Budget firewall for my DirectAdmin Ubuntu Box Suggestions Please

indieben

Hey Folks,

I'm sick of Reseller companies ripping me off - i've been with about 5 now so i've decided to spin up my own Ubuntu VPS and have a crack at "doing it from root".

Personal circumstances mean I have to be as tight as a duck's bum/butt with only a few customers. I am however looking to grow and to offer a decent deal to people.

One thing that I so obviously need is a firewall. I've looked at Immunify, I can't afford it. Is there anything else out there please?

Thanks.

raindog308

Immunify360 is considerably more than a firewall.

If you want a free firewall, iptables/ufw is built-in, but that's not really what you're asking about.

ConfigServer (CSF) is free and is an excellent product: https://configserver.com/

You could marry it with ClamAV for antivirus (also free)

tentor

Maybe OP meant Web Application Firewall? Then ModSecurity may be an option.

Francisco

Do you need a basic L4 firewall or something application level?

DA includes CSF by default which is good for bruteforces, dealing with SMTP, etc.

If you need fancy rules to protect wordpress/etc, you would need to get a mod_security ruleset and plug that in. Three's some free rulesets around (is COMODO still a thing?)

Francisco

wii747

crowdsec with ufw

FatGrizzly

@Francisco said: is COMODO still a thing?

Yup, https://docs.directadmin.com/webservices/apache/modsecurity.html

rahulk

If you're looking for an affordable solution, you should also consider taking a look at cPGuard.

indieben

Hello all, wow, i'm new here - thanks for all of your replies.

I'm not the type to lie - i'm new to this game lol as I mentioned above (DIY), I just care about my Clients and protecting them. I've decided, for ease as i'm at best a rookie Linux admin, to go with Immunify365 after all, my few clients don't bother with JetBackup anyway and rely on me to do their updates for them. I back stuff up to my laptop. So, with that money and looking at my personal bank balance and tightening things up, I can just about stretch to Softaculous and Immunify360 if I don't go for JetBackup straight away until i've got a few more clients.

Sorry to change the question a bit, but are there decent alternatives to JB for people that just about work out how to log onto the DA admin panel please that pop an option in DA?

I noticed with JetBackup that they have a panel and non panel version - does that mean the cheaper version is not visible for clients in DA anyway? It suggests that backups and restores can't all be managed in one place, i'm not bothered about masquerading as the Client anyway, I presume there'll be a way of doing that in DA. I'm a cPanel convert by about 2 days.

Thanks so incredibly much folk!

rahulk

@indieben said:
Hello all, wow, i'm new here - thanks for all of your replies.

I'm not the type to lie - i'm new to this game lol as I mentioned above (DIY), I just care about my Clients and protecting them. I've decided, for ease as i'm at best a rookie Linux admin, to go with Immunify365 after all, my few clients don't bother with JetBackup anyway and rely on me to do their updates for them. I back stuff up to my laptop. So, with that money and looking at my personal bank balance and tightening things up, I can just about stretch to Softaculous and Immunify360 if I don't go for JetBackup straight away until i've got a few more clients.

Sorry to change the question a bit, but are there decent alternatives to JB for people that just about work out how to log onto the DA admin panel please that pop an option in DA?

I noticed with JetBackup that they have a panel and non panel version - does that mean the cheaper version is not visible for clients in DA anyway? It suggests that backups and restores can't all be managed in one place, i'm not bothered about masquerading as the Client anyway, I presume there'll be a way of doing that in DA. I'm a cPanel convert by about 2 days.

Thanks so incredibly much folk!

R1soft and DA's default backup feature is a great alternative.
If you manage all your clients' websites, you can use WordPress backup plugins with any FTP server. I think there are many backup plugins available that provide backups to a central location. Additionally, Softaculous also has a backup option for installed scripts.

tra10000

If you have a good processor, enough memory and fast disks,

Clamav + maldet + Csf + Modsec (Comodo is pretty good except for a few rules) are good choices.

Another cheap option could be CXS.

DA built-in backup is pretty good, again with good disk speeds. When running very large accounts backup, some extra cpu may be required. And for large size backup operations external tmp will be required.

tentor

I am curious why you guys do mention only COMODO rules and not OWASP CRS? Why don't you mention the latter one? Haven't had any experience with shared hosting previously, so I might be overlooking something.

rsk

@tentor said:
I am curious why you guys do mention only COMODO rules and not OWASP CRS? Why don't you mention the latter one? Haven't had any experience with shared hosting previously, so I might be overlooking something.

When we activated owasp, i had 100 tickets about all the broken functionality from the rules blocking pretty much everything. Needed a lot of tweaking.

indieben

Thanks very much everyone, food for thought!