Datapack.net and Imunify360 – Personalized Security at Massive Scale

Dear client,

For us security is the first priority. We care about your data as they we are ours.

We are increasing our security with immunify360 adding a 6 layers protection on all our shared web hosting accounts.
Remember only to update your scripts and your plugins.( WordPress,drupal,etc)
 

Imunify Security is the best choice for web hosting companies who are serious about security.

Its multi-layered defense architecture ensures precision targeting and eradication of malware and viruses.

Comprehensive six-layers web server security with feature management
Automated Malware Scanner with Cleanup
Advanced WAF with Machine-Learning Ruleset
Intrusion Detection and Protection
Proactive Defense for PHP Websites
Software Patch Management
WebShield with Integrated CAPTCHA
Hosting Panels Integration

 

Preemptive security, the one that actually stops attacks. All in one nice package.

You don’t just need an all-in-one security – you need an effective one. The one that actually stops hackers.

Imunify360 automatically protects your website.
All-in-one security with robust cloud protection against the newest attacks, powered by AI.
They are constantly collecting and analyzing a massive amount of information about new attacks on a global scale.A sophisticated detection of known and unknown security threats, including zero-day and distributed brute force attacks, delivers powerful, complete protection

Imunify360 continuously analyses scripts and recognizes dangerous behaviors in them in real time. It stops malware, both new and old, from running on your website in the first place.

The Complete Six-Layer Security

Imunify360 is a next-generation security solution built for Linux VPS, Dedicated, and Shared servers. It uses cloud heuristics and the unique, proactive approach to provide total protection against known and unknown attacks.

Intrusion Detection and Protection System

More than 52% of hosting providers say that remote exploit is a top issue for their customers’ web servers. With IDS and IPS in Imunify360, you will be protected from inside out and outside in.

Malware Detection & Detection

Over 68% of hosting providers say that malware infection is a top issue for their customers’ web servers.

 

Proactive Defense

Imunify360’s Proactive Defense (previously known as Sandboxing) protects websites against zero-day attacks – it stops even the malware that no scanner is able to detect.

 

Datapack.net and Imunify360 – Personalized Security at Massive Scale

Thank you

Regards

Datapack Team

https://www.datapack.net

 

 

 

Free SSL from datapack.net

Free SSL from datapack.net

We offer Free SSL with all our services.

You don’t need to activate it because it’s enabled from our side.
Remember only to configure you script to work with it. (wordpress,drupal etc)
If you have any questions please open a support ticket. https://support.datapack.net/
 
 
Thank you
Regards

In this tutorial, learn how to install CentOS 7 in a few simple steps.

CentOS is an open-source Linux distribution based on Red Hat Enterprise Linux (RHEL). CentOS 7 is viewed as the preferred option for web hosting due to its stability and active developer community.

In this tutorial, learn how to install CentOS 7 in a few simple steps.

Step by step instructions on how to install CentOS 7

Prerequisites

 
  • Recommended minimum of 10GB of free disk space
  • CentOS 7 ISO install file

Follow the Steps to Install CentOS 7

 

If you are only looking to update or upgrade CentOS, see How to Upgrade or Update CentOS.

Step 1: Download CentOS 7

 

To download the official and up-to-date CentOS 7 ISO file, navigate to https://www.centos.org/download/.

Our recommendation for non-enterprise environments is to download the DVD ISO option, which includes the GUI.

Select DVD ISO option for CentOS 7 installation.


 

Note: We recommend the Minimal ISO option only for production enterprise environments.


Step 2: Create Bootable USB or DVD

 

Now that you have downloaded the ISO image, you can create a bootable USB, burn it on a DVD or load the image on a VM.

Several applications can help you create a bootable USB. We recommend using Etcher. Download the application for your system (Windows, macOS or Linux), install and run.

etcher running on a drive

The setup is intuitive and easy:

  1. Select the CentOS 7 ISO image.
  2. Insert the USB flash.
  3. Find the USB and select it in the Select drive step.
  4. Click Flash.

Step 3: Boot the CentOS ISO File

 

Upon booting the CentOS 7 ISO file, you can begin the installation process. To do so, select Install CentOS 7. That will start the installer’s graphical interface.

If you are booting from a USB, click the Install to Hard Drive icon on the desktop. That will open the installation wizard.

Select Install CentoOS 7

Step 4: Install CentOS

 

Before starting the installation process itself, select which language you would like to use during installation. The default option is English.

Select the language to be used for the installation process.

Click Continue to confirm your selection.

Select and configure custom option for the installation.

There are a couple of settings you would want to configure. All items marked with a warning icon must be configured before you begin the installation.

Some system configurations outlined below may differ based on use case.

Set Date and Time

 

To set a date and time for the system, click the Date & Time icon under the Localization heading. Select a region/time zone on the map of the world as seen below. Once you have selected your time zone, hit Done to save your changes.

Select the Time zone and Date.

Keyboard Layout

 

Select the Keyboard option under the Localization heading to set the keyboard layout.

The system default is English (US) and the language you selected in the initial window. Click the plus icon to add more layouts. Move a layout to the top of the list to make it the default option.

Click the Options button to define a key combination for switching between keyboard layouts. When you are satisfied with the settings defined, select the Done button to confirm the changes.

System Language

 

Next, select the Language Support option under the Localization heading. The language selected in the Welcome to CentOS 7 window will be the default system language. If necessary, select additional languages and hit the Done button once you are finished.

Choose the language for the support service.

Software Selection

 

Select the Software Selection option under the Software heading. You will see a list of predefined Base Environment options and optional add-ons. This part entirely depends on your needs.

  • Minimal Install. This is the most flexible and least resource-demanding option. Excellent for production environment servers. Be prepared to customize the environment.
  • Predefined Server Options. If you are 100% certain about the role of your server and don’t want to customize it for its role, select one of the predefined server environments.
  • GNOME Desktop and KDE Plasma Workspaces. These environments include a full graphical user interface.

Select option for base installation of CentOS 7.

When you have selected the base environment and optional add-ons, click the Done button. Wait for the system to check for software dependencies before you move on to the next option.

Select Installation Destination

 

Click the Installation Destination option under the System heading. Check your machine’s storage under the Local Standard Disks heading. CentOS 7 will be installed on the selected disk.

Partitioning

 

Option 1: Automatic Partitioning

Under the Other Storage Options heading, select the Automatically configure partitioning checkbox. This ensures the selected destination storage disk will automatically partition with the /(root)/home and swap partitions. It will automatically create an LVM logical volume in the XFS file system.

If you do not have enough free space, you can reclaim disk space and instruct the system to delete files.

When finished, click the Done button.

Option 2: Manual Partitioning

Select the I will configure partitioning checkbox and choose Done.

If you want to use other file systems (such as ext4 and vfat) and a non-LVM partitioning scheme, such as btrfs. This will initiate a configuration pop-up where you can set up your partitioning manually.

This is an advanced setting option, very much based on your requirements.

Configuring KDUMP

 

KDUMP is enabled by default.

To disable the KDUMP kernel crash dumping mechanism, select the KDUMP option under the System heading and uncheck the Enable kdump checkbox. Click the Done button to confirm your changes.


 

Note: KDUMP captures system information at the time of a crash. It helps you diagnose the cause of the crash. When enabled, kdump reserves a portion of system memory.


Network and Hostname

 

Click the Network & Host Name option under the System heading.

For the hostname, type in the fully qualified domain name of your system. In our example, we will set the Hostname as my_server.phoenixnap.com, where my_server is the hostname while phoenixnap.com is the domain.

Configure ethernet settings.

Select Configure… and select to add IPv4 settings or IPv6 settings depending on what you have. Add static IP addresses to help identify your computer on the network. Bear in mind that your network environment’s settings define these values.

IPv4 and Ipv6 settings durring CentOS installation.

To add a static IP address:

  1. Select Manual from the Method drop-down.
  2. Click the Add button to add a static IP address.
  3. Enter the information for your network domain.
    • IP Address
    • Netmask Address
    • Gateway Address
    • DNS Servers Address
  4. Click Save to confirm your changes.

By default, all detected Ethernet connections are disabled. Click the ON/OFF toggle to enable the connection. After the installation of CentOS, follow our guide to learn more details about configuring your network settings.

Security Policy

 

Select the Security Policy option under the System heading. Choose a profile from the list and hit Select profile. Hit the Done button to confirm your selection.

Start the Installation Process

 

Once everything is set up according to your liking, hit Begin Installation to start the install. This will start the initial installation process.

How to define root user and password.

Define Root Password

 

To define the root user, select the Root Password icon.

Select a Root Password and re-enter it in Confirm field.

Root user accounts should consist of at least 12 characters, including uppercase and lowercase letters, numbers, and special characters. We cannot stress enough the importance of a well-defined root password.

Click the Done button to proceed.

Define root password for administering the system.

Create User

 

To begin, select the User Creation option.

Add a new system account user by defining the full nameuser name, and password. We recommend you check the Make this user administrator and Require a password to use this account checkboxes. This will grant the user root privileges.

Create user durring CentOS 7 installation.

After you fill in all of the fields and define a secure password, select Done in the upper-left corner of the screen.

Wait for the installation process to complete.

Reboot system after CentOS 7 installation.

Before you start using your new CentOS installation, reboot the system. Click the Reboot button.

Log into the system by using the credentials you defined previously.

Conclusion

 

This tutorial outlined how to install CentOS 7.  By following this guide, you should have a successful installation and boot right into the system.

Changing SSH Port

Changing The SSH Port

Reading Time: 3 minutes

While there are many ways to make sure your server is as secure as possible there are some basic steps and measures that you can take to cover your bases.

Users with a Linux server can change their SSH port to something other than the default port (22).

Step #1: Reconfigure SSHD

The easiest way to change the port is to SSH into the server as root:

ssh root@hostname/IP

(hostname/IP should be replaced with the hostname of your server or the main IP address of your server)

Once you are logged in to the server as root we can begin editing the sshd_config file. As with any modification to an important server file, it is always a good idea to back it up before making any changes:

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now we are ready to modify the file. Open /etc/ssh/sshd_config in your favorite text editor (for this example we will use Vim) and locate the line that specifies the port. If your sshd_config file has not been altered the Port setting will be commented out with a # symbol (example below).

vim /etc/ssh/sshd_config

SSHd config default settings

The # symbol tells the server to ignore anything after it on the same line, so we will need to remove that character and then change the number 22 to something else. Be sure you do not pick a port number that is in use by a different service. If you are unsure, Wikipedia has a list of port numbers and their uses. Try to use a port number that is not listed. For this example, we will use Port 2222 (which is used by Windows servers but not by default on Linux servers).

Remove the # symbol and change the port number:

SSHd config port 2222

Save your changes and close the sshd_config file.

We will also need to open the new port in the server’s firewall. This tutorial describes firewall changes on a standalone dedicated or virtual private server. If you have a hardware firewall in place please open a ticket with our support department so that we can make the necessary changes.

Step #2: Updating Your Firewall

Once again we will use Vim as our text editor to make changes to the APF firewall configuration. If your server uses the CSF firewall, follow the instructions to open a port via command line or WebHost Manager at Opening Ports In Your Firewall and skip ahead to the next section.

As with the SSH configuration file it is a good idea to create a backup prior to making any changes.

cp /etc/apf/conf.apf /etc/apf/conf.apf.bak

Open /etc/apf/conf.apf in Vim (or your favorite text editor) and locate the line labeled Common ingress (inbound) TCP ports.

APF Ingress TCP Ports Conf

Add your new port number to the list of existing ingress ports. Be sure to add commas where necessary (follow the format of the existing port numbers).

Save your changes to the conf.apf file and close your text editor.

Step #3: Restart Services

SSH and APF must now be restarted in order to activate your changes. You can do so by running the command ‘/etc/init.d/apf restart’ followed by ‘/etc/init.d/sshd restart’ (example below):

service sshd restart

service apf restart

Restarting SSH and APF Services

SSH will restart and listen on the port number you have specified.

It is important to note that if you change SSH’s port number this will also alter the way you need to run certain commands that utilize SSH. Examples of commands that would need the new port number specified include scp and rsync.

How To Secure Apache with Let’s Encrypt on CentOS 7

Introduction

Let’s Encrypt is a Certificate Authority (CA) that provides free certificates for Transport Layer Security (TLS) encryption, thereby enabling encrypted HTTPS on web servers. It simplifies the process of creation, validation, signing, installation, and renewal of certificates by providing a software client that automates most of the steps—Certbot.

In this tutorial, you will use Certbot to set up a TLS/SSL certificate from Let’s Encrypt on a CentOS 7 server running Apache as a web server. Additionally, you will automate the certificate renewal process using a cron job, which you can learn more about by reading How To Use Cron To Automate Tasks On a VPS.

Prerequisites

In order to complete this guide, you will need:

  • One CentOS 7 server set up by following the CentOS 7 initial server setup guide with a non-root user who has sudo privileges.
  • A basic firewall configured by following the Additional Recommended Steps for New CentOS 7 Servers guide.
  • Apache installed on the CentOS 7 server with a virtual host configured. You can learn how to set this up by following our tutorial How To Install the Apache Web Server on CentOS 7. Be sure that you have a virtual host file for your domain. This tutorial will use /etc/httpd/sites-available/example.com.conf as an example.
  • You should own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may purchase one on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
  • A DNS A Record that points your domain to the public IP address of your server. You can follow this introduction to DigitalOcean DNS for details on how to add them with the DigitalOcean platform. DNS A records are required because of how Let’s Encrypt validates that you own the domain it is issuing a certificate for. For example, if you want to obtain a certificate for example.com, that domain must resolve to your server for the validation process to work. Our setup will use example.com and www.example.com as the domain names, both of which will require a valid DNS record.

When you have all of these prerequisites completed, move on to install the Let’s Encrypt client software.

Step 1 — Installing the Certbot Let’s Encrypt Client

To use Let’s Encrypt to obtain an SSL certificate, you first need to install Certbot and mod_ssl, an Apache module that provides support for SSL v3 encryption.

The certbot package is not available through the package manager by default. You will need to enable the EPEL repository to install Certbot.

To add the CentOS 7 EPEL repository, run the following command:

  • sudo yum install epel-release

Now that you have access to the repository, install all of the required packages:

  • sudo yum install certbot python2-certbot-apache mod_ssl

During the installation process you will be asked about importing a GPG key. This key will verify the authenticity of the package you are installing. To allow the installation to finish, accept the GPG key by typing y and pressing ENTER when prompted to do so.

With these services installed, you’re now ready to run Certbot and fetch your certificates.

Step 2 — Obtaining a Certificate

Now that Certbot is installed, you can use it to request an SSL certificate for your domain.

Using the certbot Let’s Encrypt client to generate the SSL Certificate for Apache automates many of the steps in the process. The client will automatically obtain and install a new SSL certificate that is valid for the domains you provide as parameters.

To execute the interactive installation and obtain a certificate that covers only a single domain, run the certbot command with:

  • sudo certbot –apache -d example.com

This runs certbot with the --apache plugin and specifies the domain to configure the certificate for with the -d flag.

If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command, tagging each new domain or subdomain with the -d flag. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate. For this reason, pass the base domain name as first in the list, followed by any additional subdomains or aliases:

  • sudo certbot –apache -d example.com -d www.example.com

The base domain in this example is example.com.

The certbot utility can also prompt you for domain information during the certificate request procedure. To use this functionality, call certbot without any domains:

  • sudo certbot –apache

The program will present you with a step-by-step guide to customize your certificate options. It will ask you to provide an email address for lost key recovery and notices, and then prompt you to agree to the terms of service. If you did not specify your domains on the command line, you will be prompted for that as well. If your Virtual Host files do not specify the domain they serve explicitly using the ServerName directive, you will be asked to choose the virtual host file. In most cases, the default ssl.conf file will work.

You will also be able to choose between enabling both http and https access or forcing all requests to redirect to https. For better security, it is recommended to choose the option 2: Redirect if you do not have any special need to allow unencrypted connections. Select your choice then hit ENTER.

Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2

When the installation is successfully finished, you will see a message similar to this:

Output
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2019-08-14. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

The generated certificate files will be available within a subdirectory named after your base domain in the /etc/letsencrypt/live directory.

Now that your certificates are downloaded, installed, and loaded, you can check your SSL certificate status to make sure that everything is working.

Step 3 — Checking your Certificate Status

At this point, you can ensure that Certbot created your SSL certificate correctly by using the SSL Server Test from the cloud security company Qualys.

Open the following link in your preferred web browser, replacing example.com with your base domain:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

You will land on a page that immediately begins testing the SSL connection to your server:

SSL Server Test

Once the test starts running, it may take a few minutes to complete. The status of the test will update in your browser.

When the testing finishes, the page will display a letter grade that rates the security and quality of your server’s configuration. At the time of this writing, default settings will give an A rating:

SSL Report - A

For more information about how SSL Labs determines these grades, check out the SSL Labs Grading post detailing the updates made to the grading scheme in January, 2018.

Try reloading your website using https:// and notice your browser’s security indicator. It will now indicate that the site is properly secured, usually with a green lock icon.

With your SSL certificate up and verified, the next step is to set up auto-renewal for your certificate to keep your certificate valid.

Step 4 — Setting Up Auto Renewal

Let’s Encrypt certificates are valid for 90 days, but it’s recommended that you renew the certificates every 60 days to allow a margin of error. Because of this, it is a best practice to automate this process to periodically check and renew the certificate.

First, let’s examine the command that you will use to renew the certificate. The certbot Let’s Encrypt client has a renew command that automatically checks the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date. By using the --dry-run option, you can run a simulation of this task to test how renew works:

  • sudo certbot renew –dry-run

The output should look similar to this:

Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/example.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Waiting for verification...
Cleaning up challenges
Resetting dropped connection: acme-staging-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/example.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/example.com/fullchain.pem (success)
...

Notice that if you created a bundled certificate with multiple domains, only the base domain name will be shown in the output, but the renewal will be valid for all domains included in this certificate.

A practical way to ensure your certificates will not get outdated is to create a cron job that will periodically execute the automatic renewal command for you. Since the renewal first checks for the expiration date and only executes the renewal if the certificate is less than 30 days away from expiration, it is safe to create a cron job that runs every week or even every day.

The official Certbot documentation recommends running cron twice per day. This will ensure that, in case Let’s Encrypt initiates a certificate revocation, there will be no more than half a day before Certbot renews your certificate.

Edit the crontab to create a new job that will run the renewal twice per day. To edit the crontab for the root user, run:

  • sudo crontab -e

Your text editor will open the default crontab which is an empty text file at this point. This tutorial will use the vi text editor. To learn more about this text editor and its successor vim, check out our Installing and Using the Vim Text Editor on a Cloud Server tutorial.

Enter insert mode by pressing i and add in the following line:

crontab
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

When you’re finished, press ESC to leave insert mode, then :wq and ENTER to save and exit the file. This will create a new cron job that will execute at noon and midnight every day. Adding an element of randomness to your cron jobs will ensure that hourly jobs do not all happen at the same minute, causing a server spike; python -c 'import random; import time; time.sleep(random.random() * 3600)' will select a random minute within the hour for your renewal tasks.

For more information on how to create and schedule cron jobs, you can check our How to Use Cron to Automate Tasks in a VPS guide. More detailed information about renewal can be found in the Certbot documentation.

Conclusion

In this guide you installed the Let’s Encrypt Certbot client, downloaded SSL certificates for your domain, and set up automatic certificate renewal. If you have any questions about using Certbot, you can check the official Certbot documentation. We also recommend that you check the official Let’s Encrypt blog for important updates from time to time.

How to Build a WordPress Membership Site the Easy Way

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore agna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco oris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate elit esse cillum dolore eu fugiat nulla pariatur excepteur sint ecat.

Continue reading “How to Build a WordPress Membership Site the Easy Way”