New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I mean the iptables modules for OpenVz container, some provider didn't enable it by default, you have to send ticket to make your iptables rules work, I found this annoying.
Ohh I never knew that..
yeah having to put in a ticket for anything really kind of annoys me too, I prefer to self serve! I currently have a dedi that I have to register the MAC to IP so when I'm playing around with vmware/proxmox I have to put a ticket in all the time.
SSH:
1) disable password authenication (key only);
2) firewall off SSH to only a small set of whitelisted addresses that you connect from (if your IPv4 is dynamic, use IPv6, which are typically static);
3) set SSH to IPv6-only (optional);
4) having done the above, can leave the SSH port as default 22.
If you lock-out yourself from SSH, you can always recover via using the VPS console at the provider's control panel. And gotta use a long good password for the control panel and the VNC console.
Yes that thing is a life saver for sure! used it many times..
I would use IPV6 for SSH but I don't have native IPV6 yet from my ISP, well they do offer it but have not applied yet.
I'm using Dome9.Com to security. I can open or close any port...
Very fancy!! but unfortunately the price is a bit high for just a few hobby sites, $19/m seems to be the lowest plan.. I'm thinking more on open source compared to a commercialized solution
there seems to be a free version for personal use
http://www.dome9.com/pricing
Ah yes your right not sure how I missed that..Well I will see if that works with my DO VPS when I have the time.
I don't harden my server at all to be honest. But I don't got any 10k visitor a day sites or any real visitor pulling thing.
True statistic that I just made up:
99% of all attempted server hacks are a direct result of the addition of an IP address to a server.
I've had 64 visits today and over 300 brute force attempts.
99% of all attempted server hacks are a direct result of the addition of an IP address to a server.
What about the other %1?
I'm talking here about my private vps'es. Our dedicated servers are locked up
Those belong to China Telecom
Yeah those get hammered too, unless you're just really lucky. You may want to double check the logs. No password is safe against open ended brute force attempts with no roadblocks. Even little toying around, either the password itself is worth something to you or your vps suddenly all turning into spam bots is a big inconvenience. That's why I put fail2ban on now no matter what it's for.
On a related note:
http://www.lowendtalk.com/discussion/2253/building-the-ultimately-secure-vps-add-to-this-list
I guess it's a good thing all my VPS's only come with 1 IP, the last time I had two IP's was when I was with Virpus and enotech which actually included 3 IP's but that was years ago..
Looks like a pretty popular program around here..
Thanks, Very helpful link..
same
I do almost everything mentioned above.
https://sites.google.com/site/seppsbrainoverload/it-security/2-step-verification-in-ssh
Would be fun to set that up.
Yes that looks easy enough to do..thanks for sharing.