New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Feathur? http://feathur.com/
@Drukpa We put it this way. If any hacker manages to hack into your node, why not hijack it altogether instead of teasing you with changes to WHM password? Do you have full control of the node?
If you only have 2 VPS's to manage just use command line commands, it's easy!
vzctl create 101 --ostemplate xyz, vzctl set 101 --ipadd 192.168.1.1 --save, vzctl set ram/storage etc.
http://openvz.org/Basic_operations_in_OpenVZ_environment
What he said ^. I've been running Proxmox at home and it seems decent overall, but any panel is likely overkill for only 2 VMs.
This guy was injecting links into my sites. And he was doing that using the cpanel file manager. He logs into hypervm, changes the cpanel vps' root password and logs into whm. He never logged into the node/VPS ssh. Maybe just a kid who happened to find my hypervm and knew about vulnerabilities.
Have now shutdown that hypervm service and blocked his IP.
Proxmox will be overkill
vzctl only or I Openvz Webpanel https://code.google.com/p/ovz-web-panel/
@Drukpa 1. Doesn't need to change your password to upload files via file manager. You'll probably not notice so soon
2. You keep changing back the password, don't you think he knows?
3. He need not SSH into the node, using HyperVM is good enough. He could have changed your HyperVM password instead of WHM and you will have access to nothing. Only possibility then would be a reinstall.
4. Still using HyperVM default password or changed? LXguard configured?
5. Are you the only one using the computer that accesses the node?
HyperVM controls your node.
I use proxmox for 3 VMs and I think it's great :P
Yeah, I didn't think hypervm was the culprit. Have shutdown that service now. Even if he changed hypervm password, I still have the node root password. Hypervm uses a different username/password. Anyway hoping the problem is solved now.
Now need to learn how to manage vms via ssh until I find the time to install a good control panel.
Does it work well with sw raid 1? Very few seem to use it in production, funny of me to ask as I been using that shit hypervm till now.
All virtualisation managers will work with RAID
Just install fail2ban and set your home ip in whitelist, then set : ban after 2 fail attempt
http://www.fail2ban.org/wiki/index.php/Main_Page
https://github.com/fail2ban/fail2ban
becareful when setting the ban after fail, if you set it to low, you'll lock yourself out.
reinstall OS, then change SSH port, and use only key auth.
do what I would do just buy virtualizor I probably only have about 4 vm's on it so far with delimiter and I would like to say it seems very secure as I locked myself out onetime due to a bad keyboard typing in the wrong password and I was locked out for 15 mins so that will slow down any hacker.