Just ordered a VPS from OVH

Doctor 404

Developing is Cool
Joined
Apr 9, 2014
Messages
91
I just ordered a VPS from OVH and got some stuff setup.

The problem i have is that even though i managed to do this stuff by myself (Setup the gameservers, mysql and voiceservers) i think im missing stuff that i must certainly not know (Im not very tech savvy about linux based systems).

The Firewall im using atm is UFW (Due to massive attacks on the community, not that i got attacked, but i will get attacked once my GameServer is up and running, kids like to play with fire... you know.). So i was wondering, what are the best ways to setup an Ubuntu Server, something like: Security Measures you take, things to have in mind, suggestions on how to protect it, etc. I been reading a bit but learned almost nothing, tested with a fairly large Botnet and asked a friend to attack it with a Stresser.

The botnet didn't even touched the server (I still have to tweak the mitigation as it locks everybody out of the server) and the Stresser lagged the heck out of my Service.

Any ideas on how to prevent or atleast mitigate this?

Thanks in advance!
 

Deathstarr

Forum Owner
Joined
Mar 15, 2011
Messages
351
CFS - Config Firewall is a good one
Mod_Security

and just use good passwords and change regularly.
 

Doctor 404

Developing is Cool
Joined
Apr 9, 2014
Messages
91
CFS - Config Firewall is a good one
Mod_Security

and just use good passwords and change regularly.
Is the Mod_Security a Must have for the VPS itself security? I remember it from Apache but i won't be using Apache on my VPS (Already own an Unlimited plan on 1and1 for a year :p). About the firewall, i'll take a look and see what i can find, thanks!
 

Tracy Perry

Opinionated asshat
Joined
May 25, 2013
Messages
4,991
IThe botnet didn't even touched the server (I still have to tweak the mitigation as it locks everybody out of the server) and the Stresser lagged the heck out of my Service.

Any ideas on how to prevent or atleast mitigate this?
More hardware. It's going to be easy to overload a VPS on OVH. They (as do most low budget hosts) have a habit of overselling them. You would probably have been better served by one of the smaller SYS dedicated servers instead of a VPS (granted, they are noticeably more expensive). So you can't expect big iron performance out of a small VPS.

I use CFS personally - and dont' touch mod-security (same as I don't touch Apache in any shape/form/fashion) and stay away from the panels if you want to maximize your performance.
Disable root logins via SSH and configure your account in sudo. You can also mask your SSH IP by assigning to another port than 22 (but it can be found, it just makes it harder for those simple script kiddies that hit the standard port).
 

Doctor 404

Developing is Cool
Joined
Apr 9, 2014
Messages
91
More hardware. It's going to be easy to overload a VPS on OVH. They (as do most low budget hosts) have a habit of overselling them. You would probably have been better served by one of the smaller SYS dedicated servers instead of a VPS (granted, they are noticeably more expensive). So you can't expect big iron performance out of a small VPS.

I use CFS personally - and dont' touch mod-security (same as I don't touch Apache in any shape/form/fashion) and stay away from the panels if you want to maximize your performance.
Disable root logins via SSH and configure your account in sudo. You can also mask your SSH IP by assigning to another port than 22 (but it can be found, it just makes it harder for those simple script kiddies that hit the standard port).
Will look at that, but so far seems like i'll be switching from UFW to CSF.
 

ozzy47

Tazmanian Veteran
Joined
Oct 18, 2013
Messages
9,007
CSF is awesome, I have used it on all the servers I have had over the past few years, and it does its job wonderfully. :)
 

Doctor 404

Developing is Cool
Joined
Apr 9, 2014
Messages
91
CSF is awesome, I have used it on all the servers I have had over the past few years, and it does its job wonderfully. :)
Yeah, i just found an article in the DigitalOcean site that explains some features and seems promising, kinda overwhelmed by the config in case i mess up (Since i have almost no experience with Ubuntu - Linux based systems). There's always a first time for everything i guess haha
 

Tracy Perry

Opinionated asshat
Joined
May 25, 2013
Messages
4,991
Yeah, i just found an article in the DigitalOcean site that explains some features and seems promising, kinda overwhelmed by the config in case i mess up (Since i have almost no experience with Ubuntu - Linux based systems). There's always a first time for everything i guess haha
First thing to make sure of.. you have your home IP in the csf.allow list (it should put it there automatically).
 

Tracy Perry

Opinionated asshat
Joined
May 25, 2013
Messages
4,991
Personally - I'd probably go with CentOS (was a big Debian fan but use CentOS strictly now) and install CentMin Mod by eva2000 .
 

Kevin

Oooh, something shiny!
Joined
Jul 13, 2004
Messages
3,440
First thing to make sure of.. you have your home IP in the csf.allow list (it should put it there automatically).
Definitely, because the first time you block yourself out it can be... interesting. :whistle:
 

Tracy Perry

Opinionated asshat
Joined
May 25, 2013
Messages
4,991
Definitely, because the first time you block yourself out it can be... interesting. :whistle:
To put it mildy. Luckily my first experience was when I was running my own ProxMox server and it was done in a VPS - which I had a console access from the ProxMox screen that bypassed it and allowed direct access (KVM basically).
 
Top