Hi,
This is my second time that I'm reinstalling my server because of malicous attacks
So please can you give me tips on how to secure my linode.
I'll be using ubuntu 12.04 LTS.
Thank you
| Linode Forum https://forum.linode.com/ |
|
| How to secure my ubuntu to prevent malicious attacks https://forum.linode.com/viewtopic.php?f=19&t=8832 |
Page 1 of 1 |
| Author: | dyyyy [ Mon May 14, 2012 11:40 am ] |
| Post subject: | How to secure my ubuntu to prevent malicious attacks |
Hi, This is my second time that I'm reinstalling my server because of malicous attacks
So please can you give me tips on how to secure my linode. I'll be using ubuntu 12.04 LTS. Thank you |
|
| Author: | kyrunner [ Mon May 14, 2012 12:18 pm ] |
| Post subject: | |
First lock down ssh make sure root is unable to log in set up public keys and turn off password log ins this is where I would start |
|
| Author: | kyrunner [ Mon May 14, 2012 12:27 pm ] |
| Post subject: | Re: How to secure my ubuntu to prevent malicious attacks |
dyyyy wrote: Hi,
This is my second time that I'm reinstalling my server because of malicous attacks So please can you give me tips on how to secure my linode. I'll be using ubuntu 12.04 LTS. Thank you How did they get in? How do you know that you were attacked? |
|
| Author: | marcosscriven [ Wed May 16, 2012 7:25 am ] |
| Post subject: | |
Yes I'd be interested to know how you know too? |
|
| Author: | A-KO [ Wed May 16, 2012 7:36 am ] |
| Post subject: | |
-Don't use password authentication for SSH. -Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day. -If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues. |
|
| Author: | kyrunner [ Wed May 16, 2012 9:49 am ] |
| Post subject: | |
A-KO wrote: -Don't use password authentication for SSH.
-Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day. -If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues. I run updates everyday and also I have a IDS (ossec) system running that emails me any issues in real time. Just to add to your post |
|
| Author: | Mr Nod [ Wed May 16, 2012 10:15 am ] |
| Post subject: | |
Assuming your problem is SSH-related: http://www.wolfpaw.co.uk/2012/03/securing-a-linux-vps/ |
|
| Author: | sorressean [ Tue May 22, 2012 3:35 pm ] |
| Post subject: | |
kyrunner wrote: A-KO wrote: -Don't use password authentication for SSH. -Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day. -If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues. I run updates everyday and also I have a IDS (ossec) system running that emails me any issues in real time. Just to add to your post How does that work out for you? I tried running snort as IDS as well as a port monitor, and ended up flooded with a ton of stuff. I don't have the knowledge to really set up a good ids setup and then to set up something else to monitor, so if I could get something like a daily logwatch email that tells me what I need, it'd be nice. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|