Improve security of my VPS

Discussion in 'Systems Administration' started by MaTaMoR_, Jun 17, 2016.

  1. Hi, i have a minigames server with a friend and we're starting to grow, we managed to buy two VPS and everything was going fine until yesterday, we got hacked, both VPS got hacked, i was like WTF our password we're pretty strong, they were random generated, but seems like it wasn't enough, after many ours of fixing stuff we managed to fix everything, we're now using even stronger passwords but they still are trying to get into our VPS, they tried from yesterday to today over 1500 times to get into our VPS, how can we improve this ? We can't keep growing if we keep getting hacked, what do you guys suggest ?
     
  2. Disable password authentication and use SSH keys.
     
    • Agree Agree x 3
  3. Install CSF (configserver security & firewall), really recommend it! If configured correctly it can block anyone's IP who keeps trying to login to your server (brute force attacks) This should really help your situation.

    Also SSH keys as mentioned above.
     
  4. I must be doing something wrong, i tried to isntall SSH keys following this tutorial but i can still log in without using 'ssh [email protected]'. Also i have some questions, how is this more secure than a password ? I only have to use a passphrase to log-in, what im doing wrong ?
     
  5. If you have a key only people with that file can get in. They would need your key file, just like a IRL key to your house.
     
    • Agree Agree x 1
  6. But im not using any KEY to get into my server ? What im doing wrong. Also the key is on the server not on my PC, how im supposed to get it?
     
    • Agree Agree x 1
  7. There's a useful tool called PuTTYGen when it comes to generating SSH keys. Use this software to generate a 2048 bit key, and follow the instructions with the exception of generating the key on your/Connor's tutorial.
     
    • Agree Agree x 1
  8. It will generate it on the server and you have to download it, or use PuttyGen to generate the key instead :)
     
    • Agree Agree x 1
  9. So i have to download it and put it where ? Im new at this :c
     
  10. Somewhere on your computer, depending how you connect you'll then have to use it for your SSH connection.
     
  11. Preferably, I keep mine in my documents folder. Keep it somewhere you can easily access it, and recover if it's deleted.
     
  12. Personally I have mine on Dropbox, that way it's kinda backed up and accessible on all my computers. Obviously put it anywhere but once you disable password auth do not lose your key xD
     
    • Agree Agree x 1
  13. Amen, brother. I keep my key backed up on five USB drives, I never let more than one leave my sight.
    Dirty dirty, I keep this particular one plugged into my laptop all times.
    [​IMG]
     
    • Like Like x 1
  14. I managed to do most of the tutorial, but i can't disable password login, im trying to the the ssh config with "sudo vi /etc/ssh/sshd_config" i go to the "PasswordAuthentication" and i change it to "no", but how i can save these changes ? Because i can't write commands or anything.

    Edit: I managed to get out with ':w' but when i try to use 'service ssh restart' it says "Failed to reload ssh.service: Unit ssh.service failed to load: No such file or directory."
     
    #16 MaTaMoR_, Jun 17, 2016
    Last edited: Jun 17, 2016
  15. Or use KVM as a backup :p

    My sexy KVM screen: https://drive.google.com/file/d/0Bzi7TczKmNTuaUtBck8wb0JFQzA/view?usp=drivesdk (web tho but its awesome if I locked myself out xD)
     
    • Optimistic Optimistic x 1
  16. Use sshd for restarting ssh. And use the letter I without using SHIFT or ETC to enter test and such and then press ESC and then :wq for save & quit and otherwise just get nano
     
  17. Yeah i managed to do it, ill try to do now what @ConnorLinfoot said install CSF.
     
  18. JamesJ

    Supporter

    no. plz.
    Never rely on KVM. Let alone, not all hosts give you KVM access.


    @OP:

    - Change SSH port (stops a lot of brute force attacks, from people who just scan the internet on port 22).
    - Disable root login
    - Use strong SSH keys, I personally use 4096 bit keys as 1024bit keys have been confirmed to of been cracked, there are rumours that 2048bit keys have been hacked (I have no sources, sorry :()
    - Password protect your keys
    - If you have a laptop, or second PC, generate keys on that too, and add that to your authorized_keys (instead of backing up your keys, this is better).
    - Install fail2ban, and configure it. Configure it as best you can, so you get email notifications when someone is banned. If it's an IP you've never seen before, no harm in permanently blacklisting it on your SSH port.
    - If you have Redis installed, firewall it.
    - ^ same goes for any open ports really, any ports you don't need open, close them.

    If they get leaked, you're fucked.
    If you can put them on two devices that you own, access and control entirely, that's good enough. If you somehow manage both, what the hell.
     
    • Like Like x 2
    • Winner Winner x 1