# Self-Check for Host DDoS Attacks A cloud host with vulnerabilities may be attacked by hackers and potentially serve as a host for DDoS attacks. This help you perform security self-checks on your cloud host to avoid potential security risks. ## PHPMyAdmin ### Check - Whether it is installed - Whether the /install/ directory has been deleted - Whether there is a password ### Repair - Enhance mysql password - Restrict access to phpmyadmin ## Tomcat ### Check - Whether the management page /manager/ exists - Whether the backend uses weak passwords, common weak passwords include admin/admin, tomcat/tomcat, manager/manager ### Repair - If no need to use the tomcat management page, delete it. If necessary, enhance the password. The specific settings are to increase the password strength in conftomact_user.xml ## Other Common Open Source CMS ### Check - Whether they are using common open source CMS, dede, and whether the version has vulnerabilities. - Whether the backend uses weak passwords ### Repair - Upgrade to the latest version - Enhance password ## Struts2 ### Check - Whether using Struts2 framework - Query whether there are vulnerabilities in this version of the Struts2 framework ### Repair - Perform access control on the management backend - Enhance password ## Editor ### Check - Check whether fckeditor is installed - Whether anyone is allowed to access - Whether there is a page like fckeditor/editor/filemanager/connectors/test.html fckeditor/editor/filemanager/* ### Repair - Restrict access to fckeditor - Delete the test page ## Common Pages - Check if ewebeditor is installed, whether the default password is admin, admin888 - There are many problems with ewebeditor itself, it's recommended to avoid use it if possible - Repair: Enhance the password. The database of ewebeditor can be downloaded, weak password is useless ## FTP Brute Force Cracking ### Check - Whether the FTP has a weak password, check /var/log/vsftpd.log for abnormal logins ### Repair - Enhance password ## SSH Weak Password ### Check - Use the last command to check for abnormal logins - Check /var/log/secure to confirm whether there is brute force cracking, and whether it was successful ### Repair - Enhance password ## ElasticSearch ### Check - ElasticSearch 1.2 and below versions enable dynamic script execution by default, leading to being hacked ### Repair Modify the configuration file, add "script.disable_dynamic: true" to disable dynamic script - Disable dynamic script execution - Perform access control ## SQL Server ### Check - Whether SQL server allows external connections, whether the password strength is sufficient ### Repair - Enhance password - Perform access control ## Windows Remote Desktop ### Check - Whether there is a weak password ### Repair - Enhance password ## Open Source Software like mysql, nagios, zabbix, phpmyadmin, cacti, redis, etc. ### Check - If these open source software are used, check the version - Confirm with the official whether there are vulnerabilities in this version - Whether these open source software system accounts have weak passwords, or null passwords ### Repair - Upgrade to the latest version - Perform access control - Enhance password - If these service accounts do not need to log into the system with SSH, set the login shell to /sbin/nologin