Secure your VPS now! [with a How-to]
(02-10-2014, 05:42 PM)xfix Wrote:
(02-10-2014, 01:57 AM)noballz Wrote: hmmm, thanks for your answer, Kaloy, and Alive4ever ^^..

how about ddos? do you know about some ddos defender like cloudflare? i need that free script. Sarcastic

CloudFlare works, but only if you're willing to pay for DDoS protection, and you are only going to host a website - nothing else will be protected or accessible. This is because CloudFlare works like a proxy for HTTP and HTTPS services.

As for script, I wouldn't bother. It's unlikely to protect you from anything, except for small attacks. What chances does your server have against army of infected Windows XP computers?

Instead, try to ensure that nobody will be willing to pay for DDoS attack. DDoS attacks cost, nobody will be doing them for free. For most websites, this is not an issue, unless your website is about controversial stuff, like politics.

Also, game servers like to invite DDoS. Some people will just hate your server. Perhaps because it's popular, but who would understand those idiots. Don't make your server public, don't advertise it everywhere (this is a really bad idea, trust me). Instead, invite your friends to the server. You don't want people you don't know on your servers. I once had Minecraft server on my VPS, and it wasn't attacked, as it was private, invite-only server.

Do you know any site that is using pro version of cloudflare for ddos protection. if so how good it is and what exactly cloudflare do to block them, if it`s proxy based then won`t cloudflare`s servers will be down when under heavy DDOS defilate attack.
    Thanks freevps for VPS 14
[Image: 2372943100.png]
Great tutorial man, another thing to have in mind is that if you share your ssh acces with other admins, be patient and create a user with their own password, that helped me a lot in past servers.
This are good tips, can you tell me why should i disable root accesos through ssh. I normally use it but with a strong password with letters, numbers and symbols. I would like to know a good answer for it. Anyways, those are nice suggestions even if i'm still using FTP.
(07-20-2014, 11:23 AM)neo_Zero Wrote: This are good tips, can you tell me why should i disable root accesos through ssh. I normally use it but with a strong password with letters, numbers and symbols. I would like to know a good answer for it. Anyways, those are nice suggestions even if i'm still using FTP.

You should disable it because it's an account that exists in every UNIX and UNIX like system, so it's guaranteed to exist, and people can sit and brute force it or possibly find remote exploits to get access. By not allowing remote root access, you're removing a large attack vector. By requiring sudo access you add an extra layer of accountability as well. Not only do you have a log file stating each command run as a super user, but you have a time, date, and username of the invoking user who ran said command, so when you have a stupid sysadmin screw up something, you can go over there and pour coffee on their keyboard and go crazy. Also, FTP is something you should get rid of if you care about security at all, there is really absolutely no reason to use FTP anymore and hasn't been for years.
(07-20-2014, 11:23 AM)neo_Zero Wrote: This are good tips, can you tell me why should i disable root accesos through ssh. I normally use it but with a strong password with letters, numbers and symbols. I would like to know a good answer for it. Anyways, those are nice suggestions even if i'm still using FTP.

First of all, if you want detailed explanation why you shouldn't use FTP, then you shall have it under this link.

As for root access. Well, bots try accessing ssh as root. Why risk the access when you can simply use sudo on normal account, instead of exposing root access.

Also, "with a strong password with letters, numbers and symbols". Is this password as strong as you think? If you use it on multiple sites, it's bad. Also, even if you don't use it on multiple sites, try typing it in Dropbox's password checker. If it gets 1 or 2 bars, that means your password is bad (by the way, this password checker detects dictionary keywords, even after obfuscation (like replacing l with ! or S with $)), and you should get a better password (yes, the passwords generated by this tool are safer (and easier to remember at that), even if the attacker understands the pattern).
Instead of password authentication you should only use the SSH public key authentication with a strong (>=4096 Bit) and passphrase protected keypair. Of course the passphrase needs to be good and you have to keep the private key very hidden from others but it is worth it.
How About DDOS? this is from VPS? or from the provider?

sorry for bad english
Humza what about email alerts when someone try to get in your vps for more than 3 or 2 times with the wrong password also when someone connect to it.
martip07, personal site
FreeVPS, for give me a good vps 
I've already implemented most of the things suggested in this thread apart from DenyHost as whenever my Router resets my IP Changed (Dynamic) Which I'm guessing would make things complicated for accessing the server.

Thanks for the great tutorial though!
Thank you FreeVPS and FuzzyHosts for my VPS 2!
It might be useful to add http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html - it contains a ton of things you can do to add some additional security to your server, nginx.


Forum Jump:


Users browsing this thread: 1 Guest(s)

Sponsors: FuzzyHosts - WeLoveServers - Ftpit - ZXPlay - BoneVM - GalaxyHostPlus - Kwicero LTD - Verelox- HostUS


BitCoin donations: 1DQxbstaTb5SWk6QC2gFeQUTFR64JX4cEo