Website Hosting on VPS
#1
Noob question, is it preferred to host a site in the root user of VPS? Keeping the fact of security in mind, more than one person would be accessing the server.
Thank you HostUS and FreeVPS for a VPS15  Wink

#2
(2018-02-22, 10:57:57 pm)adgod Wrote:  Noob question, is it preferred to host a site in the root user of VPS? Keeping the fact of security in mind, more than one person would be accessing the server.

First of all: Noob question indeed.

Next time you want to ask this question, just remember this: YOU'RE NOT SUPPOSED TO RUN ANY SERVICE UNDER ROOT USER! ESPECIALLY THOSE ACCESSIBLE TO OUTSIDE THE LOCAL ENVIRONMENT!!! Regardless of the situation. And that's the basic answer to this question all the time.

Of course, that's the basic answer. Now whether you chose to follow it or not, is not our problem. Just don't come crying when you get pwned. Period. So don't start fictional ideas of "will it?" and "will it not?", involving unicorns from Mars, to question the security implications of this behavior. You already know what they are. If you have doubts about doing it then that's more reason not to do it.
#3
Alright lol, just asked a simple yes or no, not an essay xD thanks anyway
Thank you HostUS and FreeVPS for a VPS15  Wink

#4
(2018-02-23, 2:20:04 am)adgod Wrote:  Alright lol, just asked a simple yes or no, not an essay xD thanks anyway

Looking at your posts. I can see why you think that's an essay. But no. There aren't many yes or no answers in this world. Especially when the question wasn't made to be like that.

@deanhills knows more about essays. perhaps you two could chat sometimes.
#5
Well I guess no-one is born knowing everything. And in your eyes this question might be as ridiculous as someone asking if they can run GTA V on android. So yes, being a mod on a big forum like this, ik you have faced this kind of questions a million times. But yea try keeping some patience.
Thank you HostUS and FreeVPS for a VPS15  Wink

#6
ha ha. Don't you worry ! he is very patient ...

It was your lucky day ! he is one of the two or three really knowledgeable guys over here and he decided to engage you ! But alas ! As they say, we are our biggest enemy ! I guess I would rather request him to give me more detail on why it is never wise to run externally accessible services under root. What you did above was like calling up an airlines and asking them to answer in yes or no whether they had an open to air seat on any of their flights to London. I am a noob. Even I have enough sense to know why this can not be a yes or no question..like ever.

So you asking it in yes or no and insisting that he should be patient while he simply tried to explain it only shows that you have no patience to learn.

Unless you are the expert of course and trying to measure the depth of the average fvps user with some random yes no questions Tounge
Many thanks to Freevps, Chris (cw1998), The Guy( ID 4810), optimus, GHP and the other  staff members.
#7
(2018-02-11, 3:52:02 am)thirthy_speed Wrote:  This is pretty similar to an older (not that much older) thread: https://freevps.us/thread-21647.html. Maybe it could be merged.

Apparently the most profitable mining nowadays is by hacking into computers, creating a botnet, and using it to mine something like Monero. I read about the Smominru botnet which is estimated to have mined about ~3mil USD worth of Monero.

(2018-02-23, 1:24:16 am)SLC Wrote:  First of all: Noob question indeed.

Next time you want to ask this question, just remember this: YOU'RE NOT SUPPOSED TO RUN ANY SERVICE UNDER ROOT USER! ESPECIALLY THOSE ACCESSIBLE TO OUTSIDE THE LOCAL ENVIRONMENT!!! Regardless of the situation. And that's the basic answer to this question all the time.

Of course, that's the basic answer. Now whether you chose to follow it or not, is not our problem. Just don't come crying when you get pwned. Period. So don't start fictional ideas of "will it?" and "will it not?", involving unicorns from Mars, to question the security implications of this behavior. You already know what they are. If you have doubts about doing it then that's more reason not to do it.

Well @rudra I don't actually happen to find anywhere him explaining "why" one doesn't start services under root user. Nor I did ask for it. All I said was " should I or no?"
@Ignis or @Hidden Refuge can you please lock the thread, it's solved
Thank you HostUS and FreeVPS for a VPS15  Wink

#8
First of all, let me be clear: I was never angry or inpatient when making a post on this forum. I'm quite calm actually. That's just me. I can be fun but also annoying. Depends on the context and mood.

Secondly. Yes, you are right, no one is born with knowledge. That includes me. And yes, I see questions like these all the time. I asked them too. So I remember how I felt. The doubts I had. And I presumed that you had them too. And I simply tried to tell you that whenever you have doubts, you're likely making the wrong choice.

As for telling you what could happen if you run services under root. Why would I do that? Seriously tho. Why would I repeat other information on the web? Not that you would understand it. Understand how programs vulnerable to buffer overflows can be exploited by injecting malicious code and are likely to allow an attacker from the outside world to gain control of your machine since you're running the service under root. And what can root do on Linux? The answer is: everything! So do you? Do you understand how a buffer overflow works in a program, and how I can exploit that? Pretty sure you don't. Otherwise you wouldn't have asked this question. That's why I didn't get into detail of why that's dangerous. Because you wouldn't get it.

I simply appeared (as intended) to be a bit more aggressive on telling that's a bad idea and you shouldn't do it. Then I proceeded to tel you that your mind tricks you by questioning the validity of that warning with fictional ideas that are just unrealistic. Because I've been there and I've experienced that myself. And that you should ignore those ideas and be rational about it.

You then assumed (like everyone else at first) I was angry?, irritated?, impatient? with/at you. And that somehow I should've pampered you and give you the answer you wanted. And most of all, to validate your doubts. So when I didn't, you took the victim act. And yes you did, don't deny that. This happens so often that I pretty much got bored.

And third, you never specified that you needed a "yes or no answer". You just assumed you'd get one.

But most importantly, please accept harsh answers next time you're aware that you're asking a noob(ish) question. Because you're (most) likely to get some. So you should be patient, not me.

I've said my peace. And while being very calm I might add. In case anyone gets the wrong idea.

And that my dear friends. Is how we ended up with a topic that's made of 90% arguing about something not even relevant and 10% actual relevant content. Because you just couldn't leave it at that.
#9
(2018-02-23, 5:15:36 am)SLC Wrote:  And that my dear friends. Is how we ended up with a topic that's made of 90% arguing about something not even relevant and 10% actual relevant content. Because you just couldn't leave it at that.

And it's not locked yet ..... think that's what I like about you as Mod @SLC.  You're not lock trigger happy - you think before you lock, you warn before you lock and you write posts that are always worth reading, are of great quality with lots of entertainment value.  You also shoot straight. The total package works for me.  Cool

I'm definitely guilty of being verbose and writing essays.  Will try to improve on that.  

So while the thread is still open just a suggestion to @adgod If you're going to share your VPS with other users, I'd get a free panel like VestaCP and create separate hosting accounts for all of the users.  You could then create your own separate hosting account with a different user name and separate your hosting material from other users.  This is how most hosts operate who are sharing space with other users on their servers.  They give them a "hosting package" with a specific size disk space, traffic and with a set of rules, permissions and privileges.  The packages are constructed such as to protect the host from potential hazardous actions by the users, and also to protect the users from themselves and one another.
#10
@SLC's reply was pretty short and straightforward to the point considering what you were asking. If you think that's an essay, you should read some articles about security and see how detailed (and boring) it gets.

Thread locked.




Users browsing this thread: 1 Guest(s)