amuck-landowner

How do you secure your server(s)?

C

clone1018

New Member
wcypierre said:
1. if you're running a hosting a website, you can add modsecurity/php ids to it to prevent webbased hacking.

2. limit the services that you're supposed to run(if some services are only used once in a while, then turn it off and turn it on based on demand)

3. if certain services are only to be accessed by you, then limit it to a predefined set of ip for better security(like ssh)

However, "Never use old/outdated script/software/OS" -- provided that it doesn't breaks anything, so, always do a backup before upgrading :)
Click to expand...
Just to note, PHPIDS by itself does not prevent or protect against intrusion. It's an API for you to make your own application with. "The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to."
 
wcypierre

wcypierre

New Member
clone1018 said:
Just to note, PHPIDS by itself does not prevent or protect against intrusion. It's an API for you to make your own application with. "The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to."
Click to expand...
of course you'd need some configuration, even with iptables, you'd need to add a rule to block an inbound connection to a  rarely used port that you don't want certain people to access, no?
 
C

clone1018

New Member
Right but the difference is IPTables still handles protecting you, IDS doesn't come with _anything_ to protect against it, it's your job to learn how to protect against the specific issue IDS is reporting and handle it properly. 
 
wcypierre

wcypierre

New Member
clone1018 said:
Right but the difference is IPTables still handles protecting you, IDS doesn't come with _anything_ to protect against it, it's your job to learn how to protect against the specific issue IDS is reporting and handle it properly. 
Click to expand...
True. But the OP didn't mentioned about wanting an out of the box solution, I guess?
 
wlanboy

wlanboy

Content Contributer
Voss said:
I created this thread because well, why not ask people that are in this industry? They encounter and mitigate attacks almost daily. Thanks for the info, I'm sure other people will find this thread useful if they're not as security conscious as you all.
Click to expand...
I am looking forward to new input too.
 
Tux

Tux

DigitialOcean? lel
Disable password authentication and use iptables to limit connections.

I don't change SSH ports as that's just security by obscurity, and those ports are likely to get scanned anyway.
 
ICPH

ICPH

Member
Im using Config server firewall, i think its quite good protection. Also list open ports and close ones you dont use.
 
G

Grumble

New Member
I use geo blocking to allow only the countries I work with (UK, USA, AU etc.). You can either deny or allow countries. Allow makes for a shorter list.


Also, SSH with certificates and whitelisted IP access only.


No extra users.


32 character passwords.


No sudo on the server.


Wordfence or All in one security for WordPress.
 
Last edited by a moderator:
S

samK

New Member
Secure Server Connectivity
  1. Establish and Use a Secure Connection. ...
  2. Use SSH Keys Authentication. ...
  3. Secure File Transfer Protocol. ...
  4. Secure Sockets Layer Certificates. ...
  5. Use Private Networks and VPNs. ...
  6. Monitor Login Attempts. ...
  7. Manage Users. ...
  8. Establish Password Requirements.
 
JonathanKW

JonathanKW

Administrator
Administrator
visualwebtechnologies said:
Secure port, ssh keys setup, Maldet + ClamAV
Click to expand...

What do you like about Maldet + ClamAV?

In testing against a product such as Imunify, I notice that ClamAV with their default signatures does not catch nearly as much malware as what Imunify does by default.

On top of ClamAV being super memory heavy with a requirement of 3GB makes it less desirable.
 
V

visualwebtechnologies

New Member
JonathanKW said:
What do you like about Maldet + ClamAV?

In testing against a product such as Imunify, I notice that ClamAV with their default signatures does not catch nearly as much malware as what Imunify does by default.

On top of ClamAV being super memory heavy with a requirement of 3GB makes it less desirable.
Click to expand...
Yes i agree ClamAV is very high resource intensive so it is possible that it ran out of memory. Could you SSH to the server and check if you see any OOM (out of memory) errors.

Second option you can either use imunify360 software it's better
 
You must log in or register to reply here.
Top
amuck-landowner