FIREWALL PROTECTION
Advanced Policy Firewall (APF) is installed and configured. Ports which are not used by CPanel are firewalled off to maximize the security of your server, the TCP/IP stack is hardened, and ICMP rate limiting is enabled to prevent DoS attacks. Additionally, Brute Force Detection (BFD) is installed which detects brute force attacks against your server and automatically denies access to attackers.
3WDirect also enables more security features to defend against SYN based DoS attacks, DNS poisoning and spoofing protection.
ANTI-SPAM / ANTI-VIRUS PROTECTION
Realtime Blackhole List (RBL) filtering is configured for anti-spam protection on your server. The configuration, and combination of nearly 10 blacklists, is designed to maximize spam filtering while keep false positives to an absolute minimum. 3WDirect maintains local mirrors of these blacklists for maximum server performance. Updates are made approximately every 30 minutes to ensure your server is constantly protected.
HTTP INTRUSION PROTECTION
ModSecurity intrusion detection and prevention engine is installed for Apache. This module increases web application security, protecting web applications from both known and unknown attacks. The customized ruleset 3WDirect provides protects from a wide variety of common http attacks, such as PHPBB exploits. If a new exploit is released, your server can be protected in as little as 15 minutes as we push out ruleset updates.
SERVER HARDENING
Besides our initial system audit, which ensures proper installation of the Operating System and control panel and all packages are at the latest patch level, 3WDirect performs many other security tweaks to your server. All unnecessary services are disabled, and unused packages are removed. SSH is hardened, and kernel operating variables are tweaked to add additional security without impacting any use of the server. For a full list of performed services, please see below.
HTTP DOS PREVENTION
DDoS-Deflate is installed for Apache. This module provides evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.and works well in both single-server script attacks as well as distributed attacks.
Attacking hosts are blocked temporarily from Apache while legitimate requests are allowed through.
DAILY SECURITY AUDITS
3WDirect installs our own security scripts which run daily to look for signs of system intrusion or exploits which could threaten the health of your system. Rootkit Hunter and Chkrootkit are also installed and scan the system daily. If any anomalies are discovered, our technicians are alerted and can manually investigate to ensure your server is secure.
Full List of Services
SERVER HARDENING & SECURITY
Advanced Policy Firewall (APF)
Advanced Configurable firewall to block off unused ports and increase system security.
Brute Force Detection (BFD)
Detects and blocks brute force attacks.
ClamAV Anti-Virus for Email
ClamAV scans incoming and outgoing email for viruses, worms, and trojans.
Anti-Spam Filtering
Realtime Blackhole List (RBL) filtering is enabled using custom 3WDirect rulesets.
Chkrootkit
Looks for commonly used rootkits, backdoors, and exploits. Also checks for other signs of intrusion.
Rootkit Hunter
Looks for commonly used rootkits, backdoors, and exploits. Also checks for other signs of intrusion, and tests system binaries.
Mod_Evasive
DoS and brute force prevention for Apache.
Mod_Security
HTTP Intrusion Protection System for filtering exploits. Customized ruleset used.
Disable Unnecessary Processes
Disables any services which are not needed for normal system operation.
Remove Unnecessary Packages
Removes any extraneous packages to remove potential attack and DoS vectors while reducing system footprint.
Secure Temporary Directories
Secure /tmp, /var/tmp and other directories to prevent against unauthorized binary upload and execution.
Secure Directory Permissions
Strengthens file permissions on many world-writable directories.
SSH Hardening
Hardens SSH server to prevent against possible attack vectors.
Daily Security Audit
Custom 3WDirect security scripts are installed to report on possible security issues.
PAM Resource Hardening
Enforces PAM resource limiting to prevent against attacks.
Sysctl Hardening
Modifies kernel operating values to strengthen TCP/IP stack against various attacks including syn floods.
APPLICATIONS
ImageMagick
Graphics software package commonly used by many web applications.
NetPBM
Graphics software package commonly used by many web applications.
Mod_gzip
Compresses HTTP traffic to speed up web-browsing times for your visitors.
Apache Recompilaton
Recopiles Apache with commonly used Apache and PHP modules and settings for maximum performance and compatability.
MyTOP
MySQL TOP - tracks MySQL usage in an interface similiar to the Unix 'top' command.
IPTraf
Detailed command-line bandwidth statistics tracking utility.
IfTOP
Command-line utility to see track bandwidth usage based on connecting hosts.
INITIAL SYSTEM AUDIT
Server Stress Test
Stresses CPU, Memory Subsystem, I/O Subsystem, Hard Disks for quality control and compatability purposes. Standard on all 3WDirect servers.
Memory Test
Determines memory is free from any errors which could cause stability issues. Standard on all 3WDirect servers.
Operating System update Check
Ensures all Operating system components are functional and up-to-date.
WHM Configuration Check
Ensures WHM has been installed and configured.
Kernel Update Check
Ensures kernel is at the latest OS-release version.
Backup Configuration
Ensures backups have been configured to the backup drive in your server or remote backup space (if applicable).
3WDirect also enables more security features to defend against SYN based DoS attacks, DNS poisoning and spoofing protection.
ANTI-SPAM / ANTI-VIRUS PROTECTION
Realtime Blackhole List (RBL) filtering is configured for anti-spam protection on your server. The configuration, and combination of nearly 10 blacklists, is designed to maximize spam filtering while keep false positives to an absolute minimum. 3WDirect maintains local mirrors of these blacklists for maximum server performance. Updates are made approximately every 30 minutes to ensure your server is constantly protected.
HTTP INTRUSION PROTECTION
ModSecurity intrusion detection and prevention engine is installed for Apache. This module increases web application security, protecting web applications from both known and unknown attacks. The customized ruleset 3WDirect provides protects from a wide variety of common http attacks, such as PHPBB exploits. If a new exploit is released, your server can be protected in as little as 15 minutes as we push out ruleset updates.
SERVER HARDENING
Besides our initial system audit, which ensures proper installation of the Operating System and control panel and all packages are at the latest patch level, 3WDirect performs many other security tweaks to your server. All unnecessary services are disabled, and unused packages are removed. SSH is hardened, and kernel operating variables are tweaked to add additional security without impacting any use of the server. For a full list of performed services, please see below.
HTTP DOS PREVENTION
DDoS-Deflate is installed for Apache. This module provides evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.and works well in both single-server script attacks as well as distributed attacks.
Attacking hosts are blocked temporarily from Apache while legitimate requests are allowed through.
DAILY SECURITY AUDITS
3WDirect installs our own security scripts which run daily to look for signs of system intrusion or exploits which could threaten the health of your system. Rootkit Hunter and Chkrootkit are also installed and scan the system daily. If any anomalies are discovered, our technicians are alerted and can manually investigate to ensure your server is secure.
Full List of Services
| Advanced Policy Firewall (APF) | Advanced Configurable firewall to block off unused ports and increase system security. |
| Brute Force Detection (BFD) | Detects and blocks brute force attacks. |
| ClamAV Anti-Virus for Email | ClamAV scans incoming and outgoing email for viruses, worms, and trojans. |
| Anti-Spam Filtering | Realtime Blackhole List (RBL) filtering is enabled using custom 3WDirect rulesets. |
| Chkrootkit | Looks for commonly used rootkits, backdoors, and exploits. Also checks for other signs of intrusion. |
| Rootkit Hunter | Looks for commonly used rootkits, backdoors, and exploits. Also checks for other signs of intrusion, and tests system binaries. |
| Mod_Evasive | DoS and brute force prevention for Apache. |
| Mod_Security | HTTP Intrusion Protection System for filtering exploits. Customized ruleset used. |
| Disable Unnecessary Processes | Disables any services which are not needed for normal system operation. |
| Remove Unnecessary Packages | Removes any extraneous packages to remove potential attack and DoS vectors while reducing system footprint. |
| Secure Temporary Directories | Secure /tmp, /var/tmp and other directories to prevent against unauthorized binary upload and execution. |
| Secure Directory Permissions | Strengthens file permissions on many world-writable directories. |
| SSH Hardening | Hardens SSH server to prevent against possible attack vectors. |
| Daily Security Audit | Custom 3WDirect security scripts are installed to report on possible security issues. |
| PAM Resource Hardening | Enforces PAM resource limiting to prevent against attacks. |
| Sysctl Hardening | Modifies kernel operating values to strengthen TCP/IP stack against various attacks including syn floods. |
| ImageMagick | Graphics software package commonly used by many web applications. |
| NetPBM | Graphics software package commonly used by many web applications. |
| Mod_gzip | Compresses HTTP traffic to speed up web-browsing times for your visitors. |
| Apache Recompilaton | Recopiles Apache with commonly used Apache and PHP modules and settings for maximum performance and compatability. |
| MyTOP | MySQL TOP - tracks MySQL usage in an interface similiar to the Unix 'top' command. |
| IPTraf | Detailed command-line bandwidth statistics tracking utility. |
| IfTOP | Command-line utility to see track bandwidth usage based on connecting hosts. |
| Server Stress Test | Stresses CPU, Memory Subsystem, I/O Subsystem, Hard Disks for quality control and compatability purposes. Standard on all 3WDirect servers. |
| Memory Test | Determines memory is free from any errors which could cause stability issues. Standard on all 3WDirect servers. |
| Operating System update Check | Ensures all Operating system components are functional and up-to-date. |
| WHM Configuration Check | Ensures WHM has been installed and configured. |
| Kernel Update Check | Ensures kernel is at the latest OS-release version. |
| Backup Configuration | Ensures backups have been configured to the backup drive in your server or remote backup space (if applicable). |
