0

i am a little beginner in administration. Have an VPS on ovh.com, where i had expect 28 tries in 2 days from different ip's (usually china) to log on my ssh (late centos installed with Centos Web Panel in. The plann is mount a lot of google drives for more free space (ocamlfuse - :evil:) and run multiple websites with an teamspeak server. I want to set TS3 up, make permissions and block the Query port (incoming and outgoing), Set multiple websites by NginX and been no scaried about that attacks. Now, someone has broke my 17-words password and shutted down my server (wtf, it was not any out of CPU / RAM).

So, to be sure there isn's any malware on my VPS i need to install again new OS and configure my disks and use different password alphanumeric...

The key and my problem is, pfSense is an good idea for great protect on VPS? What monitoring should i use to be sure my system is going well without strange actions (i know there is an app for monitor system)? On what part should i take care to be sure i made it well? Any dangerous from using NginX or with what i should take verry care?

I am a little beginner, so if you can help or just answer to any of my question, don't worry, write, i will vote up for help. For complete answer i will mark as accepted. (sorry for little broken english)

edit: so pfSense is out cos of having VPS not Dedicated Server.

gcboard
  • 1
  • 8

2 Answers2

1

I don't know of a VPS provider that will configure you a PFSense instance as a VM. PFSense is traditionally installed as a physical box, or a virtual box when you have full control over the hardware. There are some tricks where you can block ip blocks of countries you feel pose a threat with either Iptables, or UFW. Google is your friend there!

As for failed attempts to login via ssh, look into Fail2Ban for blocking IP's of failed logins. You might even disable password authentication and use only RSA keys.

For security when it comes to Nginx, vs apache, vs. , most vulnerabilities you will come in contact with will be within the web application. Apps like Wordpress, and Drupal should be hosted by people with experience as to prevent your site from becoming yet another spam bot... Keep both your http server and Web application up-to-date with regular updates.

Good luck!

Linuxx
  • 1,189
  • 8
  • 7
0

Ok, first of all, after a some research...

PfSense should be use as an appliance, run in VM or as other device (like RPI what is set up in our f.e. home network). It is verry not recommend to use it in one box with server (any server) cos of verry and verry complicated upgrade/update. pfSense in generall is the best Firewall with open source support! it is one of awarded Open Source programm!

NginX should be used by advanced/exprienced administrator

  • cos to avoid php/sql attack (in my opinion)

One of best way to have all in one place (what is recommend when you are alone as an administration and you try to avoid spend too much time setting up something by hand is use any web interface (cpanel/cwp/webmin/ajenti)

When you have any access via seperate port (f.e. query in teamspeak3 its someting like 11011) you can destroy whole server just accessing as query... Just set up what you need and block this port in firewall. You can always open the port in any time when you need to.

Ajenti is one of leading software with big range of futures, also it's free to non-commercial use. I do not know why its installation work only on ubuntu server.

Also i recommend use as a server ubuntu, cos they have a really big packages database where all of those packages are officially supported, not like in arch, where all of packages are little unstable.

Going back to firewall and ssh, i'ge got an answer from pfSense support on irc:

leaving SSH on your firewall open to the internet isn't a great idea. If you need it accessible on the WAN, you should ideally restrict it to a fixed source IP

gcboard
  • 1
  • 8