B4J Code Snippet (VPS)Servers in prod: Disable Port 22 when you don't need it

Cableguy · Nov 12, 2019

KMatle said:
Not a snippet, more a serious advice:

Just playing with my VPS-Server in prod and I mentioned tons of login tries from guys trying to get access to the root account.

My provider (IONOS, ex 1and1/1und1) offers a console where you can switch off ports by default (like a firewall before the server). So I switch off port 22 when I'm not accessing the server via SSH or FTP. Very comfortable and safe.

Of course there are other ways which then needs reconfoguration the server itsself (here you could damage your installation or lock yourself out).

Just curious, which cloudVPS dis you take?

KMatle · Nov 12, 2019

Cableguy said:
Just curious, which cloudVPS dis you take?

See here: https://www.ionos.fr/cloud-server-c...f-cloud-vps-fix-s-bundle&packageselection=vps

Just 1 (ONE) € a month. It's the smallest one just for a test. Installation of Apache & MySql is very easy. You get a SSL certificate for free, too.

Since 10 years I have another webhostig packet with unlimited space/DB's, etc. for 10€ (they don't offer it anymore for new customers). I use it for all of my backups.

Cableguy · Nov 12, 2019

I used to have a VPS M there, but never got to make the ssl certificate usable...
I also purchased a host name at that time… maybe I will get back to it...

KMatle · Nov 12, 2019

Cableguy said:
I used to have a VPS M there, but never got to make the ssl certificate usable...
I also purchased a host name at that time… maybe I will get back to it...

SSL was easy. Just download the private key and the cert file and copy it to the SSL folder in Apache. Browse the www for it. I can send you some more exactly description. You need to assign the webaddress to the ip of course.

MichalK73 · Nov 13, 2019

KMatle said:
My provider (IONOS, ex 1and1/1und1) offers a console where you can switch off ports by default (like a firewall before the server). So I switch off port 22 when I'm not accessing the server via SSH or FTP. Very comfortable and safe.

I change the ports of SSH and Mysql servers etc. I will not use the default ones. I use sftp instead of ftp. Zero attempts to enter these services. I would recommend.

Alexander Stolte · Nov 13, 2019

Change the SSH Port on Linux:

B4X:

nano /etc/ssh/sshd_config

Save it and:

B4X:

service ssh restart

tufanv · Nov 13, 2019

-Use fail2ban with high ban times like 24 hours after 5 tries.
-change default port of ssh
-change url of phpmyadmin -if there is one- ( very important , dont use server/phpmyadmin , auto bots can locate them and crute force)

the attacks you see are %99 generated by auto bots. changing the defaults and using fail2ban will make you %99.9 safe.

In my experience, ionos is the worst ever hosting service I have ever seen ( previously they were 1and1). I had some domains which I couldnt transfer because of their disgusting service and some months ago my cc was replaced byh the bank with a newer one and I forgot to update it, when one of my domains renewal past due date, they wanted me to pay the outstanding balance first ( which is very normal) but WTF ? they werent accepting credit card when one of the payments wasnt paid on time . They wanted me to pay via paypal. It took me 3 hours of phone call to explain them, In my coutnry paypal was not alloewed ( by the way outstanding balance was only $12), they told me to pay with wire transfer if I dont have a paypal account which costs around $30 for international transfers. I advise you tu use better vpn, no vpn service can beat Hetzner's cheapest vpn. Using for years, no downtime for the last 3 years and specs are :

for 2.49 Euro : 1vcpu,20gb disk,20tb traffic,2 ram
Ports are 1gbit and I have worked with many dedicated and vpn providers because of my services provided with load balancer including aws,sys(ovh brand),linode,digitalocean, hetzner is the number 1. just try it.

EnriqueGonzalez · Nov 13, 2019

i used to like ionos and always recommended them whenever i could but once one of my customers bought a server from them (recommend by me) and Ionos decided to ask for ID's and blocked the server. no more for them from me.

i am now using pebblehost.com
they have a vps 1.87 dollars per month with unmettered traffic with 500mpbs uplink, ionos gave 1gbps but 500mpbs is enough.

MarkusR · Nov 13, 2019

Just 1 (ONE) € a month. It's the smallest one just for a test.

tested it too, if you not open Firefox u can use it because it have only 512MB Ram

since some days my linux enviroment is broken, it started with 100% cpu warnings and now i can not log in
and have no extra backup service used. i hate linux, it get so fast out of control and you need hours to fix something.
windows is so much better to handle.

KMatle · Nov 24, 2019

Here's a nice video about hardening a centos server:

B4J Code Snippet (VPS)Servers in prod: Disable Port 22 when you don't need it

Cableguy

Expert

KMatle

Expert

Cableguy

Expert

KMatle

Expert

MichalK73

Well-Known Member

Alexander Stolte

Expert

tufanv

Expert

EnriqueGonzalez

Well-Known Member

MarkusR

Well-Known Member

KMatle

Expert

Similar Threads