Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


My VPS Hacked - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

My VPS Hacked

2»

Comments

  • DylanDylan Member
    edited June 2014

    @Caveman122 said:
    Have anyone considered the possibility that these strong random passwords might be logged as they are generated and sold as a dictionary?

    Random.org is about as trustworthy as these sites get and I find that extremely unlikely -- but even so you should never use any online generator for truly sensitive passwords (they even say that right on the generator page).

  • blackblack Member

    @Caveman122 said:
    Have anyone considered the possibility that these strong random passwords might be logged as they are generated and sold as a dictionary?

    There's no point in using a dictionary that contains randomly generated passwords because it's slower (I/O, transfer of said dictionary, etc).

  • @Dylan said:
    Random.org is about as trustworthy as these sites get and I find that extremely unlikely -- but even so you should never use any online generator for truly sensitive passwords (they even say that right on the generator page).

    Pretty much that ^. I don't use online password generators for stuff I want to be secure. Hell, I don't even use them at all. I'd rather use an offline password manager like KeePass or KeePassX instead.

  • @Dylan said:

    I am talking about these type of websites in general, lots of them popping up recently.

  • @black said:
    There's no point in using a dictionary that contains randomly generated passwords because it's slower (I/O, transfer of said dictionary, etc).

    I have seen bots attempt seemingly random passwords on my servers, before I disabled password login all together.

  • @Caveman122 said:
    I have seen bots attempt seemingly random passwords on my servers, before I disabled password login all together.

    I still have bots try to login using random users, but they always fail because password auth is diabled on my boxes. They get blacklisted after 3 attempts too.

    FWIW, if I have a box I'm not using atm, I shut it down - even though I have all my boxes set up to apply security updates automagically, if it's off, it won't be hammered.

  • Why would you leave an unattended, "fresh install" system online?

    There is your answer as to why / how you were hacked.

  • BellaBella Member
    edited June 2014

    @hostnoob said:
    How much do BlueVM charge for overages anyway?

    Nothing.

    Some months I exceed the 1TB monthly bandwidth when I download stuff, and nothing happens.

    I talked to Johnston in the IRC about nothing happening when anyone exceeds their B/W, he said he would eventually code something into Feathur to auto suspend when the B/W is exceeded.

    For now nothing happens when you exceed your B/W, + they probably get unlimited b/w in all USA locations anyways so it does not really matter.

    --
    On another note, I've been asking them to update their IP's SWIP records for almost over a year now, all of their locations (Atlanta, Chicago, LA) geolocate to NY which is annoying for the type of stuff I do.

    Thanked by 1hostnoob
  • screen shoot seems like bluevm. i think there bandwidth counter not working or they are not suspending VPS's when we hit bandwidth limit. i had VPS with them and they didn't suspend it for exceed bandwidth and no extra bandwidth invoices. :)

  • BellaBella Member

    @shyaminayesh said:
    screen shoot seems like bluevm. i think there bandwidth counter not working or they are not suspending VPS's when we hit bandwidth limit. i had VPS with them and they didn't suspend it for exceed bandwidth and no extra bandwidth invoices. :)

    Yeah it is BlueVM, and I explained everything in the comment above yours.

  • Bella said: Yeah it is BlueVM, and I explained everything in the comment above yours.

    got it. it's really cools unlimited bandwidth in USA location. anyway i leave them because their support ticker response time is too long. some time's it take more than week. :/

  • MaouniqueMaounique Host Rep, Veteran

    shyaminayesh said: it's really cools unlimited bandwidth in USA location

    Not really, I was suspended for going 1.3 TB over the 500 GB limit, had no idea since I was not checking in the vm, just in the panel and it was not keeping at 0, was increasing. The next month the suspension was not reversed so I had to open a ticket. So, ymmv, but they do suspend eventually if you go over the traffic, at random, it seems.

  • Mark_RMark_R Member

    @Bella

    If you want to be really secure then you could restrict logging in to SSH to be only allowed from 1 IP, this IP would be from one of your other servers that you have setup as vpn. ontop of that you should change your default ssh port (22) to something high like 1888 because most bruteforce bots wont try ports other than the default, they have to scan alot of random ip adresses so they are not scanning all ports.

    Allow SSH access to only 1 IP

    iptables -A INPUT -j ACCEPT -p tcp --dport 1888 -s 0.0.0.0

    iptables -A INPUT -j DROP -p tcp --dport 1888

    1888 would be your ssh port and 0.0.0.0 should be replaced with the IP that you want to allow access, you can add those iptable rules in /etc/rc.local to make sure that they load everytime your vps boots back up.

    Changing the SSH port can be done in /etc/ssh/sshd_config

    make sure that you reboot your vps after you are done.

    for extra security you could install Denyhosts aswel

    http://lowendtalk.com/discussion/20572/guide-basic-steps-to-secure-your-ubuntu-debian-server/p1

    Thanked by 1Bella
  • edited June 2014

    Mark_R said: make sure that you reboot your vps after you are done.

    service sshd restart or service ssh restart or systemctl restart sshd (depends on what you have as the OS)

    No need to reboot.

  • MaouniqueMaounique Host Rep, Veteran

    Indeed, however, it is best to make sure that after a reboot ssh is ok. It may work with service restart but remain stuck after reboot. You may never know.

    Thanked by 1Mark_R
  • NeoonNeoon Community Contributor, Veteran
    edited June 2014

    Please never use some sort of website to generate your password, use something local on your computer like in Ubuntu/Debian: apg -a1

  • AnthonySmithAnthonySmith Member, Patron Provider

    Bella said: I have ~ 50 VPS's in total from various providers, I have ~ 12 of them that don't do anything. The one that was hacked happened to be one of them

    Well, I could cross a road 50 times with my eyes closed and only get hit once too, the fact is that providers do not keep individual OS templates bang up to date with security patches etc so you can be fairly sure at the point of installing it was a little out of date.

    All I am saying is that if you just hit reinstall and essentially abandoned it it is not a huge surprise it got hacked and just because it has not happened before does not mean it wont happen again.

  • MaouniqueMaounique Host Rep, Veteran
    edited June 2014

    AnthonySmith said: Well, I could cross a road 50 times with my eyes closed and only get hit once too

    So true, just now had a zPanel hacked and the user blamed it on the OVZ patch we applied...
    It can hit any day, the fact you tried to login to check it after the patch and you couldnt, does not mean that the patch changed the passwords.

  • Mark_RMark_R Member

    @NekoShiinachan said:
    No need to reboot.

    Depends on the actions taken, if bella follows my instruction and adds the iptable rules in /etc/rc.local then you have to definitly do a reboot because it will only execute on boot. ontop of that @Maounique is right, you never know if something might be going wrong, I rather reboot just to make sure that everything will load as it should.

  • MaouniqueMaounique Host Rep, Veteran

    Mark_R said: Maounique is right

    Maounique is an expert (someone who made all mistakes possible). One day I was changing some ports, I have some favourites and didnt realize I put same ports for SSH and another service, at restart ssh worked, however, after i rebooted the remote computer it didnt come back as the port was already taken. Had to go there in the night to fix it. Since then, on critical computers I have 2 ways to connect, one being RDP from a desktop in the lan, just in case.

    Thanked by 1AuroraZ
  • @Maounique said:
    Maounique is an expert (someone who made all mistakes possible)

    I don't think so.

  • Maounique said: I have some favourites and didnt realize I put same ports for SSH and another service, at restart ssh worked, however, after i rebooted the remote computer it didnt come back as the port was already taken.

    This.

    If you once forgot that you used your favorite port for something different already and start doing things...

Sign In or Register to comment.