VPS Security Setup
I a new to VPS. Can anyone confirm if these measures are enough for a basic 100-users commercial application?
- Disable all ports except 22, 80, and 443
- Disable root login via SSH (create and give another user sudo access)
- Change SSH default port from 22 to something else
- Disable IPv6 (if not used)
- Change passwords regularly
What else can be done to enhance the security?
See also questions close to this topic
Malicious entity slowly creating accounts on asp.net server
I'm not sure that this is a stack overflow appropriate question. If not, I'd appreciate a pointer to a more appropriate forum, as I haven't been able to find one.
I have a small website project that gets a few hundred daily unique users and on average I get one or two people to create an account per day. Yesterday I noticed that more users were signing up (like about 50) and today another 150 users signed up. Wonderful, right? Except that then I noticed that while the emails look legitimate, all of the usernames ended in same letters. My site requires that email be confirmed before a user gets any additional access and none of these accounts have confirmed their email. There is no apparent regularity to the creation of these accounts other than that it is happening with slowly increasing frequency.
So my question is - what could this malicious user be gaining by doing this? It's not yet anything other than a minor nuisance to me. The accounts are easily identifiable and they're not (yet) being created at a rate that could represent anything like a denial of service attack. The only thing I can think is that they're trying to confirm that these emails are registered on my site. But I can't think why that would be useful. Also, if the email addresses are real, they're using my site to spam those email, but the spam is a registration confirmation for my site. So I guess they might eventually get my email provider to shut me down if they keep this up.
Thanks in advance for any help, even if that's a redirect to a different forum.
Other possibly useful information:
- My site is hosted on Azure using asp.net mvc5 with identity framework
- I believe that the emails are legitimate because my email provider shows a very small bounce rate (like 1%) on these emails.
How to decrypt data encrypted using older version of KMS key?
How to know which KMS key was used to encrypt the data in case of KMS rotational keys ?
How is data made secure within a program when it is decoded briefly for comparison?
I have decades of programming and technology experience, and basically no real detailed understanding of how security is managed within a program.
I am working on a puzzle that has a bit of information (x), that has been encoded (#1x). I need to search a list of data, that is also encoded using separate keys (#2,#3,#4...) to find a match (#1x == #2x ).
I am trying to imagine how you can decode #1x to get x, and decode #2x to also get x, compare them. What I am trying to avoid is a situation where someone knows x = #1x, just that #1x == #2x, but has no knowledge what the encoded value is. As a result I am trying to think about how to keep x secure during this process.
I think imagine a function where f(#1x, #2x, #1, #2) has the two encoded variables, the required keys, and returns the answer. But how do you securely do this within a program?
I have never hacked anything more complicated than a webpage, but when working with runtime languages, how do you isolate the part of the code where the information is being stored (ie. once it is decoded, to do the comparison), how do you identify where the data is being stored, and how do you minimize the access that someone could have to that piece of memory? Is it possible to do this fully secure? I can't imagine how, if you need to write it to memory at all, it is secure. But, I can't imagine how a system could make this comparison without that step.
Is Html parsing server side better practice than client side
I need to do html parsing of content behind a login, then present that data to the user on my website.
I was thinking that I would send the login credentials from my website to the server, then with python GET and parse the HTML of the target site (server side), then send it back to the site to display
Is this more efficient/better practice than doing the GET and parsing all the html client side?
Wordpress Page Update
Today, when I tried to update a page in my wordpress website, I encountered the following error:
"This page isn’t working "URL of website" didn’t send any data. ERR_EMPTY_RESPONSE"
When I checked the error logs at server, I found the following:
[Thu Jan 17 13:20:11 2019] [error] [client 184.108.40.206] client denied by server configuration: /home/clcl1721/public_html/403.shtml [Thu Jan 17 13:20:11 2019] [error] [client 220.127.116.11] client denied by server configuration: /home/clcl1721/public_html/joomla [Wed Jan 16 23:08:30 2019] [error] [client 18.104.22.168] client denied by server configuration: /home/clcl1721/public_html/403.shtml [Wed Jan 16 23:08:30 2019] [error] [client 22.214.171.124] client denied by server configuration: /home/clcl1721/public_html/ [Wed Jan 16 21:51:52 2019] [error] [client 126.96.36.199] client denied by server configuration: /home/clcl1721/public_html/403.shtml [Wed Jan 16 21:51:52 2019] [error] [client 188.8.131.52] client denied by server configuration: /home/clcl1721/public_html/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js [Wed Jan 16 21:51:52 2019] [error] [client 184.108.40.206] client denied by server configuration: /home/clcl1721/public_html/403.shtml [Wed Jan 16 21:51:52 2019] [error] [client 220.127.116.11] client denied by server configuration: /home/clcl1721/public_html/
Can somebody please suggest how to rectify this error?
Storing images outside public_html
I have a server and would like to store images outside "public_html" folder.
The host is Hostinger.com. The idea is to have a folder "private/uploads" outside "public_html" to store my images. As the images have sensible data, I can't aford to put it public to everyone. My php code correctly uploads the images to the folder
$destination = "../private/uploads/" . $name; move_uploaded_file($_FILES['image']['tmp_name'], $destination);
But when I try to access it using something like:
<img src="../private/uploads/<?= $item['image'] ?>">
It doesn't work. Is there a reason for that? Am I not able to store images outside "public_html". Anyone who uses Hostinger had the same problem? Are there any sugestions for securely storing images in a server?
Edit: I've already tried storing the images in other places, and the only place the images loaded was inside the "public_html" folder.
Azure Runbook script can't connect to VMs
In Azure Runbook I wrote a script, which needs to gather information from all VMs in subscription about disck consumption by connecting to these VMs directly.
I'm not able to reach to these VM's from runbook by setting up pssession or by get-wmiobject. Which ports should ahve been opened or which privleges should be set up in order to enable this possiblity on AA level? WinRM is already set up to receive requests and for remote management for the specific VM I try to reach, so It's a bit confusing to me why psession is still not working. Is it port blocking on firewall realted? If yes, which ports exactly?
Problem oppening port Google Cloud Platform
I created my VM(Google Cloud Platform), working with Windows Server 2008 R2. So i installed a program that needs the port
6900opened to run. So i entered in the firewall rules of Google Cloud Platform, put ip as
0.0.0.0/0and opened the port
6900. Also entered in the advanced configures of firewall on my VM, and also allowed the port
6900.Tried to run the program and failed, tried to run
telnetto test and failed. Already checked security settings, disabled firewall, etc. I don't know whats is happening.
Someone can help me?
Image of my Google Cloud Firewall Configuration:
The program failing trying to connect:
How do you specify the outbound port for a git clone
I have a requirement that I specify the outbound port for a git clone. In order to get through a firewall, the security folks have decreed that the port numbers on both ends of the connection be known. I can specify the server port using the ssh url, but how do I specify the source port?
Is OpenSSL enabled by default in PHP and since which version
I am not sure if the question is correct to be posted here but I am not able to find any reliable information.
I am building some PHP application which will run on a bunch of different servers, hosted by someone else. The application depends on
What I am trying to find out is
opensslenabled by default in PHP and since which version, or it's always necessary to install it separately.
Somwhere I found that it's build into Ubuntu's PHP, and that you don't have, in Ubuntu, to enable it separately. Does anyone know if that's true and since which version. And what about other systems, or other ways of installing PHP.
This information is really necessary for me in order to design the application and would be really helpful if anyone have some information
Update webpage with values selected in a new window
In a webpage (origin.php), I want to click on a button that will open a new window (select.php). In select.php, I will select some values and click on select button. Then, select.php will close and origin.php will be updated with the values that I selected.
I'm thinking about checking constantly in origin.php if there are new selected values. However, I believe that there must be better solutions. Any idea?
I would like to port an old AR App to ARKit
I developed years ago an app that manually displayed objects in Augmented Reality by fetching them by a Lamp back-office, and I would like to port it to ARKit. So long I managed to create local objects but I found no way to extract the gps information or to create objects at given coordinates. Is it possible to do it, or is is mandatory to use the custom Apple tool for sharing ARKit objects? What would of course lose all the information already shared on the Lamp infrastructure and possible restrict the experience.
how to fix "ah00169: caught sigterm, shutting down" error
i am trying to setup my website on vps webserver, but there is still some errors which doesnt let it work.
in log failes i found this eror.
[Mon Jan 14 22:20:26.519775 2019] [mpm_prefork:notice] [pid 25164] AH00169: caught SIGTERM, shutting down
[Mon Jan 14 22:20:26.620269 2019] [mpm_prefork:notice] [pid 25263] AH00163: Apache/2.4.29 (Ubuntu) configured -- resuming normal operations
[Mon Jan 14 22:20:26.620320 2019] [core:notice] [pid 25263] AH00094: Command line: '/usr/sbin/apache2'
what means this error and how to solve it?
when i open my website it shows me this
This page isn’t working www.specialselektrods.lv is currently unable to handle this request. HTTP ERROR 500
I recently started using VPS CENTOS 7.5 kvm [server1] v76.0.15 with cpanel
After configuring the WHM/cPanel the landing page does not show the index.html in public_html rather it is showing the domain registrar details e.g: www.nexnaira.com.
I have deleted all the files in the public_html (cPanel) but it seems not to have any effect like the site is not pointing to the index.html I uploaded. Maybe I am doing it all wrong, please I need assistance
Laravel project folder permission
I have a problem with my Laravel project on VPS. Locally everything works fine, but on VPS sometimes folder permission changes and web site stops to work. I don't know what causes this problem and what should I do?
Every time I have to fix with this code:
sudo chown -R user:user /data/web/website.com