<![CDATA[Post4VPS Forum | Free VPS Provider

<![CDATA[Post4VPS Forum | Free VPS Provider - VPS Protection]]> https://post4vps.com/ Fri, 22 May 2026 22:07:19 +0000 MyBB <![CDATA[free anti-ddos websites]]> https://post4vps.com/Thread-free-anti-ddos-websites Sat, 24 Apr 2021 12:44:22 +0000 hamed]]> https://post4vps.com/Thread-free-anti-ddos-websites Hi friends, I had a few questions.
What is the best VPS Anti attack and Website anti ddos (free) and how can I get it, does it need a visa card or is it completely free?
Please share the sites that offer this package for free. Thank you]]> Hi friends, I had a few questions.
What is the best VPS Anti attack and Website anti ddos (free) and how can I get it, does it need a visa card or is it completely free?
Please share the sites that offer this package for free. Thank you]]> <![CDATA[Update your Laravel!]]> https://post4vps.com/Thread-Update-your-Laravel Sun, 28 Mar 2021 14:10:54 +0000 LightDestory]]> https://post4vps.com/Thread-Update-your-Laravel
Recently a new CVE has been filled that explain how to exploit a "Ignition" bug that allows the arbitraty execution of code. IT is really dangerous.
One of my friend VPS has been infected buy a cryptominer, the aricle I am going to post here talks about Docker APIs but the same "malicious command" has been used on Laravel's exploting. He requested my help to eradicate that maleware... well it was a nightmare, killing the process was useless because a new one will start soon after. What you need to do is find a a cron job that let the malware in.

Another CVE regards databse queries... but it is less dangerous that a miner inside your server! As the CVE article says, most of attempt of this exploit will result on "no result" from the query...

Stay safe, stay updated!]]>
Recently a new CVE has been filled that explain how to exploit a "Ignition" bug that allows the arbitraty execution of code. IT is really dangerous.
One of my friend VPS has been infected buy a cryptominer, the aricle I am going to post here talks about Docker APIs but the same "malicious command" has been used on Laravel's exploting. He requested my help to eradicate that maleware... well it was a nightmare, killing the process was useless because a new one will start soon after. What you need to do is find a a cron job that let the malware in.

Another CVE regards databse queries... but it is less dangerous that a miner inside your server! As the CVE article says, most of attempt of this exploit will result on "no result" from the query...

Stay safe, stay updated!]]> <![CDATA[IMPORTANT - enhance security of your Ubuntu 14.04 lts install if still using it]]> https://post4vps.com/Thread-IMPORTANT-enhance-security-of-your-Ubuntu-14-04-lts-install-if-still-using-it Thu, 20 Aug 2020 22:15:10 +0000 rudra]]> https://post4vps.com/Thread-IMPORTANT-enhance-security-of-your-Ubuntu-14-04-lts-install-if-still-using-it
this is extended support for 14.04 lts that provides security updates essential to keep your system secure and stable.

You can use this service provided by Ubuntu on upto 3 machines for free in case it is personal use. (known community members their can use on upto 50 machines for free for personal use ).

What to do - steps

go to https://ubuntu.com/advantage

login ( if you already have a ubuntu one account. it is free ) or register and then login. Now you will see a command with token like 'ua attach token'

you run that with sudo or on root account and your system will be configured automagically.

now check with 'ua status'

now update using apt-get as you normally do and profit !!!

NOTE: I am working on bringing Ubuntu OS upgrade without using control panel vnc / novnc. Hopefully I will succeed and then you will get to enjoy the latest LTS on your VPS. fingers crossed ...]]>
this is extended support for 14.04 lts that provides security updates essential to keep your system secure and stable.

You can use this service provided by Ubuntu on upto 3 machines for free in case it is personal use. (known community members their can use on upto 50 machines for free for personal use ).

What to do - steps

go to https://ubuntu.com/advantage

login ( if you already have a ubuntu one account. it is free ) or register and then login. Now you will see a command with token like 'ua attach token'

you run that with sudo or on root account and your system will be configured automagically.

now check with 'ua status'

now update using apt-get as you normally do and profit !!!

NOTE: I am working on bringing Ubuntu OS upgrade without using control panel vnc / novnc. Hopefully I will succeed and then you will get to enjoy the latest LTS on your VPS. fingers crossed ...]]> <![CDATA[default OS reinstall plan - kvm vps users]]> https://post4vps.com/Thread-default-OS-reinstall-plan-kvm-vps-users Fri, 14 Aug 2020 22:19:11 +0000 rudra]]> https://post4vps.com/Thread-default-OS-reinstall-plan-kvm-vps-users
1) what are the Linux flavours you use ? centos, ubuntu. please mention version

2) could you afford to spare / reserve say 3-5 GB space on your HDD for system recovery or reinstall on your own any time you like ?

3) do you want option to emergency reboot to a live environment with vnc access and recover / reinstall from there ?

4) do you use passwords or key file to login to your vps through ssh ?

5) what is your current hdd partition scheme ? what would you do differently if you could configure it during install ?

thanks

re. I'm working on getting a unified system to fresh install Linux on these VPSs. So your input is very important.

thanks..]]>
1) what are the Linux flavours you use ? centos, ubuntu. please mention version

2) could you afford to spare / reserve say 3-5 GB space on your HDD for system recovery or reinstall on your own any time you like ?

3) do you want option to emergency reboot to a live environment with vnc access and recover / reinstall from there ?

4) do you use passwords or key file to login to your vps through ssh ?

5) what is your current hdd partition scheme ? what would you do differently if you could configure it during install ?

thanks

re. I'm working on getting a unified system to fresh install Linux on these VPSs. So your input is very important.

thanks..]]> <![CDATA[SSH restoration and OS reinstallation without control panel]]> https://post4vps.com/Thread-SSH-restoration-and-OS-reinstallation-without-control-panel Thu, 06 Aug 2020 09:56:26 +0000 rudra]]> https://post4vps.com/Thread-SSH-restoration-and-OS-reinstallation-without-control-panel
P4V has multiple KVM VPSs without control panel. So the VPS owners are forced to contact staff/admin when they lock themselves out of SSH somehow or want a reinstall of OS.

Now here is what I propose to enable you guys to restore SSH and reinstall OS on your own in all of the scenarios except one [ tell you at the bottom ].

1) restore SSH -

setup a github public account and fix a specific file over there that will be used as our flag.

Now we make a script that periodically checks that flag for some predetermined sign and when it gets that sign, it just uninstalls and reinstalls SSH, restores your sshd settings and makes sure that the designated port is accessible from outside though firewall.

The sign can be a simple 'yes' or anything you like.

You can incorporate network checks and reset option in the script too !!

2) Reinstall OS -

This will be almost similar.. almost

Here you use a preseed file with basic netboot iso install image that is loaded and run through grub to prepare a basic system automatically [ unattended ] and ssh is enabled which you can use to login to complete the steps.

Here also we use another script that periodically checks a flag.

I can help you guys with the preseed file for ubuntu and how to set that up. For other OS, you will have to experiment I guess.

So we mainly use cron to run a script that checks say every hour for our two flags. So even if we lose access to the system, It can do a sort of reset to let us back in or reinstall OS for us.

The big plus i see is more freedom for both staff and VPS owners.

What do you guys say ?

NOTE. - If you nuke the system so hard that nothing is working inside and even the cron, base system is corrupted, then I guess you will have to contact the staff. But let me hazard a guess, you guys rarely end up in that kind of scenario. It is mostly wanting to start fresh with an OS. isn't it?

Edit2: also check
https://post4vps.com/Thread-default-OS-r...4#pid37904]]>
P4V has multiple KVM VPSs without control panel. So the VPS owners are forced to contact staff/admin when they lock themselves out of SSH somehow or want a reinstall of OS.

Now here is what I propose to enable you guys to restore SSH and reinstall OS on your own in all of the scenarios except one [ tell you at the bottom ].

1) restore SSH -

setup a github public account and fix a specific file over there that will be used as our flag.

Now we make a script that periodically checks that flag for some predetermined sign and when it gets that sign, it just uninstalls and reinstalls SSH, restores your sshd settings and makes sure that the designated port is accessible from outside though firewall.

The sign can be a simple 'yes' or anything you like.

You can incorporate network checks and reset option in the script too !!

2) Reinstall OS -

This will be almost similar.. almost

Here you use a preseed file with basic netboot iso install image that is loaded and run through grub to prepare a basic system automatically [ unattended ] and ssh is enabled which you can use to login to complete the steps.

Here also we use another script that periodically checks a flag.

I can help you guys with the preseed file for ubuntu and how to set that up. For other OS, you will have to experiment I guess.

So we mainly use cron to run a script that checks say every hour for our two flags. So even if we lose access to the system, It can do a sort of reset to let us back in or reinstall OS for us.

The big plus i see is more freedom for both staff and VPS owners.

What do you guys say ?

NOTE. - If you nuke the system so hard that nothing is working inside and even the cron, base system is corrupted, then I guess you will have to contact the staff. But let me hazard a guess, you guys rarely end up in that kind of scenario. It is mostly wanting to start fresh with an OS. isn't it?

Edit2: also check
https://post4vps.com/Thread-default-OS-r...4#pid37904]]> <![CDATA[Domain shadowing - beware!]]> https://post4vps.com/Thread-Domain-shadowing-beware Tue, 10 Mar 2020 02:14:48 +0000 deanhills]]> https://post4vps.com/Thread-Domain-shadowing-beware
Domain shadowing is one of the exploits that can happen to you when someone else gets access to your domain registration information. The information can be stolen, but it could also be obtained at the point of sale, like you're not the first owner, but the third party or reseller who sets the domain up for you - makes you into the second owner. Since they then have access to the DNS of your domain they can create sub-domains with it. They do it with a huge number of victims and through that they have the ability to set up massive lists of subdomains, which they can use in quickly rotating fashion to either redirect victims to attack sites, or to serve as hosts for malicious sites. Before you know it, your domain and IP get blacklisted and you won't be able to see any signs of hacking or exploits on your VPS as they don't need access to your VPS or server to do their evil deeds. They do it at the front end of the domain at the Domain Registrar.

So better be safe than sorry. Don't go for super cheap deals from domain affilliate resellers, or if and when you do, make dead certain you know whom you are dealing with. Rather insist in creating the domain directly with the Registrar and make sure to keep all of the information safe and secure so no one can get access to the information. Also check at your Domain Registrar as the really good Registrars will provide you with tools in your Registrar Dashboard with which you can keep your domain safe. Such as locking it.]]>
Domain shadowing is one of the exploits that can happen to you when someone else gets access to your domain registration information. The information can be stolen, but it could also be obtained at the point of sale, like you're not the first owner, but the third party or reseller who sets the domain up for you - makes you into the second owner. Since they then have access to the DNS of your domain they can create sub-domains with it. They do it with a huge number of victims and through that they have the ability to set up massive lists of subdomains, which they can use in quickly rotating fashion to either redirect victims to attack sites, or to serve as hosts for malicious sites. Before you know it, your domain and IP get blacklisted and you won't be able to see any signs of hacking or exploits on your VPS as they don't need access to your VPS or server to do their evil deeds. They do it at the front end of the domain at the Domain Registrar.

So better be safe than sorry. Don't go for super cheap deals from domain affilliate resellers, or if and when you do, make dead certain you know whom you are dealing with. Rather insist in creating the domain directly with the Registrar and make sure to keep all of the information safe and secure so no one can get access to the information. Also check at your Domain Registrar as the really good Registrars will provide you with tools in your Registrar Dashboard with which you can keep your domain safe. Such as locking it.]]> <![CDATA[Wordfence Plugin Vulnerabilities - avoid Woocommerce plugin]]> https://post4vps.com/Thread-Wordfence-Plugin-Vulnerabilities-avoid-Woocommerce-plugin Thu, 05 Mar 2020 13:23:30 +0000 deanhills]]> https://post4vps.com/Thread-Wordfence-Plugin-Vulnerabilities-avoid-Woocommerce-plugin
Async JavaScript
Modern Events Calendar Lite
10Web Map Builder for Google Maps.

The above plugins exploit XSS vulnerabilities in the plugins that allow hackers to inject malicious Javascript that can create rogue WordPress administrators and install malicious plugins that include backdoors.

These hackers are just getting better and better at it all of the time. So it's important for site administrators to check whether they're using these plugins, or similar plugins, in order to avoid their Websites being hacked.

With regard to Woocommerce plugin. It has a reputation amongst seasoned WordPress users of being vulnerable and not reliable. So for new users or WordPress users who are not power WordPress users, although this plugin is very attractive, and can do a long list of attractive looking tasks, it is best to avoid this plugin.

Here is a link to the WordFence Security Blog Article:
https://www.wordfence.com/blog/2020/02/s...abilities/

And a more general Wordfence Blog link for other security blog articles that have recently been published by Wordfence.
https://www.wordfence.com/blog/category/...-security/
The blog articles are eye openers. Even the famous Duplicator Plugin was compromised recently. For me it sends a clear message to keep WordPress plugins to the bare minimum. To only use plugins that have a very large following with a demonstrated and recent support and update record by the owner, and vetted by WordPress.]]>
Async JavaScript
Modern Events Calendar Lite
10Web Map Builder for Google Maps.

The above plugins exploit XSS vulnerabilities in the plugins that allow hackers to inject malicious Javascript that can create rogue WordPress administrators and install malicious plugins that include backdoors.

These hackers are just getting better and better at it all of the time. So it's important for site administrators to check whether they're using these plugins, or similar plugins, in order to avoid their Websites being hacked.

With regard to Woocommerce plugin. It has a reputation amongst seasoned WordPress users of being vulnerable and not reliable. So for new users or WordPress users who are not power WordPress users, although this plugin is very attractive, and can do a long list of attractive looking tasks, it is best to avoid this plugin.

Here is a link to the WordFence Security Blog Article:
https://www.wordfence.com/blog/2020/02/s...abilities/

And a more general Wordfence Blog link for other security blog articles that have recently been published by Wordfence.
https://www.wordfence.com/blog/category/...-security/
The blog articles are eye openers. Even the famous Duplicator Plugin was compromised recently. For me it sends a clear message to keep WordPress plugins to the bare minimum. To only use plugins that have a very large following with a demonstrated and recent support and update record by the owner, and vetted by WordPress.]]> <![CDATA[Do users need protection from Firewall "security" scripts?]]> https://post4vps.com/Thread-Do-users-need-protection-from-Firewall-security-scripts Wed, 19 Feb 2020 08:08:42 +0000 deanhills]]> https://post4vps.com/Thread-Do-users-need-protection-from-Firewall-security-scripts
I believe that for security scripts with Firewall there should be a long list of the Pros and Cons - particularly the Cons - and exactly what to expect from a user point of view when the Firewall comes up with a flag. When this happens - there should be damage legislation in place to exactly describe the abuse in plain English and if found to be a false positive how the problem should be dealt with as a protective measure for BOTH the Data Centre and User. I find the consequences are only one-sided with total lack of regard for the user. Once a flag has gone up and if the host is not particularly savvy, the user is already found guilty without a proper investigation. Like it's automatically assumed the Data Centre and Security Websites are experts - which is not always the case.

At post4vps the majority of users live outside North America and Europe. So are very vulnerable to strict hardware that may trigger false positives easily. I'm also an Administrator at a shared hosting Forum and we come across this all of the time. Our host is German with very strict European standard firewalls at their Datacentres. The majority of our members are from outside Germany. You can't imagine the hard work to unblock IPs all of the time, and having to do this also for experienced users who obviously know what they are doing. And I guess in the case of a VPS it may lead to immediate suspension under a non-specific heading like "abuse". And trying to figure out exactly what happened an almost impossibility. Like "abuse of bandwidth"! Now what does that mean specifically?

When on top of it all the IP has been flagged by the Data Centre through the security networks, causing the IP to be listed on blacklists everywhere. Like panic immediately starts with the host of the server who has been informed by the Data Centre (equivalent of God who can't do anything wrong as they're specialists). The host of the server who is most concerned to lose his business would naturally side with the Data Centre, then immediately suspends the user with delays before proving anything. In the meanwhile with time delays IP gets circulated in the Blacklists. Sometimes the verdict is very clear, but sometimes not so clear. And the damage can not be fixed. The IP and even more importantly the domain associated with the IP gets great damage, and sometimes has to be abandoned.

Ironically I think it's come to the point where the user needs to be protected from all of these security Firewall scripts. The best way to be protected is for the user to insist on complete, transparent, and full information of what the firewall security does and what actions to expect from the Datacentre. If the user is innocent the offending "security" network who caused the IP to be blacklisted should be held fully accountable - not just shrug it off as collateral damage and leave everything for the innocent user to "fix". The user probably also needs full disclosure of the IP and previous "clean" ownership of the IP BEFORE the user accepts the IP. Like instead of accepting these security measures like sheep, users, particularly users who have been caught in false positives should speak up and insist on some kind of damage control that should be more widely shared and not only for the user to deal with. Like the same security network used by Data Centers to blacklist an IP should be made accountable for undoing the blacklisting when a false positive has been found. With due apology to the user.]]>
I believe that for security scripts with Firewall there should be a long list of the Pros and Cons - particularly the Cons - and exactly what to expect from a user point of view when the Firewall comes up with a flag. When this happens - there should be damage legislation in place to exactly describe the abuse in plain English and if found to be a false positive how the problem should be dealt with as a protective measure for BOTH the Data Centre and User. I find the consequences are only one-sided with total lack of regard for the user. Once a flag has gone up and if the host is not particularly savvy, the user is already found guilty without a proper investigation. Like it's automatically assumed the Data Centre and Security Websites are experts - which is not always the case.

At post4vps the majority of users live outside North America and Europe. So are very vulnerable to strict hardware that may trigger false positives easily. I'm also an Administrator at a shared hosting Forum and we come across this all of the time. Our host is German with very strict European standard firewalls at their Datacentres. The majority of our members are from outside Germany. You can't imagine the hard work to unblock IPs all of the time, and having to do this also for experienced users who obviously know what they are doing. And I guess in the case of a VPS it may lead to immediate suspension under a non-specific heading like "abuse". And trying to figure out exactly what happened an almost impossibility. Like "abuse of bandwidth"! Now what does that mean specifically?

When on top of it all the IP has been flagged by the Data Centre through the security networks, causing the IP to be listed on blacklists everywhere. Like panic immediately starts with the host of the server who has been informed by the Data Centre (equivalent of God who can't do anything wrong as they're specialists). The host of the server who is most concerned to lose his business would naturally side with the Data Centre, then immediately suspends the user with delays before proving anything. In the meanwhile with time delays IP gets circulated in the Blacklists. Sometimes the verdict is very clear, but sometimes not so clear. And the damage can not be fixed. The IP and even more importantly the domain associated with the IP gets great damage, and sometimes has to be abandoned.

Ironically I think it's come to the point where the user needs to be protected from all of these security Firewall scripts. The best way to be protected is for the user to insist on complete, transparent, and full information of what the firewall security does and what actions to expect from the Datacentre. If the user is innocent the offending "security" network who caused the IP to be blacklisted should be held fully accountable - not just shrug it off as collateral damage and leave everything for the innocent user to "fix". The user probably also needs full disclosure of the IP and previous "clean" ownership of the IP BEFORE the user accepts the IP. Like instead of accepting these security measures like sheep, users, particularly users who have been caught in false positives should speak up and insist on some kind of damage control that should be more widely shared and not only for the user to deal with. Like the same security network used by Data Centers to blacklist an IP should be made accountable for undoing the blacklisting when a false positive has been found. With due apology to the user.]]> <![CDATA[Windows users advised to uninstall Dropbox]]> https://post4vps.com/Thread-Windows-users-advised-to-uninstall-Dropbox Wed, 25 Dec 2019 15:55:52 +0000 Honey]]> https://post4vps.com/Thread-Windows-users-advised-to-uninstall-Dropbox
Here's an excerpt from Forbes article,

Code:
Security researchers have disclosed a zero-day vulnerability in Dropbox for Windows that can enable an attacker to attain Windows SYSTEM privileges from a starting point of a simple Windows user. 

Two security researchers, Chris and another known as Decoder, first unearthed the vulnerability in September, informing Dropbox on September 18. At that time, they apparently told Dropbox that it would have 90 days to fix the issue before they disclosed it publicly. The 90 days passed without that fix, so here we are.

For further details, please visit here

https://www.forbes.com/sites/daveywinder...6364462089]]>
Here's an excerpt from Forbes article,

Code:
Security researchers have disclosed a zero-day vulnerability in Dropbox for Windows that can enable an attacker to attain Windows SYSTEM privileges from a starting point of a simple Windows user. 

Two security researchers, Chris and another known as Decoder, first unearthed the vulnerability in September, informing Dropbox on September 18. At that time, they apparently told Dropbox that it would have 90 days to fix the issue before they disclosed it publicly. The 90 days passed without that fix, so here we are.

For further details, please visit here

https://www.forbes.com/sites/daveywinder...6364462089]]> <![CDATA[Watchout and Warning: Malicious WordPress Redirect Campaign Attacking Plugins]]> https://post4vps.com/Thread-Watchout-and-Warning-Malicious-WordPress-Redirect-Campaign-Attacking-Plugins Fri, 23 Aug 2019 22:02:36 +0000 deanhills]]> https://post4vps.com/Thread-Watchout-and-Warning-Malicious-WordPress-Redirect-Campaign-Attacking-Plugins
You can read more about the WordFence blog article at the URL below:
https://www.wordfence.com/blog/2019/08/m...l-plugins/

Interesting part of the article is the behaviour analysis of the exploits. The attackers rotate their domains with frequency with new domains appearing every few days, and attacks involving older domains taper off. The examples given in the article are just the examples WordFence has been tracking. I could probably provide WordFence with more examples. Although I'm a bit too exhausted to do that. For me however the sophistication with which WordPress is being manipulated is so complex and threatening, I'm definitely going to think of new ways to publish blogs. I still have to start with this. OR one should only use VERY reliable plugins that are regularly updated and tested, and as few as possible. And of course have WordFence as a plugin as well.

Another interesting fact that came out for me during an experience with Contabo was that these guys are masters at manipulating IPs from different servers. Like with the old IP I had at Contabo, even with me being the owner, there were four other active domains registered with my IP number as active Websites - Namecheap was the Registrar. So basically if they had been used as part of the attack, then blacklisting systems would have immediately connected them up with the Contabo IP and those domains being situated on the VPS, which they had not been, and I don't have a real idea how that came about.

Maybe it's as simple as that when a Registrar allows a person to add name servers to a domain, there is no real authentication to make sure that the name servers point to a legitimate site. It can really point anywhere, including the victim's site that they have managed to infiltrate. So maybe some of this is the fault of Domain Registrars? They have domains listed with IPs that aren't really associated with the domains. Possibly there should be a new system created where if one adds one's name servers, there needs to be a verification of exactly what IP is associated with the name server to make sure it's not being used by rogue malicious attackers.]]>
You can read more about the WordFence blog article at the URL below:
https://www.wordfence.com/blog/2019/08/m...l-plugins/

Interesting part of the article is the behaviour analysis of the exploits. The attackers rotate their domains with frequency with new domains appearing every few days, and attacks involving older domains taper off. The examples given in the article are just the examples WordFence has been tracking. I could probably provide WordFence with more examples. Although I'm a bit too exhausted to do that. For me however the sophistication with which WordPress is being manipulated is so complex and threatening, I'm definitely going to think of new ways to publish blogs. I still have to start with this. OR one should only use VERY reliable plugins that are regularly updated and tested, and as few as possible. And of course have WordFence as a plugin as well.

Another interesting fact that came out for me during an experience with Contabo was that these guys are masters at manipulating IPs from different servers. Like with the old IP I had at Contabo, even with me being the owner, there were four other active domains registered with my IP number as active Websites - Namecheap was the Registrar. So basically if they had been used as part of the attack, then blacklisting systems would have immediately connected them up with the Contabo IP and those domains being situated on the VPS, which they had not been, and I don't have a real idea how that came about.

Maybe it's as simple as that when a Registrar allows a person to add name servers to a domain, there is no real authentication to make sure that the name servers point to a legitimate site. It can really point anywhere, including the victim's site that they have managed to infiltrate. So maybe some of this is the fault of Domain Registrars? They have domains listed with IPs that aren't really associated with the domains. Possibly there should be a new system created where if one adds one's name servers, there needs to be a verification of exactly what IP is associated with the name server to make sure it's not being used by rogue malicious attackers.]]> <![CDATA[What does "spamvertised website" mean and has this happened to any one else before?]]> https://post4vps.com/Thread-What-does-spamvertised-website-mean-and-has-this-happened-to-any-one-else-before Tue, 30 Jul 2019 04:56:26 +0000 deanhills]]> https://post4vps.com/Thread-What-does-spamvertised-website-mean-and-has-this-happened-to-any-one-else-before

Quote:A site being “spamvertized” means that the site is being included as a link in spam emails. The most common reason your site appears in spam emails when you’re not the spammer is because your site has been hacked by someone.

The hacker places a small piece of code somewhere on your site that redirects a user to a different site. They do this because including their own website in emails they send will immediately flag spam detectors. Their site is already a known-bad-site. So they’d rather spamvertize your site to try and get more emails through spam filters.

This works for a while until your website is also associated with spam and they have to move on to another “clean” website that they can spamvertize and that will redirect to their own site.

https://www.wordfence.com/blog/2014/05/w...-about-it/

So an awesome irony occurred. On the very same day when I posted a review of Contabo Contabo received a complaint about my VPS IP being complicit in a spamvertised website. Since I hadn't looked at my e-mails in my VPS Account for a while, I only learned about the problem yesterday morning. Contabo received a complaint about a "spamvertized website" linked to my VPS IP on 10 July. When I didn't respond within 36 hours they suspended my VPS with a notification that re-connection would cost me US$30. So of course I complained heavily to Contabo yesterday. I then wrote to them and asked whether they'd checked my VPS for any abnormalities before they suspended the VPS and they said "yes" they had, but now there was nothing on the VPS - I must have fixed it or had software on the VPS that took care of the problem. So how could I have fixed it if the VPS was suspended? Anyway, I was grateful I didn't have to pay the 30 US$, they unsuspended the VPS, but since the blog doesn't really mean anything to me, I reinstalled the OS immediately, and powered down the VPS as I'd like to get a better understanding of what had happened first.

I personally think it was a false positive, but it would be great to hear if this has happened to any other member at post4vps before? At the time of this happening I had only one very small static blog on the VPS. With no users connected with it, no comments enabled, no e-mails, no traffic. A very small blog with my own personal experiences about Contabo. I have WordFence Security Plugin on it - and I'm sure WordPress users know how fast WordFence is with picking up on irregularities. There had been no notifications from WordFence. There is also no e-mail server on the VPS. No automatic scripts running.

Only thing that did happen on 9th of July (the day before the complaint) that could have caused something to happen was I updated the following themes and plugins of WordPress. And on the 10th of July I did a Benchmark test of the VPS using Benchmark Script. Here is a record of the script, plugins and themes that were updated. Note they are all very straight up and down strictly WordPress products - and they were not actively used - only Wordfence and WP Classic Editor - the other plugins were "inherited" when I copied the Website:

1. The WordPress Script to 5.2.2
2. Plugin: WP Classic Editor
3. Plugin: Contact Form 7
4. Plugin: Duplicator
5. Plugin: Limit Login Attempts Reloaded
6. Plugin: Responsive WordPress Slider (note it's not being used with the WordPress blog)
7. Plugin: WordFence Security
8. Themes: Twenty Thirteen, Fifteen, Sixteen, Seventeen, Nineteen

The following themes and plugins were actively used in the blog:

1. WordPress Script 5.2.2
2. WEN-Associate Theme
3. All-in-one WP Migration Plugin
4. All-in-one WP Migration Extension Plugin
5. WordFence
6. Limit Login Attempts Reloaded
7. WordPress Classic Editor

I had VestaCP loaded on the VPS without FTP or E-mail Server.

I had changed the Port Number in April. When I first took occupation of the VPS in April I noticed a very abnormal number of failed login attempts, like larger than I'd ever experienced before. It completely stopped when I changed the port number.]]>

Quote:A site being “spamvertized” means that the site is being included as a link in spam emails. The most common reason your site appears in spam emails when you’re not the spammer is because your site has been hacked by someone.

The hacker places a small piece of code somewhere on your site that redirects a user to a different site. They do this because including their own website in emails they send will immediately flag spam detectors. Their site is already a known-bad-site. So they’d rather spamvertize your site to try and get more emails through spam filters.

This works for a while until your website is also associated with spam and they have to move on to another “clean” website that they can spamvertize and that will redirect to their own site.

Hi!

This brief tutorial will teach you how to peform a basic secure Firewall setup on any Linux based server (any type of server: dedicated server, VPS, etc...) with the iptables Firewall software.

At the end of this guide you will be able to establish basic guidelines in terms of Firewall security and you will be able to control access in and out of your server. This will help to minimize attack vectors and reduce the risk level of getting your server hacked.

I will be covering the IPv4 setup only! IPv6 is a little different and the same rules for IPv4 will absolutely not work with IPv6. In fact the IPv4 iptables rule set for IPv6 will break IPv6 inside your server entirely. This is kind of a personal experience from the past

Step One

Flush (delete) all current iptables rules with the two commands below:

Code:
iptables -F

iptables -X

Step Two

Setup the main iptables policies to block everything incoming/forwarded by default and allow outgoing traffic to the Internet by default with the commands below:

Code:
iptables -P FORWARD DROP

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

Incoming traffic is blocked by default unless allowed through additional rules.
Forward traffic is blocked by default unless allowed through additional rules.
Outgoing traffic is allowed by default unless blocked through additional rules.

Step Three

Allow incoming responses to outgoing Internet traffic on already established connections with the command below:

Code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

This is very important. It will allow to receive replies for connections that you initiated. For example you initiate a download via wget. If you don't set this rule up you won't be able to download anything because your server blocks the download of the file. Or initiating a PING will lead to not receiving replies from the host you pinged.

Don't miss this rule or any kind of communication with the Internet will totally break.

Step Four

Allow local traffic on the loopback network with the command below:

Code:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

With this rule you enable local traffic within the server (remember the default incoming policy is set to block unless allowed through additional rules). This rule is also important to have a working internal network on the VPS. It allows access to locally hosted services like MySQL on 127.0.0.1/localhost and etc.

Don't miss this rule either as it also is very important.

Step Five

Allow incoming traffic to services hosted on your server like SSH, webserver and etc (following command is an example for a server with SSH and a webserver only):

Code:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

Other services can be allowed through this same rules. Just adjust the port and protocol if needed.

Another example for FTP (TCP Port 21):

Code:
iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT

A example for DNS (UDP Port 53):

Code:
iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

You can also allow incoming traffic for certain IP addresses only with the command below (remember to adjust the IP, protocol and port for the corresponding service):

Code:
iptables -A INPUT -s 187.123.100.231 -p tcp --dport 3128 -m state --state NEW -j ACCEPT

This will allow connections to port 3128 TCP (SQUID PROXY) only for the IP address 187.123.100.231. Such restrictive rules are great to secure SSH for your own IP address (if you have a static IP address). So no on else other than you can connect to the service/server on that port.

You can also allow IP address ranges:

Code:
iptables -A INPUT -s 123.231.67.0/24 -p tcp --dport 22 -m state --state NEW -j ACCEPT

This rule would allow connections to SSH from the IP address range 123.231.67.1 to 123.231.67.254. This can be useful if you want to allow a specific IP ranges to access your server (if you have a dynamic IP address that is always in the same range). It is important to use the right netmask when working with subnets and ranges!

Step One

Flush (delete) all current iptables rules with the two commands below:

Code:
iptables -F

iptables -X

Step Two

Setup the main iptables policies to block everything incoming/forwarded by default and allow outgoing traffic to the Internet by default with the commands below:

Code:
iptables -P FORWARD DROP

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

Step Three

Allow incoming responses to outgoing Internet traffic on already established connections with the command below:

Code:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Step Four

Allow local traffic on the loopback network with the command below:

Code:
iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT

Step Five

Allow incoming traffic to services hosted on your server like SSH, webserver and etc (following command is an example for a server with SSH and a webserver only):

Code:
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT

iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

Other services can be allowed through this same rules. Just adjust the port and protocol if needed.

Another example for FTP (TCP Port 21):

Code:
iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT

A example for DNS (UDP Port 53):

Code:
iptables -A INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT

You can also allow incoming traffic for certain IP addresses only with the command below (remember to adjust the IP, protocol and port for the corresponding service):

Code:
iptables -A INPUT -s 187.123.100.231 -p tcp --dport 3128 -m state --state NEW -j ACCEPT

Code:
iptables -A INPUT -s 123.231.67.0/24 -p tcp --dport 22 -m state --state NEW -j ACCEPT

As iptables rules are not persistent across reboots you can simply paste all the rules into a shell script and let this script run at boot to apply the rules when you start or reboot the server.

Simply open a new empty file called "firewall.sh" with nano or another text editor. Paste all the commands into that file and save it. Apply the right permissions so it can be executed with chmod +x firewall.sh. Use crontab or /etc/rc.local to add the script to startup. If you don't know how to do it exactly feel free to ask and I will explain it in an additional post.

Alternatively you can install the package iptables-persistent. This will allow you to change iptables rules and they will survive across reboots. Always remember to save rules when changing them! Same applies for the method with the shell script. When you change rules or add new rules make sure you add them to the firewall.sh file and save it.

That's about it. You have setup the basic policies to block everything other than outgoing traffic. Then you have created rules to allow specific services to be accessed. You created rules to allow local traffic inside the server and also created a rule to allow automatic unblocking of replies to connections you have initiated.

You can use the same rules to extend your setup for future services and projects. Feel free to ask any questions.]]> <![CDATA[How to keep our VPS save from Chinese Botnets?]]> https://post4vps.com/Thread-How-to-keep-our-VPS-save-from-Chinese-Botnets Sun, 09 Sep 2018 07:13:04 +0000 mzmznasipadang]]> https://post4vps.com/Thread-How-to-keep-our-VPS-save-from-Chinese-Botnets <![CDATA[DDoS protection]]> https://post4vps.com/Thread-DDoS-protection Sat, 30 Jun 2018 01:52:35 +0000 chanalku91]]> https://post4vps.com/Thread-DDoS-protection I am running the Pocketmine-MP Program. In VPS1 as test I have installed A program called NIDS. Which has more functionality in Server security. And Test vulnerabilities on the server. Result I Did DDoS attack with UDP protocol! But nil for PORT is not opened by Pocketmine-MP. But DDoS runs Current In Port Yang opened by Pocketmine-MP. Here I think I will ask the world experts to get a reliable security.]]> I am running the Pocketmine-MP Program. In VPS1 as test I have installed A program called NIDS. Which has more functionality in Server security. And Test vulnerabilities on the server. Result I Did DDoS attack with UDP protocol! But nil for PORT is not opened by Pocketmine-MP. But DDoS runs Current In Port Yang opened by Pocketmine-MP. Here I think I will ask the world experts to get a reliable security.]]>