Posts Under Category: Security

This tutorial explains how you can start, stop and restart iptables rules of your server firewall. This tutorial is applicable for CentOS / RedHat Linux servers.

How to start iptable

service iptables start

OR

/etc/init.d/iptables start

How to stop iptable

service iptables stop

OR

/etc/init.d/iptables stop

How to restart iptable

service iptables restart

OR

/etc/init.d/iptables restart

Our Recommended VPS Hosting

Recently one of my vps (CentOS) went down after flushing / clearing iptables rules using below command:

iptables -F

The above command will flush/clear all current firewall rules of your CentOS / Linux server.

Here is how I fixed it. I just restarted iptables rules using below command and my VPS was UP.

service iptables restart

You can also use below command to restart iptables rules.

/etc/init.d/iptables restart

Our Recommended VPS Hosting

The default SSH port on centOS 7 (32-bits / 64-bits) server is 22. But for security reasons, it is recommended to change the default SSH port number. Here is how you can change your centOS 7 server / VPS SSH port number.

Step 1:

Login to your server as root via SSH.

Step 2:

Backup the configuration file before editing it.

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Step 3:

Open following file in any text editor like nano.

nano /etc/ssh/sshd_config

Step 4:

Find following code in /etc/ssh/sshd_config file.

#Port 22

Change this line to new port number and remove #
Like if we want to make 2121 as new ssh port number.

Port 2121

Save the change using: Ctrl + O
Exit nano editor using: Ctrl + X

Step 5:

Allow the new port in firewall. If you use any third party firewall like csf firewall, add the new port in allowed port list.
If you are using default OS firewall, use following command to allow new port.
Below command will allow port 2121.

firewall-cmd --add-port 2121/tcp --permanent
firewall-cmd --add-port 2121/tcp

Step 6:

Restart SSH using below command.

service sshd restart

Don’t close your current SSH session. Instead start a new SSH session in a new widows with new SSH port number.
If you are able to login using new SSH port number, you have successfully changed your server SSH port number.

If you are unable to login using new SSH number, it means you have done something wrong. You should consider reverting all changes made in step 3.

Our Recommended VPS Hosting

When you run cPanel Security Advisor, and if you get kernel out of date warning message, you need to update server kernel. The warning message may be something like below:

Current kernel version is out of date. current: 2.6.32-358.2.1.el6, expected: 2.6.32-358.23.2.el6 Update current system software in the “Update System Software” area, and then reboot the system in the “Graceful Server Reboot” area.

Updating from WHM may not solve this problem. This tutorial explains how to update kernel and solve this warning.

Login to your server as root via SSH and run following command:

yum update

Accept kernel upgrade when asked. Reboot server after update.

Done!!

Our Recommended VPS Hosting

If you want to block a complete IP range in CSF firewall, please follow these steps:

Let’s say you want to block following IP range:

58.253.xxx.xxx

Step 1:

Login in root WHM.

Step 2:

Navigate to: WHM >> Plugins >> ConfigServer Security&Firewall

Step 3:

Block following IP using Quick Deny box.

58.253.0.0/16

Done!!!
You may need to restart CSF firewall after adding / removing IPs.
You can also block from SSH using following SSH command:

csf -d 58.253.0.0/16

Quick Note

To block 111.xxx.xxx.xxx range, use following rule

111.0.0.0/8

To block 111.111.xxx.xxx range, use following rule

111.111.0.0/16

To block 111.111.111.xxx range, use following rule

111.111.111.0/24

Our Recommended Dedicated Server