
* Update all server/control panel software
* Disabling Unused Services
* Install and configure Mod_Security with a mildly aggressive ruleset
* System Integrity monitor
* RPM Package Audit
* Check/secure configuration defaults on common services
* Mod_dosevasive
* Zend Optimizer Installation
No APF, BFD, etc etc
Should have just done it myself!Wait wait..which company did that, unclejjf? If you payed for the below and that's all they did then..yea that definitely doesn't give your $70 worth.Why would I want to give out the name for? They have all my root usernames and passwords for the server & the server host.To be honest I'm thinking about just hiring somebody F/T local to handle all of this. Kinda sad, would have been easier/cheaper to hire a full time management company to handle all of these servers then hiring a F/T employee. But I don't have the time to deal with all this!Change the password then ;-) Am sure you would have read what they did before ordering right?Yea, I would change all of my passwords after hiring an admin/company of any sort to do work on a server. Leaving them the same after anyone accesses it is just asking for trouble.