New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Set your root password to 'welcome' and make friends with everyone.
I will take that under advisement
I'm joking of course, but imho 'security' has more to do with relations than technicalities.
First of all, please listen to no one who replies "Install CSF." This is a default/annoying firewall that has literally nothing to do with how most compromises occur.
Use keys, disable root SSH login, change default SSH port, keep all packages and applications up to date, block access to anything HTTP side that people don't need access to (for practical example, blocking script execution in an image folder could stop a ton of Joomla exploits, applicable theory for other purposes).
Those are my recommendations
Installing
unattended-upgrades
on Debian based OSes will help with keeping packages up to date.Thank you for the insight.
Is Fail2ban effective?
You don't need a firewall if you don't have a topology to protect (and I suspect you don't). One possible exception is indeed Fail2Ban which uses IPTables to ban people that try to brute-force their way in. But if you follow @Jar 's suggestions ("use keys"), you don't even need that.
google it. there's loads of great blogs on securing your box
here's one:
http://zcourts.com/2013/05/27/securing-a-linux-centos-vps-in-10-minutes/#sthash.o9v1JTvC.dpbs
some things to work on:
start with using a strong password, until you...
use keys (disable password authentication)
disable login as root user
then consider protecting from bruteforce. csf or fail2ban. but you could just lcok down access to your IP, if you have a fixed IP.
Can you elaborate on this a little more?
Can you elaborate on this a little more?
E.g. /wp-admin/ or wp-logon.php
Basically restrict access to minimize entry points. These examples are for WordPress, but whatever your application is.
I use Debian I have changed SSH port to a unusual number (not 2222) and disabled password authentication.
If you really want to take another step further (what I'm intending to do) you can disable root login and bind to a specific IP address and even allow selected IPs only to login.
dDos Deflate might come in handy.
I use this fork of dDos Deflate, it's also effective for IPv6 as well. Basically if someone makes an unusual number of requests to your server within X secs/mins they are blocked. Along with fail2ban it should be effective.
If you have other people on your machines, try limiting their access. Maybe run seperate php pools and never leave something on chmod 777
Pretty much anything people don't need access to, like let's say configuration.php of random script. They try to execute it, nothing happens, but I'm still going to do this on Apache (because I like Apache):
Or if a directory should only have images, and your script uploads to that directory, let's make sure no one can execute a script in that directory in case they manage to get a file through:
Little things like this can seem pointless but it's a few minutes taken to potentially prevent a negative impact from future discovered exploits in common software.
The primary problem for novice is to tell great blogs from would-be great.
Speaking of security I am having trouble responding to this thread, Cloudflare keeps locking me out.