New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Need Wise Suggestions
I am trying to Sell Shared Hosting Accounts and I have a 512 MB VPS in Digital Ocean.. I want to Install WHMCS on my main domain in it.
My question is will WHMCS on 512 MB Ram be sufficient for all sort of order processing and handling ?
Also how can I make it secure and optimized ? I only want to Install the LEMP Bundle on IT..
If anyone can provide me proper key guidelines would be very grateful..
I have another 4 GB VPS for the Shared Hosting Accounts.. Also how can I make the WHMCS installed VPS secure and what things I have to keep in mind regarding the security.
Thank you in Advance.
Comments
512MB RAM is fine for WHMCS.
The main thing to secure WHMCS is securing the server itself e.g. SSH using ssh keys and so on. Remember to keep your MySQL database local and block any remote connections.
I don't have a lot of cPanel experience (I'm assuming that is what you're putting on the 4GB VPS) so I'll leave that to someone else to suggest.
Hello Sir,
Thank you for your reply ..
What further measures can be taken Sir ?
In the 4GB VPS I have cPanel with CSF Installed .
Also, if I block ICMP to my server will it solve DDoS attacks ? also how can I avoid DDoS for port 80 ?
Thank you
no
Don't piss of kids of the Internet. Install Hiawatha or Cherokee or Nginx web server.
If you want DDoS mitigation, take a look at BuyVM, x4b or Cloudflare business/enterprise plans.
Make sure you set your bruteforce blocking to temporary (unblock after 360 seconds) instead of permanent.
Not much, something that might help is ddos-deflate.
Install fail2ban too.
Sir 2gb ram you needs plz
Thank you for the Great Suggestion Sir, I was thinking of having LEMP Stack installed .. so Nginx Web Server can take any DDoS attacks ?
Sir you should buy reseller, better for you i thinks. You buy ovh reseller vps sir, i see many people with 3gb the least for cpanel.
@tanovich People in this forum will not take you seriously if you use the word "Sir" in every sentence.
It make people feel special sir.
Especially when you have the picture of a 11 year old boy.
No it doesn't.
Well.... I felt pretty special.
Ok...
Sir this is just nice things to says, you like me call you sirs?
Ok let me summarize ..
In my 512 MB VPS where I will only install WHMCS
Also can I use the Operating System Default Firewall
and allow port 80 & 443 and SSH Custom Port, allow ICMP for my IP Only
Allow Outgoing Ports
Block rest of the Incoming Ports
What else can be done to make the VPS more secure ?
Also What Distribution will be good CentOS or Ubuntu .. Which one consumes less memory ..
need more suggestions
Thank you
Debian
Check the recommended OS first. However debian and maybe Ubuntu uses least memory.
Pick whichever one you feel best with.
The memory difference will be a few mbs.
many users/potential customers will use ICMP to test if your site is reachable. Disabling might be good but why?
also, read this : http://docs.whmcs.com/Further_Security_Steps
ok Thank you very much for all the suggestions, I am very grateful for the information..
I will be deploying it soon, if there are more suggestions I would appreciate it a lot
Thank you
You could use IPv6 and cloudflare to mitigate attacks.
Most attacks today are on IPv4 due to the low penetration of IPv6 so you can use cloudflare as a gateway IPv6->IPv4 for everyone and keep your IPv4 completely hidden with nothing listening to it, also removed from any configuration files.
and all you have to do is delete your A records on CloudFlare and keep only the AAAA records or w.e they're called
I am not sure, some software might leak the IPv4 in some conditions so you must make sure it is nowhere to be found in config files. I never tried it myself, but is seems a logical thing to do.
This is a very good idea ...
Sir, let me summarize this how I can achieve this ..
Is this all ?
If there is anything further to be done please kindly suggest
Thank You in Advance
As I said, in the past it happened in certain conditions that applications were leaking the real IPv4. If that is the case, they will probably leak it over ipv6 too, so, you will need to configure everything either without IPv4 support, or to listen only to localhost on ipv4. If they do not know the IP, will unlikely leak it.
Oh.. so the above will work but there are changes the IP will get leaked .. If we only configure port 80 and 443 listening on IPV6 and remove IPV4, won't this eliminate the issue ? I don't have expert level understanding regarding this. so need more guidance.
Thank you
There are a lot of scary things about networking. Some of the biggest things are keep your ip's secret. Dont allow services to open ports so use iptables to block all ports other than the ones you need. Dont run things on root user unless you have to this means apache should run as www-data or what ever the apache default user is. Make sure to rate limiit with fail2ban. use ssh keys for auth into your server, keep your packages upto date make decent backups look into cdp. and keep your mysql access local only does not even need local host just use unix socket. and make sure not to give php root mysql access give it access to its own database and it does not need admin access on that even just read write update create table and thats about it.
He's talking about a VPS to run WHMCS.
How would one keep IPs secret in that scenario?
By using cloudflare as a proxy and v6->v4, if they do find out the IPv6 will not help much since DDoS "services" usually offer big ipv4 traffic. It will still work to break the vps and trigger the host to hit the null and maybe suspend button, but it needs the real IPv6 for this and an "advanced DDoS" service, or enough IPv6 VPSes with lax rules regarding pps or traffic per vps to achieve the goal. Overall, much harder.
@Maounique
Sir,
I am still not clear about what you have suggested me..
What I understood is
I will only be hosting one website for WHMCS so in the default nginx site configuration, I will only use IPv6 - 1st
2nd - use firewall to block all unused ports ..
3rd - use IPV6 AAAA record only to point to my server in CloudFlare ..
Also can something be done like use firewall to block both port 80 and 443 for ipv6 .. also does port 443 work for ipv6 ? I will also have a SSL installed
Thank you in advance.