Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How secure is this server, can I use it to host a site with more than 5000 visitors per day?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How secure is this server, can I use it to host a site with more than 5000 visitors per day?

Hello,

For some reason I wish to change my current server to a low price one, but the new one is unmanaged, If I perform the following actions, is it secure enough to host a site with more than 5000 visitors per day?

1, Kernel patched with kernelcare;
2, CSF firewall installed;
3, Default SSH port changed;
4, Only allow connections from Cloudflare and my own IP address;
5, Application secured( which were written with PHP ).

Do I need to ask someone to harden this server? Thanks a lot.

Comments

  • Can.

  • joepie91joepie91 Member, Patron Provider

    Changing your SSH port is not a security measure. The correct solution to bruteforcing bots is to use an SSH keypair and disable password authentication.

    Thanked by 3JasperNL bersy ucxo
  • jarjar Patron Provider, Top Host, Veteran
    edited April 2017

    @joepie91 said:
    Changing your SSH port is not a security measure. The correct solution to bruteforcing bots is to use an SSH keypair and disable password authentication.

    I'm even getting bots on 2222 now. Of course, the reason I'm using it is to reduce bot connections creating a bottleneck and it's effective for that, so still do it if you have that problem.

    Other than that, OP, it sounds like you still need some managed hosting. Your questions do make that clear. It's okay, that's not an insult, I envy people who don't have to think about it as much. It's stressful doing it all yourself.

    1. Kernelcare is good but someone malicious having privileged access is problematic regardless of patched kernel exploits if you don't know what you're doing.

    2. CSF is going to make you open tickets yelling at your provider that your server is down when it's not. Mark my words. You either understand it's complete config and what everything does or it interferes with your ability to learn to manage the server.

    3. Good for reducing bot connections, do it for that, not a big deal with security. Alternate port can buy you time with not being compromised, that is indisputable logic, but that as a sole security measure can do absolutely nothing more than buy you time. Maybe it means you're compromised on Tuesday when port 22 would have been compromised on Monday.

    4. Good move. Do that.

    5. I don't know that you fully understand the situation enough to say that these are secured.

    One server which costs pennies can host thousands of websites with thousands of visitors. One very expensive server can fail to host one website with a few visitors. There is no single method of calculating this because it is dependent on the physical resources used per visitor per website, which relates to resource performance, application code, and server configuration.

    Thanked by 1ucxo
  • Also keep in mind that security is not a product, rather an ongoing endless process.

  • sinsin Member
    edited April 2017

    You should get used to using and hosting a test site with your unmanaged server first for awhile before hosting anything important.

    Also if the OS you're using has systemd then research the different systemd hardening options (such as Privatetmp, NoNewPrivileges, ProtectSystem, etc) that you can set on your long running web systemd service files.

  • pbgbenpbgben Member, Host Rep

    Give me $10, 10 min and your password, I will be able to hack into it.

  • pbgben said: Give me $10, 10 min and your password, I will be able to hack into it.

    I'll do it for $7.

  • @pbgen lololol

    1. doesn't matter unless you are allowing code/arbitrary data to be executed on your site. Do you trust your app?
    2. waste of time
    3. waste of time, but do not use passwords. Only key based auth
    4. very good, this is +1
    5. i take your word for it

    jarland's advice is good, but i think you can get away with unmanaged.
    Please aim to use configuration management, Ansible is pretty freaking easy to work with. and will make your life easier.

    Thanked by 1eastonch
Sign In or Register to comment.