New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Security questions
CesareBorgia
Member
in Help
Hi everyone.
Long time lurker, first post here.
I would like to check if this it is typical behaviour for a security software on a dedicated server to:
1 - Open 150 ports on the firewall of Cloudflare and UFW.
2 - Use caddy with certificates found on the caddy folder.
Obviously, I have my opinion, but there is people here with much more knowledge than me to give a transparent response, which I would appreciate a lot.
Any question post it or send dm, thank you
Comments
Security software? What are you even talking abour?
What's the security software?
Providers usually do not care about YOUR security. They care about money
Define security. Does it mean securing access to a malicious third party? Mission probably accomplished.
How does that "software" even access your CF settings?
If you tried really hard you could probably make the question even less clear.
Thanks everyone for the fast replies, but, I didn't mention names for a reason. It wasn't to make this confusing or anything, but given some "coincidences" that lead to that, named, retaliation.
I will make it more clear, or at least i will try.
I owned a dedicated server, with a panel to manage it from which i subcontracted said software for an extra layer of security.
So, the software was integrated with the panel.
I have contacted them, the panel, and I hope you all understand that I'm not mentioning names, as basically losing my business and a state funding for a project was enough given the "coincidences", not to mention the hours wasted, family time, summer.
The caddy, open ports, certificates, i have proof for all of that, I just wanted to confirm that something is or may be very wrong here.
I keep the questions short to see the reactions to those facts, which seems aligned with my view.
I hope this helps to clarify, my position, because I have no interest in hiding the names, it's more the opposite. Have anyone been through something like this?
Ask the developer of whatever software you use then, no one can answer your obscure question and situation
why oh why.
why oh why.
Sorry, but you should ask yourself if your skills fit for the service you offered. Sorry to say this, but your writings do not sound like you know what you are doing.
(And no, you do use panels to manage a server, you use a ssh console for that.)
It would just turn into a different story if you rented a managed dedicated server.
Sorry but both of your posts sound quite weird, plus you basically confront us with kind of a puzzle (and frankly, not an interesting one).
Two points are obvious,
And the kind of firewalls it "addresses" suggests that they are targeting, uhm, "normal users" (read: clueless ones). But it also is a hint to what their "security software" really is about.
Finally
past tense, suggests that the damage has already been done and that you're very late, too late with your suspicions (is this about some form of revenge?).
Good luck.
It is very difficult to understand your current situation. It might be wise to contact your provider for a better clarification.
Is it something more real like an IDS, or is this a wordpress plugin type situation where you just add more vulnerable crud on top of an already horrendous ecosystem?
More LOC = more attack surface.
Bitninja.
It's not a form of revenge.
I documented everything, so not late.
Anyway, thanks for the people who did respond.
And yes, I work with WordPress, for 12 years. Managing servers for half of them. First time with problems.
Sorry for the confusion, my mistake.
Thank you,
Cloudflare and security on same line?
There is no security if someone else manages your fw.
Serious security software doesn't use UFW, it should, (at the very least), manipulate iptables directly because UFW is just a wrapper.
If you're looking for a decent WAF, try Safeline: https://github.com/chaitin/safeline
If you're looking for a SIEM with active response, try Wazuh: https://wazuh.com
If you need an external firewall, I like OPNsense. You can use it on a VPS and get it to reverse proxy your connections, (use either NGINX or Caddy plugin), so you don't need two NICs with pass-through: https://opnsense.org
a security software with https server opened, and set a lot of iptables rules, basically this server got cooked, take care
WordPress (implies PHP) and security on the same page?
Secure websites have to be coded with a compiled and memory safe language, such as Rust and Go.
Root partition must be read-only, where you upgrade the system and website code by swapping hard drive.
While at it, use a Harvard architecture machine for ultimate memory safety.