Security FAQ

How can I see the information in an SSL Certicate?

• openssl x509 -noout -text -in _/path/to/cert/certname.crt_

My server is under a SYN attack, what can I do?

If you believe you are under a SYN attack, run the following command:

• netstat -an |grep :80 |more

You will see a list like the following, however there will be serveral hundred entries:

tcp        0      0 12.34.56.78:80        211.48.6.244:1048       SYN_RECV     
tcp        0      0 12.34.56.78:80        128.223.93.135:1167     SYN_RECV     
tcp        0      0 12.34.56.78:80        194.15.197.170:1192     SYN_RECV     
tcp        0      0 12.34.56.78:80        199.155.53.109:1039     SYN_RECV     
tcp        0      0 12.34.56.78:80        4.168.188.28:1048       SYN_RECV     

Assuming your kernel was built with syncookie support, execute the following command as root:

• echo 1 > /proc/sys/net/ipv4/tcp_syncookies

If it's not enabled, there isn't much you can do other than build a new kernel and reboot and use it or wait out the attack. Some datacenters can help with this as well.

When setting up a dns trust relationship, I get errors about possible security threat and stuff about ssh/known_hosts ?

Most likely the master server has changed it's ssl info. easiest way to remedy this is:

• cd /etc/
• rm -rf .ssh

Then, try setting up the trust relationship again.

Can SSL Certificates be added to an addon domain when the main account already has one?

SSL certs can only be installed on one IP at a time (simply by nature of how they work).

Addon domains use the same IP as the main domain, so no, SSL certs can not be added to an addon domain.

How can I tell if my ssl certificate and key are paired correctly or just view the contents of them?

To view the contents of a certificate:

• openssl x509 -noout -text -in filename.crt

To view the contents of a private key:

• openssl rsa -noout -text -in filename.key

If the modulus number and exponent of the cert and key match, they are paired correctly. If not, they are mismatched and apache will not start with ssl enabled.

When I use google search I am brought to your site. Do I have the QHOSTS virus? How do I remove it?

If you were brought to this site inadvertently because you were trying to use a search engine, you may be infected with a virus that is affecting Windows machines and forwarding them to a server that was removed and replaced with a blank cPanel server. For more information on this virus including methods of removal please visit one of the following sites:

• http://www.microsoft.com/security/security_bulletins/ms03-040.asp
• http://vil.nai.com/vil/content/v_100719.htm
• http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
• http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_QHOSTS.A
• http://www.sophos.com/virusinfo/analyses/trojqhosts1.html

Please check these sites before calling our offices as our attendants cannot provide any more information than is provided above. Thank you for your patience in this matter.