03-13-2016, 07:49 PM
This is original content written by me to be cross posted at freedomain.club post4vps.com and freevps.us
Thank you in advance for reading and responding where applicable. Anyone is welcome to use it for any purpose, with no warranty expressed or implied. Please backlink the source where you found it if you find it useful.
[snip]
I fully admit that I've got plenty to learn and the experience with a vps is quite new to me.
One thing I am very uneducated in is network security. I have a basic understanding of access rules and permissions, but beyond that, what can one do to protect one's data?
I've had the vps for a few days now, and I've been mainly focusing on getting the config files just right. I found that after I got wordpress running my apache daemon's became very bloated, so I dropped php mem limit from 128 to 32mb, which helped a LOT. Also I realized that I don't need to leave the ftp server on, I can use it when installing files then stop it, which also saves me some resources. I think in time with a bit of tinkering I can get a setup just right to serve fast pages and services even on a small free vps.
However, I'm wondering what vulnerabilities I might have that I'm unaware of, and other people are too!
I looked at my apache logs today and saw several people poking around.
Several HTTP HEAD requests from Russia 185.xx.xx.xx (5 diff ips)
A couple GET requests from Amazonaws 54.xx.xx.xx (just 1 ip 4 queries including a get of my wordpress readme.html)
Scary GET request from Poland (GET http://testp4.pospr.waw.pl/testproxy.php HTTP/1.1")
The last one definitely looks to me like some sort of vulnerability probe.
I banned the poland IP, as well as the amazon IP (I don't like people testing nor viewing my readme without asking first) but for now I've left the Russian IPs alone. Deny rules at the top of IPtables
The requests *seem* innocent enough and were just producing 403 and 500 errors. But I don't know... maybe they were doing a network scan for desktop vulnerabilities and that's why the errors were produced? Maybe next time they'll search for server vulnerabilities?
Maybe they're all completely normal search engine requests?
I'm wondering if I took appropriate action in banning the ones I did, if I should ban the rest of them, or if there is further action that I should have taken, or any general thoughts/opinions/suggestions/comments someone with more experience might have.
Thank you in advance for reading and responding where applicable. Anyone is welcome to use it for any purpose, with no warranty expressed or implied. Please backlink the source where you found it if you find it useful.
[snip]
I fully admit that I've got plenty to learn and the experience with a vps is quite new to me.
One thing I am very uneducated in is network security. I have a basic understanding of access rules and permissions, but beyond that, what can one do to protect one's data?
I've had the vps for a few days now, and I've been mainly focusing on getting the config files just right. I found that after I got wordpress running my apache daemon's became very bloated, so I dropped php mem limit from 128 to 32mb, which helped a LOT. Also I realized that I don't need to leave the ftp server on, I can use it when installing files then stop it, which also saves me some resources. I think in time with a bit of tinkering I can get a setup just right to serve fast pages and services even on a small free vps.
However, I'm wondering what vulnerabilities I might have that I'm unaware of, and other people are too!
I looked at my apache logs today and saw several people poking around.
Several HTTP HEAD requests from Russia 185.xx.xx.xx (5 diff ips)
A couple GET requests from Amazonaws 54.xx.xx.xx (just 1 ip 4 queries including a get of my wordpress readme.html)
Scary GET request from Poland (GET http://testp4.pospr.waw.pl/testproxy.php HTTP/1.1")
The last one definitely looks to me like some sort of vulnerability probe.
I banned the poland IP, as well as the amazon IP (I don't like people testing nor viewing my readme without asking first) but for now I've left the Russian IPs alone. Deny rules at the top of IPtables
The requests *seem* innocent enough and were just producing 403 and 500 errors. But I don't know... maybe they were doing a network scan for desktop vulnerabilities and that's why the errors were produced? Maybe next time they'll search for server vulnerabilities?
Maybe they're all completely normal search engine requests?
I'm wondering if I took appropriate action in banning the ones I did, if I should ban the rest of them, or if there is further action that I should have taken, or any general thoughts/opinions/suggestions/comments someone with more experience might have.