So far I’ve:
Only allowed SSH access to ubuntu user using passphrase key pair.
Restricted access to PHPMyAdmin to only our IP.
Renamed PHPMyAdmin alias to something less obvious.
MySQL access only allowed on Localhost.
Installed DenyHosts. (running ‘tail -n500 -f -s3 /var/log/auth.log’ showed hundreds of attempted logins from dictionary attacks already).
Open TCP ports are:
22 (SSH)
80 (HTTP)
443 (HTTPS)
3306 (MYSQL)
Everything else is closed. All ICMP traffic is blocked .
UDP:
0 – 65535 are closed.
PHP.ini additions:
On the PHP side , added these to PHP.ini:
disable_functions = php_uname, getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, set_time_limit, exec, system, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_get_status, proc_nice, proc_terminate, phpinfo
display_errors = Off
allow_url_fopen = Off
allow_url_include = Off
Hi,
You should change your default SSH port to some other random port.
Also you should remove all PHP and Apache signatures from server response.
All good tips.