Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Is my VPS properly secured...
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Is my VPS properly secured...

I'm getting an email about unusual activity on a certain account I access through my private VPN (Openvpn), which leads me to suspect (possibly, at least) that something might be amiss.
Does anyone have a suggestion or two as to how I can 'probe' my VPS for weaknesses?
Many thanks in advance!

Comments

  • @dahartigan has a guide on the @HostDoc forums but it doesnt load for me right now. I noticed it now changed to hostdoc.space ? The doc really has creative side on domain names.

    Thanked by 2dahartigan sally
  • Thanks for that, I'll take a look... :)

  • Can you share what the email reads? If I remember OVH detects and blocks outbound SMTP spam, port scanning and attacks. If you set up OpenVPN properly it's unlikely that it's being used by someone else.

    It might be best to reinstall it and start from scratch. On a bare server disabling password authentication (SSH keys) and keeping stuff up to date is important, but it all depends on what else you are running beside VPN.

    Check "netstat --listen" for anything you don't recognise, and check top or htop for the same thing.

    Thanked by 2timelapse sally
  • Oops I thought you were asking how to secure your vps. Have you checked the logs? @uptime @AuroraZ @ITLabs @jsg can give good advice!

    Thanked by 1sally
  • Thanks for the replies guys, much appreciated.
    In the meantime I'm beginning to suspect the issue may be a 'not quite squeaky clean' IP address I've been assigned.

  • Well if you are doing the right things, ssh port changed, using keys, no root login, the chances are slim you are compromised. There is always a chance there is something wrong with your template and allows people, but any host worth their salt checks those thoroughly.

    As for OpenVPN the only way anyone can use it is if they have a key as well. They would have to generate said key on your install. So they would have to have root access to the machine. You can check the log files at /etc/openvpn normally if you have logs setup.

    As for the "dirtiness" of the IP that can be checked on any number of sites.

    That is all I can say right now without more information. Except that a pen test is expensive and not worth it for this application. It will take to long to get the necessary permissions from all the groups involved, and just be a big pain the arse.

    Thanked by 2timelapse sally
Sign In or Register to comment.