Go Back   SharingDVB All Tutorials sharing > Free CCcam Newcamd MDBox OBox > VPS Tutorials

Reply
 
Thread Tools Display Modes
Old 12-30-2014, 08:03 PM   #1
nagra 3
Moderator
 
Join Date: Dec 2014
Posts: 58
New how to Protect Your VPS



in this little How To I want to show you how to protect your server against crackers and (D)DoS attacks.

Notice: Most of the shown methods require admin permissions, so make sure to run the commands as root or with sudo.

Using safe passwords

First of all you should consider to use safe passwords. It's best to use a combination of lower-case letters, upper-case letters, numbers and symbols. In addition your password should be as long as possible. Make sure your password is not connected with you, any family members, friends, pets or things you like.

Here is a little trick on how to remember a password easily:

First, you devise a phrase like:

"Nice, thanks to this little tutorial I can easily remember my hard-to-guess password with a length of 26 characters!"

Now you can form a password out of this sentence by combining every first character of every word and every symbol to a new phrase. In this case it would look like this:

"N,tttltIcermh-t-gpwalo26c!"

If you want to change the password of a user on your VPS you can do this by typing in this command into your console:

Code:
passwd NameOfUser
In the following you type in your new password twice.


Keeping your server up-to-date

Before you start editing configuration files you should update every package on your server to close potential security gaps. You can update your whole server with one simple command:

Debian & Ubuntu:
Code:
apt-get update && apt-get upgrade
CentOS:
Code:
yum update
You should consider to update the packages on your server once a week.

Prerequisites

You don't have to do this if you already have a text editor you like, but I recommend you to install nano because I find this one very easy to use. You can install this text editor by running the following command:
Debian & Ubuntu:
Code:
apt-get install nano
CentOS:
Code:
CentOS:
Creating separate users
You don't always need admin permissions to be able to work with your server. That's why you should create new users to separate your services on your server. You can create a new user by running this command:
Code:
useradd -m NameOfNewUser -s /bin/bash
Don't forget to create a password for this user with
Code:
passwd NameOfNewUser
On Debian & Ubuntu there is a more user friendly command you can run alternatively:
Code:
On Debian & Ubuntu there is a more user friendly command you can run alternatively:
Deactivating direct root login via SSH

Don't worry! You still will be able to login as root with the command su.

To deactivate the direct root login via SSH you have to make some changes in the SSH configuration file. To do this, just type in the following command into the console:
Code:
nano /etc/ssh/sshd_config
Now navigate with your arrow keys on your keyboard to the line where it says
Code:
PermitRootLogin yes
and change it to
Code:
PermitRootLogin no
Now you just have to save your configuration file. In nano, press [CTRL] + [O] and then confirm with [ENTER]. To quit nano press [CTRL] + [X].

Finally you have to restart the SSH service in order to apply the changes:
Code:
/etc/init.d/ssh restart
Do make sure that you have created a second user with wich you can log in alternatively, otherwise you won't be able to access your server anymore!
Changing SSH port
To deactivate the direct root login via SSH you have to make some changes in the SSH configuration file. To do this, just type in the following command into the console:
Code:
nano /etc/ssh/sshd_config
Now navigate with your arrow keys on your keyboard to the line where it says
Code:
Port 22
and change it to whatever port you want your SSH service to run on. Make sure your stated port doesn't conflict with other services, otherwise you will have problems accessing your server via SSH.

Now you just have to save your configuration file. In nano, press [CTRL] + [O] and then confirm with [ENTER]. To quit nano press [CTRL] + [X].

Finally you have to restart the SSH service in order to apply the changes:
Code:
/etc/init.d/ssh restart
You can log in to your server with this command:
Code:
ssh user@host.tld -p 1234
1234 represents the port in this example.

Reducing maximal login attempts
To reduce the maximal login attempts you have to make some changes in the SSH configuration file. To do this, just type in the following command into the console:
Code:
nano /etc/ssh/sshd_config
Now navigate with your arrow keys on your keyboard to the line where it says
Code:
# Authentication:
Under this, search for a free line and write the following in the configuration file:
Code:
Under this, search for a free line and write the following in the configuration file:
In this example, the amount of maximal login attempts is two.

Now you just have to save your configuration file. In nano, press [CTRL] + [O] and then confirm with [ENTER]. To quit nano press [CTRL] + [X].

Finally you have to restart the SSH service in order to apply the changes:
Code:
/etc/init.d/ssh restart
Installing basic DDoS protection

Finally I recommend you to follow the installation instructions on http://deflate.medialayer.com. A lightweight bash shell script will be installed which protects you against DoS and weak DDoS attacks.

After the installation open the configuration file and edit necessary settings (for example whether you want to use iptables or Advanced Policy Firewall to block IPs):
Code:
nano /usr/local/ddos/ddos.conf
That's it! I hope this How To helped you making your server a little bit more secure against crackers and (D)DoS attacks.

nagra 3 is offline   Reply With Quote
Old 04-22-2016, 09:48 PM   #2
nature
Junior Member
 
Join Date: Apr 2016
Posts: 1
New



Quote:
Originally Posted by
[B
Installing basic DDoS protection[/B]

Finally I recommend you to follow the installation instructions on http://deflate.medialayer.com. A lightweight bash shell script will be installed which protects you against DoS and weak DDoS attacks.

After the installation open the configuration file and edit necessary settings (for example whether you want to use iptables or Advanced Policy Firewall to block IPs):
Code:
nano /usr/local/ddos/ddos.conf
That's it! I hope this How To helped you making your server a little bit more secure against crackers and (D)DoS attacks.

http://deflate.medialayer.com/ is not opening up...please help with the config files... thanks pal
nature is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:47 AM.
SharingDVB@
A vBSkinworks Design