MRatWork Forum by Mustafa Ramadhan
Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: prgs1971 on 2013-08-08, 06:59:43
-
I will use my VPS to shared hosting and i want to secure it against DDOS Attacks and everything that will be necessary.
For what i can see Kloxo-MR don't use Iptables or other Firewall.
I want to enable a Firewall like Iptables or other.
What will be the best rules to apply to Iptables Firewall and how can i do that?
-
All my servers not use IPTables/CSF because I think if using nginx-proxy we already have protect by nginx. Kloxo-MR panel (also Kloxo) have lxguard to protect ssh and ftp port.
But, using IPtables/CSF not bad idea.
-
I never heard about using a server without Firewall enabled...
Do you what is the best rules to apply to it?
Do you know any good tutorial?
-
Because not using firewall, I am not intense to explorer this services.
Better install webmin in your server becuase webmin cooperate with Kloxo-MR. All my servers always webmin ready.
We can call Webmin as 'GUI for SSH'.
Firewall module in Webmin more easy to setting rather than manual settting.
-
Any good tutorial to setup webadmin?
How much memory webadmin will consume?
-
No webadmin but webmin. Go to www.webmin (http://www.webmin) to know about it.
Webmin itself (like Kloxo-MR) only use 25-40 MB.
-
I would suggest CSF and I can help you - the install process is easy and it watches everything.
And if you later have more servers you can configure it to cluster and block i.p.'s across your cluster.
It notifies you of ssh access, sudo su access.
I have directories that should never change (web) it watches them - if potential hack does occur I know in real time.
It beats LxGuard every time. I have LxGuard set to 5 - CSF to 10. CSF always blocks the i.p. before LxGuard. I think it deals with when and how frequent it reads the logs.
Memory is minimal - processes are minimal. (although it is running so it does take a small footprint)
If you need help let me know. There are some rules for csf.pignore Kloxo specific so you don't get a million emails about "suspicious process".
I learnt most from hours of research and trial and error. But I know that CSF blocks about 10 i.p.'s a day (temporary blocks) for port scanning. (10 hits on ports not available)
-
Kloxo has a ready-to-go firewall script that you can find at http://wiki.lxcenter.org/How+to+secure+ ... h+IPTABLES (http://wiki.lxcenter.org/How+to+secure+your+Kloxo+with+IPTABLES)
It works pretty well on Kloxo, but on Kloxo-MR you will have to add a couple rules in it. If you are aware on which softwares you are using, just add the ports they are listening to the script and you should be all set.
-
I would suggest CSF and I can help you - the install process is easy and it watches everything.
And if you later have more servers you can configure it to cluster and block i.p.'s across your cluster.
It notifies you of ssh access, sudo su access.
I have directories that should never change (web) it watches them - if potential hack does occur I know in real time.
It beats LxGuard every time. I have LxGuard set to 5 - CSF to 10. CSF always blocks the i.p. before LxGuard. I think it deals with when and how frequent it reads the logs.
Memory is minimal - processes are minimal. (although it is running so it does take a small footprint)
If you need help let me know. There are some rules for csf.pignore Kloxo specific so you don't get a million emails about "suspicious process".
I learnt most from hours of research and trial and error. But I know that CSF blocks about 10 i.p.'s a day (temporary blocks) for port scanning. (10 hits on ports not available)
I am interested in this one ;)
Do you have any tutorial?
-
Kloxo has a ready-to-go firewall script that you can find at http://wiki.lxcenter.org/How+to+secure+ ... h+IPTABLES (http://wiki.lxcenter.org/How+to+secure+your+Kloxo+with+IPTABLES)
It works pretty well on Kloxo, but on Kloxo-MR you will have to add a couple rules in it. If you are aware on which softwares you are using, just add the ports they are listening to the script and you should be all set.
Thank you for this tip ;)
I will try CSF firewall first.
-
I will write instructions for you. I will have them posted by tomorrow :)
-
Just write a tutorial in this forum and then leave the link to it here :)
Many thanks for your help ;)
-
Instructions for CSF install with KloxoMR written here:
forum.mratwork.com/viewtopic.php?f=15&t=19200
If you have questions please do it under that post.
Enjoy :)
-
Many thanks for this very detailed Tutorial 8-)
If you came to Portugal i will pay you a drink :D
-
http://forum.mratwork.com/viewtopic.php?f=15&t=19200
Clickable link :)
No problem! Glad I can help.
-
I would suggest CSF and I can help you - the install process is easy and it watches everything.
And if you later have more servers you can configure it to cluster and block i.p.'s across your cluster.
It notifies you of ssh access, sudo su access.
I have directories that should never change (web) it watches them - if potential hack does occur I know in real time.
It beats LxGuard every time. I have LxGuard set to 5 - CSF to 10. CSF always blocks the i.p. before LxGuard. I think it deals with when and how frequent it reads the logs.
Memory is minimal - processes are minimal. (although it is running so it does take a small footprint)
If you need help let me know. There are some rules for csf.pignore Kloxo specific so you don't get a million emails about "suspicious process".
I learnt most from hours of research and trial and error. But I know that CSF blocks about 10 i.p.'s a day (temporary blocks) for port scanning. (10 hits on ports not available)
I am interested in this one <!-- s;) -->;)<!-- s;) -->
Do you have any tutorial?
Hi Christopher,
I have Kloxo-MR on Nginx.
1. Can you help me with CSF? Your tutorial link is dead.
2. In this thread, MRatwork stated that "All my servers not use IPTables/CSF because I think if using nginx-proxy we already have protect by nginx. Kloxo-MR panel (also Kloxo) have lxguard to protect ssh and ftp port."
On webhosting talk people say that you better have a good firewall if you disable IPtables. My IPtables are enabled and websites are on Cloudflare but that didn't prevent ddos attack.
I want to do everything I can to prevent ddos, especially after reading Mratwork's post at http://forum.mratwork.com/kloxo-mr-technical-helps/help-fix-admin-misconfiguration-to-protect-real-ip-address-on-cloudflare/msg27943/#msg27943
3. Can you use CSF as as 'GUI for SSH' like Webmin?
FYI: I'm a total newbie to ssh and I'd like to run commands and fix problems myself (with forum users help). Mratwork told me that I have no ssh access because SolusVM java applet is not updated to use for ssh: "Latest java applet used by Kloxo-MR as the same as java applet by Virtualizor. Old java applet is 'sshterm-applet' and the new one is 'jcterm'. Only SolusVM able to change this applet in their product."
-
@befree22,
What's you think about 'DDOS'?. Please explain 'DDOS' and what's avidence DDOS attack to your VPS.
-
A forum post on webhostingtalk stated that "A DDoS attack does not lead to your sites being hacked, a DDoS attack can only take your server offline. Besides, a good DDoS attack generally means choking the network line before the server so it's nothing a web server can do something about. And I don't think a web server can prevent your sites from being hacked as well as that's generally due to shoddy code and weak passwords."
My server wasn't taken offline but I lost access to Kloxo-MR login panel and my sites were hacked.
Here is proof:
1. My site were hacked. The wp-config.php file for one file was BLANK, hence the white screen of death on the site. I restored the wp-config file and the site is working fine now.
The malicious hacker gained direct access to the server files. The other 2 sites blank page was caused by a plugin, namely Contact Form 7.
2. Please view the Lxguard image showing ip connections on this post: http://forum.mratwork.com/kloxo-mr-technical-helps/help-fix-admin-misconfiguration-to-protect-real-ip-address-on-cloudflare/msg28749/#msg28749
The webhostingtalk said that the hacker played with the firewall. He suggested purging rules and checking files for backdoors. And changing ssh port which I will do. The post is at http://www.webhostingtalk.com/showthread.php?s=83b40952a1aaab203dff36456ec85ed2&p=8989928#post8989928
3. I will apply the limit connection address code at http://forum.mratwork.com/kloxo-mr-technical-helps/help-fix-admin-misconfiguration-to-protect-real-ip-address-on-cloudflare/msg27943/#msg27943
4. A few forum posters are against disabling ip tables. I will install CSF firewall when Christopher sends instructions specific to Kloxo-MR.
-
There are look like your website application (example wordpress) have plugin which content 'evil' code.
Lxguard work well where lxguard able to blocked 'illegal' access (try login until certain times).
Firewall (like iptables/csf; you can think lxguard as 'filewall' too because the same function) not able help you if your website have 'evil' code.
You can open 'rkhunter log' in 'log manager' to find out 'illegal' actions
-
I disagree, I use CSF in a 6 server cluster. CSF watches everything, in near real time, and alerts you for all kind of malicious intent. The post is in tips and tricks.
-
Unfortunately, the link doesn't work anymore. I think it got broken after the forum upgrade a while back.
-
http://forum.mratwork.com/kloxo-mr-tips-and-tricks/installing-csf-alongside-kloxomr-(how-to)/ (http://forum.mratwork.com/kloxo-mr-tips-and-tricks/installing-csf-alongside-kloxomr-(how-to)/)
In reading your posts I am getting the impression you are very new at managing a server. A DDOS attack has nothing to do with hacking. You appear to have underwent a 'brute force attack' and a hacker obtained your passwords.
Root access had to be obtained to change iptable rules. I hope you reinstalled the OS and reinstalled KloxoMR.
No, CSF is not a GUI for SSH. It is a firewall. I think you misunderstood Mustafa. SSH java-applet in KloxoMR has nothing to do with solusVM.