Results 1 to 6 of 6
-
01-21-2014, 05:47 PM #1Newbie
- Join Date
- Dec 2013
- Posts
- 20
Disabling IP tables a security issue?
I was unable to login to Kloxo-MR admin panel on xen vps with Nginx for 2 weeks. A malicious hacker prevented me gaining access to my server files.
On Kloxo-MR forums, the developer said to disable ip tablesIn your VPS, IPTables is enable by default. The simple action is remove with 'yum remove iptables*'. Yes, Kloxo-MR try 'disable' for IPTables but sometimes this 'trick' not work perfectly. Possible something about webmail. It's more easy to fix after you fix above problems. Try also cp.domain.com
-
01-21-2014, 05:50 PM #2Newbie
- Join Date
- Jan 2014
- Posts
- 5
ip tables
You can turn off IP tables, but you better have an awesome firewall in front of the server.
Running any server without a firewall is not a good idea. Sometimes you can get away with it with minimal services turned on, however a firewall is definitely recommended, and thus ip tables on.
-
01-21-2014, 06:56 PM #3Norwegian polar bear hunter
- Join Date
- Feb 2005
- Location
- Norway
- Posts
- 1,651
I always add my own IP (home IP) to my firewall. You can also change the SSH port, so nobody else can ban the root user with failed attempts.
My Top 20 benchmark list (and review site)
Powered by: Kimsufi, backed up by: Hetzner, DigitalOcean and Vultr.com
Also using SolaDrive.com (56+ months), KnownHost.com (56+ months)
-
01-21-2014, 07:52 PM #4Newbie
- Join Date
- Jan 2014
- Posts
- 25
If you don't have any iptables rules, it's doing you no good anyways. It will not help prevent any sort of attack. You can use iptables -L to check if any rules exist and determine if you want them or not.
Assuming your services are locked down, it's perfectly safe to turn off iptables.
-
01-22-2014, 01:38 AM #5Junior Guru Wannabe
- Join Date
- May 2012
- Posts
- 79
Hi
It looks like the hacker has played on the firewall. Rather than uninstallaing the firewall,
1)Try clearing all the rules and add a new set of rules.
2) Make sure that there are no rules added on the files /etc/hosts.deny or /etc/hosts.deny
Any entries in the files above can restrict the access.
Anyway; if you find a server hacked, the best way to go is to reload OS on the server and restore data from backups. There is a high chance of any backdoor script being left on the server, which can be used to gain access again.
-
01-22-2014, 04:08 AM #6New Member
- Join Date
- Jul 2012
- Posts
- 2
Fist of all change the ssh port and after that flush all iptables rules.
Similar Threads
-
Disabling CPU cores without disabling HT
By justcolo in forum Hosting Security and TechnologyReplies: 2Last Post: 01-08-2014, 02:20 PM -
MySQL doubt: More DB's & less tables || More tables less DB's
By osphere in forum Hosting Security and TechnologyReplies: 5Last Post: 11-06-2009, 07:22 PM -
Security concerns on disabling safe_mode in shared server
By robotwink in forum Hosting Security and TechnologyReplies: 1Last Post: 09-27-2009, 03:26 AM -
PHP Security: disabling classes?
By sh4ka in forum Hosting Security and TechnologyReplies: 2Last Post: 04-17-2009, 04:27 PM -
Is that a security issue?
By raulgonzalez in forum Programming DiscussionReplies: 4Last Post: 05-17-2005, 01:19 PM