Short security guide

Security matters ! Don't invite hackers in !
Admin
Site Admin
Posts: 490
Joined: Wed Jul 25, 2012 10:54 pm

Short security guide

Postby Admin » Sun Jan 05, 2014 5:40 am

Hello !

We plan on offering short guides on various items and this time is security.
Just a day ago we had 3 zPanel Installations hacked and used to send spam and one Kloxo completely wiped.
At this time, we only recommend Virtualmin as a free hosting panel. Check this excellent tutorial on how to install and use it:
http://lowendtalk.com/discussion/17915/ ... -20-images
There is also a security guide:
http://lowendtalk.com/discussion/18133/ ... -22-images

Many of the security tweaks there are sound advice for any installation.
In general, make sure you are following these steps at least:

1. Keep your OS updated. Run

Code: Select all

apt-get update
and

Code: Select all

apt-get dist-upgrade
for debian/ubuntu OSes and

Code: Select all

yum update -y
for RHEL/Centos based OSes each time you login (and check it at least once a week);

2. If possible, change ssh ports or use keys to connect. If you are using a password, make sure it is long, complexity is not much required if it is over 20 characters long, so use a phrase you like, such as: "I will never use short passwords again !" It is much easier to remember than Xn!mLTi$hUUqT and it is as hard to crack. Also change other obvious ports such as the Virtualmin default one (10000) and directory names for your script's admin area if possible, also be very careful with directory permissions, do not allow write on anything you do not absolutely have to;

3. Do not install or keep services you do not use, such as mail servers. We have minimalist templates, use those and ADD what you need, instead of removing what you do not. The fewer services open, the smaller the surface of attack. Besides using resources, they can be entry points for hackers that will use your VPS to send spam and this will make us suspend you service, not to mention your IP could be involved in much more serious issues such as child porn or attacks against governments and institutions that will guarantee an investigation on you;

4. Pay attention to the notifications we send you. If we have reasons to believe you were hacked, we send you notifications and might even shutdown the VPS. If you simply turn it back on or ignore the notifications, we will suspend or even terminate your service as we consider you did those things in purpose;

5. Get informed about the issues with the software you are running. For example the zPanel guys are known not to fix even the exploits they know about while Kloxo is unmaintained for a long time, if you MUST use it, please get the MR variant. Simply pasting some commands to install something and then forget about it is a sure path to trouble. You must keep your software updated, especially frequent targets such as joomla, wordpress and the like. This includes any plugins you might be using !;

6. Do not share access with anyone. We will not accept excuses like: "the DDoS attack was not done by me, but by my friend, IMMEDIATELY RESTORE THE SERVICE !!!" We are in a contract with you and not your friend, therefore all actions coming from your VPS are considered to be yours. If you trust your friend with the password, you must also accept responsibility for their actions.

nocom
Posts: 6
Joined: Sat Aug 04, 2012 11:45 pm
Contact:

Re: Short security guide

Postby nocom » Tue Jan 28, 2014 10:43 pm

Paranoid security by nocom

100% ssh security

/etc/init.d/dropbear stop

howto start ssh

reboot server from panel

ErawanArifNugroho
Posts: 21
Joined: Thu Aug 02, 2012 2:17 pm
Contact:

Re: Short security guide

Postby ErawanArifNugroho » Sat Feb 01, 2014 5:11 am

nocom wrote:Paranoid security by nocom

100% ssh security

/etc/init.d/dropbear stop

howto start ssh

reboot server from panel


Since every vps have console access, we can kill all running ssh/dropbear, and start it again from console if we needed. :)

My default security :
- Move SSH from port 22 to another port
- Whitelists the IP that having access to that port, or just simply kill all running ssh/dropbear.
- Send an email for every successful login attempt
- Use denyhosts and logwatch, and set it to send us the report everyday.

If we no longer needed the machine, we can just shut it down from SolusVM or iwstack :p


Return to “General security”

Who is online

Users browsing this forum: No registered users and 1 guest