installing new DA server

Q

questions

Verified User
Joined
Oct 24, 2009
Messages
137
DA has been so good that it was still working up to the time we were locked out due to having EOL operating system. Can you believe we are (still today) on a 32GB OS? Nobody can tell without looking under the hood.

So, for low cost shared (mostly Wordpress) hosting, what is the best partition structure and other setup options? Techs are setting up the server now with AlmaLinux 8.5 even though FreeBSD is the best OS out there.

Thanks in advance. I'll be going with the "simple" partition structure from the DirectAdmin website if I don't get any responses in time, since this is a time sensitive install after being locked out. I have to get this done ASAP.

My primary concerns are stopping users from sending out spam emails and stopping other hacking scripts and malicious code.
 
My techs are saying I don't need my own partition for /tmp so I can set noexec on it... I remember kept getting malicious files put in my /tmp directory so we changed it later to it's own partition with noexec...

What do you guys recommend?
 
You can just partition / but maybe for future use, it's better to also use a /home partition if you have the risk running out of disk space. This can prevent home users eating up system space. However, you can set warning limits.

Normally you don't need a seperate partition for /tmp but I also still create that one, just to prevent some odd stuff happening (like malicious executables). Just be sure it's big enough. I mostly use around 5-6 GB nowadays.

questions said:
My primary concerns are stopping users from sending out spam emails and stopping other hacking scripts and malicious code.
Click to expand...
In that case, be sure that Maldetect is also installed and force users to use smtp authenticated mail and not php mail.
Also be sure they keep their stuff online.

We got Softaculous and fairly regularly check if users have their stuff up to date, you can send them a mail from there to update.
 
Richard G said:
You can just partition / but maybe for future use, it's better to also use a /home partition if you have the risk running out of disk space. This can prevent home users eating up system space. However, you can set warning limits.

Normally you don't need a seperate partition for /tmp but I also still create that one, just to prevent some odd stuff happening (like malicious executables). Just be sure it's big enough. I mostly use around 5-6 GB nowadays.


In that case, be sure that Maldetect is also installed and force users to use smtp authenticated mail and not php mail.
Also be sure they keep their stuff online.

We got Softaculous and fairly regularly check if users have their stuff up to date, you can send them a mail from there to update.
Click to expand...


Thanks for the tips.

So you disable phpmail? That sounds like a good idea.

I only have 20GB used up now, but haven't been hosting customers since about 2015, but I have a few still there...

Is there a software yet that can monitor for rootkits and things like that? Just take some snapshots of how the mbr and boot system is and compare it as time goes by... You'd think by 2022 there wouldn't be anymore malware... makes me think that "they" want malware and it's not just malware.

I haven't installed DA in a long time is there a checklist somewhere like what I should do with sendmail/exim config, security recommendations, etc... any anti-malware I should install?

This is for shared hosting only, not going to give users ssh, mostly for my websites, mostly wordpress...

Thanks!
 
questions said:
Is there a software yet that can monitor for rootkits and things like that?
Click to expand...
Yes, you can use chkrootkit for those kind of things.
As for the Malware, I already advised Maldetect which runs in a cron. You could add Clamav too.

There are also some general options:

General system security | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com

And you can also get tips from here.
blog.imunify360.com

Ultimate Guide for DirectAdmin Security from Security Experts

What is DirectAdmin? Why is DirectAdmin security important? What are Direct Admin security best practices? - this article answers these questions and more
blog.imunify360.com blog.imunify360.com
However, do NOT use suPHP as that is deprecated. When you use php-fpm for you php, then the php already runs via the user so no suphp is needed anymore.

There might be some other you don't need, but there are some good tips there, so just check to be sure what you can use yourself.
 
questions said:
Can you just tell me what to do, exactly line by line in the terminal,
Click to expand...
I already pointed that out. Look in the docs, there is all you need.
Use setup.sh auto and that's all. That's the script. If you don't read what I wrote it's no use.

Either way, due to your comments in the other thread that I should stop answering I will indeed stop doing that. You've wasted enough of my time. I'm having a hobby helping people, I'm not here to get offended or give lessons on how to become an admin.
 
You must log in or register to reply here.
Back
Top