Results 1 to 6 of 6
  1. #1

    Disabling IP tables a security issue?

    I was unable to login to Kloxo-MR admin panel on xen vps with Nginx for 2 weeks. A malicious hacker prevented me gaining access to my server files.

    On Kloxo-MR forums, the developer said to disable ip tables
    In your VPS, IPTables is enable by default. The simple action is remove with 'yum remove iptables*'. Yes, Kloxo-MR try 'disable' for IPTables but sometimes this 'trick' not work perfectly. Possible something about webmail. It's more easy to fix after you fix above problems. Try also cp.domain.com
    Do you think it's safe to disable ip tables? I want security above all else. I want to prevent hacking and DDOS attacks which I experienced after gaining login access to Kloxo-MR.

  2. #2

    ip tables

    You can turn off IP tables, but you better have an awesome firewall in front of the server.

    Running any server without a firewall is not a good idea. Sometimes you can get away with it with minimal services turned on, however a firewall is definitely recommended, and thus ip tables on.

  3. #3
    Join Date
    Feb 2005
    Location
    Norway
    Posts
    1,651
    I always add my own IP (home IP) to my firewall. You can also change the SSH port, so nobody else can ban the root user with failed attempts.
    My Top 20 benchmark list (and review site)
    Powered by: Kimsufi, backed up by: Hetzner, DigitalOcean and Vultr.com
    Also using
    SolaDrive.com (56+ months), KnownHost.com (56+ months)

  4. #4
    If you don't have any iptables rules, it's doing you no good anyways. It will not help prevent any sort of attack. You can use iptables -L to check if any rules exist and determine if you want them or not.

    Assuming your services are locked down, it's perfectly safe to turn off iptables.

  5. #5
    Join Date
    May 2012
    Posts
    79
    Hi

    It looks like the hacker has played on the firewall. Rather than uninstallaing the firewall,

    1)Try clearing all the rules and add a new set of rules.

    2) Make sure that there are no rules added on the files /etc/hosts.deny or /etc/hosts.deny

    Any entries in the files above can restrict the access.


    Anyway; if you find a server hacked, the best way to go is to reload OS on the server and restore data from backups. There is a high chance of any backdoor script being left on the server, which can be used to gain access again.

  6. #6
    Fist of all change the ssh port and after that flush all iptables rules.

Similar Threads

  1. Disabling CPU cores without disabling HT
    By justcolo in forum Hosting Security and Technology
    Replies: 2
    Last Post: 01-08-2014, 02:20 PM
  2. MySQL doubt: More DB's & less tables || More tables less DB's
    By osphere in forum Hosting Security and Technology
    Replies: 5
    Last Post: 11-06-2009, 07:22 PM
  3. Security concerns on disabling safe_mode in shared server
    By robotwink in forum Hosting Security and Technology
    Replies: 1
    Last Post: 09-27-2009, 03:26 AM
  4. PHP Security: disabling classes?
    By sh4ka in forum Hosting Security and Technology
    Replies: 2
    Last Post: 04-17-2009, 04:27 PM
  5. Is that a security issue?
    By raulgonzalez in forum Programming Discussion
    Replies: 4
    Last Post: 05-17-2005, 01:19 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •