Results 1 to 14 of 14

Thread: VPS Hardening?

  1. #1
    Join Date
    May 2008
    Posts
    254

    VPS Hardening?

    I have an unmanaged VPS, and was wondering what is all included typically in VPS hardening. Is it worth it to pay the fee to have my provider do it? Or is it something that is easy enough to do myself?

    TIA.

  2. #2
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,391
    If you're unsure about this, then yes probably i'd pay someone to take care of it, especially a one time setup fee should be reasonable.
    CirtexHosting Providing Affordable and Quality Web Hosting & Reseller Hosting since 2003
    LINUX based cPANEL/WHM Shared and Reseller Web Hosting with Fantastico
    HostV VPS Premium Virtual Private Servers & Dedicated Servers powered by cPanel/WHM
    We transfer your sites over quickly! I eat penguins for breakfast ...

  3. #3
    Join Date
    Jan 2006
    Location
    Ontario, Canada
    Posts
    324
    Check out some of the server hardening offers in the forum here, you would require most of the work that the typical ads include.

    It's definately worth the cost if you want to prevent being hacked as much as possible, just make sure you get someone skilled to tackle the job, and read reviews about your prospects here on WHT.

    If you are comfortable using the command line, you could google around or even search this forum - WHT has a lot of great guides on securing a VPS.
    Shared Hosting / Reseller Hosting / Email Hosting
    Dedicated Servers / Unmetered Servers / Linux & Windows VPS
    DME Hosting, LLC [http://www.dmehosting.com]

  4. #4
    Join Date
    Mar 2005
    Location
    Indonesia
    Posts
    191
    VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know
    ||| JFOC Network Solution - Affordable Web Hosting
    ||| Web Site: http://www.jfoc.net
    ||| Retelling Story - Share Your Story, anything
    ||| Web Site: http://www.rtstory.com

  5. #5
    Join Date
    Oct 2008
    Location
    Singapore
    Posts
    4,521
    Quote Originally Posted by JFOC View Post
    VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know
    Easy for tech savvy individuals...
    LIMENEX WEB HOSTING
    Affordable High Performance Web Hosting in United States & United Kingdom
    Web Hosting | Reseller Hosting | Managed VPS | Managed Dedicated Servers | Cheap SSL Certificates

  6. #6
    Quote Originally Posted by JFOC View Post
    VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know
    Yeah hardening a VPS is about the same as hardening a dedicated server minus probably playing with the kernel if its running on OpenVZ. I can say for sure that if the OP doesn't know what he's doing, he's going to probably do some serious damage.

  7. #7
    Join Date
    Mar 2009
    Location
    Austin Tx
    Posts
    2,001
    Quote Originally Posted by JFOC View Post
    VPS Hardening is easy, but if you cannot do that just contact some outsourcing server management or pay someone you know
    I agree, "easy" is very relative. You have to have a concept of what may attack, and the tools / techniques available.

    OP, if you have moderate linux skills and understanding, just some research and Q/A may suffice. If you are not comfy in the shell, I'd suggest you get a good tech to help you out.
    This is the best signature in the world....Tribute!
    (It is not the best signature in the world, no. This is just a tribute)

  8. #8
    Join Date
    May 2008
    Posts
    254
    I'm more than comfortable with shell and linux. That being said I'm not up to date as to what is vulnerable, what needs to be hardened, etc. There are about 100 different tutorials on VPS hardening, and all though some are similar there are a lot of different "opinions" on what needs to be done.

    And just because of that fact I think I'll just get my host to do it. I want it done right, and don't want to miss anything. (In case I follow an incomplete hardening tutorial etc).

    TY for input.

  9. #9
    Join Date
    Mar 2005
    Location
    Indonesia
    Posts
    191
    good if your provider could do that
    ||| JFOC Network Solution - Affordable Web Hosting
    ||| Web Site: http://www.jfoc.net
    ||| Retelling Story - Share Your Story, anything
    ||| Web Site: http://www.rtstory.com

  10. #10
    Join Date
    Nov 2001
    Location
    Vancouver
    Posts
    2,416
    Quote Originally Posted by vect0r View Post
    is it something that is easy enough to do myself
    This depends a lot on how much effort you are willing to put into the task. In the long run, it is far better to learn how to manage your own server, but if you are unlikely to actually do the work, it is far better to pay someone to get it done.

    If you are not providing accounts on your VM to various untrusted users, by default your system may be more secure than some web hosts.

    But that doesn't mean you don't have work to do. If your VPS is up already it is no doubt being subject to a dictionary attack - an automated attempt to log on via ssh by trying various user names and passwords. Usually within a few hours of a new machine or VM (virtual machine) being on-line these attacks start. You should stop them, and it is easy enough to do but takes a little google research for the newbie. Answers can even be found on this forum.

    While this is for FreeBSD I would encourage you to read it even if you are using another OS as it gives a great many good ideas on security, many of which are in fact usable on other OS's. Some minor path changes to configuration files may be in order.

    Unofficial FreeBSD Security Checklist / Links / Resources
    http://forums.freebsd.org/showthread.php?t=4108

    Perhaps someone can point you to a similar link for your OS.
    “Even those who arrange and design shrubberies are under
    considerable economic stress at this period in history.”

  11. #11
    Quote Originally Posted by AquariusADMIN View Post
    Yeah hardening a VPS is about the same as hardening a dedicated server minus probably playing with the kernel if its running on OpenVZ. I can say for sure that if the OP doesn't know what he's doing, he's going to probably do some serious damage.
    yeah, when i was hardening my unmanaged vps i noticed a lot of limitations regarding kernel tuning in sysctl.conf, proc filesystem access, iptables not enabled by default etc.

    what must be frustrating is that you harden your vps to death, and then you get deleted because the node is running hypervm!

    its one area we as users have no control over - the host's security, and it has the largest potential damage level.

  12. #12
    Join Date
    May 2008
    Location
    Iowa
    Posts
    1,138
    I really feel the VPS competition is becoming extremely difficult. You will see Hybrids coming into play in the next year or two. Most VPS companies offer the fully management support your looking for. If its not included into your monthly price then I strongly suggest looking for another VPS provider. Best of luck!
    We develop brand identity for the web.
    - - - - - - - - - - - - - - - -
    Services ~ Custom Web Design, Branding & Identity, Development, Hosting & more!
    Portfolio ~ Websites, User Interfaces, Widgets & more!

  13. #13
    Join Date
    Mar 2009
    Location
    Chicago, IL
    Posts
    219
    As a suggestion, I would get a definitive list of what is and isn't provided in a security audit service from your provider and then shop around the forums a bit. You may get a better bang for your buck, and a more secure server by doing so.

    Not all security packages are created equal. =)

  14. #14
    Join Date
    Aug 2008
    Location
    Shoreline WA
    Posts
    160
    I would definitely suggest more than an audit, its easy to scan for versions, or list all potential problems with a given piece of software, but it is another thing to tell you what must be done to correct the issue. Just be sure that what ever you do you have help with the part between knowing security holes to having them closed.

    It may be easy for a person to "harden" their server, but you can only correct issues you know about, and even with my 10 years of security and network administration, I would not dare to say I know all the holes that exist, or know how to close them all, that would be foolish. With that point in mind, it does not hurt to get another perspective, such as a paid professional. I also could not say as a general statement that it is easy, because you do not know the experience level of every person reading.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •