B4J Code Snippet (VPS)Servers in prod: Disable Port 22 when you don't need it

Discussion in 'B4J Code Snippets' started by KMatle, Nov 12, 2019.

  1. KMatle

    KMatle Expert Licensed User

    Not a snippet, more a serious advice:

    Just playing with my VPS-Server in prod and I mentioned tons of login tries from guys trying to get access to the root account.

    My provider (IONOS, ex 1and1/1und1) offers a console where you can switch off ports by default (like a firewall before the server). So I switch off port 22 when I'm not accessing the server via SSH or FTP. Very comfortable and safe.

    Of course there are other ways which then needs reconfoguration the server itsself (here you could damage your installation or lock yourself out).
    Cableguy likes this.
  2. Cableguy

    Cableguy Expert Licensed User

    Just curious, which cloudVPS dis you take?
  3. KMatle

    KMatle Expert Licensed User

    See here: https://www.ionos.fr/cloud-server-c...f-cloud-vps-fix-s-bundle&packageselection=vps

    Just 1 (ONE) € a month. It's the smallest one just for a test. Installation of Apache & MySql is very easy. You get a SSL certificate for free, too.

    Since 10 years I have another webhostig packet with unlimited space/DB's, etc. for 10€ (they don't offer it anymore for new customers). I use it for all of my backups.

  4. Cableguy

    Cableguy Expert Licensed User

    I used to have a VPS M there, but never got to make the ssl certificate usable...
    I also purchased a host name at that time… maybe I will get back to it...
  5. KMatle

    KMatle Expert Licensed User

    SSL was easy. Just download the private key and the cert file and copy it to the SSL folder in Apache. Browse the www for it. I can send you some more exactly description. You need to assign the webaddress to the ip of course.
  6. MichalK73

    MichalK73 Active Member Licensed User

    I change the ports of SSH and Mysql servers etc. I will not use the default ones. I use sftp instead of ftp. Zero attempts to enter these services. I would recommend.
    LucaMs, udg and KMatle like this.
  7. Alexander Stolte

    Alexander Stolte Well-Known Member Licensed User

    Change the SSH Port on Linux:
    nano /etc/ssh/sshd_config
    Save it and:
    service ssh restart
    DonManfred likes this.
  8. tufanv

    tufanv Expert Licensed User

    -Use fail2ban with high ban times like 24 hours after 5 tries.
    -change default port of ssh
    -change url of phpmyadmin -if there is one- ( very important , dont use server/phpmyadmin , auto bots can locate them and crute force)

    the attacks you see are %99 generated by auto bots. changing the defaults and using fail2ban will make you %99.9 safe.

    In my experience, ionos is the worst ever hosting service I have ever seen ( previously they were 1and1). I had some domains which I couldnt transfer because of their disgusting service and some months ago my cc was replaced byh the bank with a newer one and I forgot to update it, when one of my domains renewal past due date, they wanted me to pay the outstanding balance first ( which is very normal) but WTF ? they werent accepting credit card when one of the payments wasnt paid on time . They wanted me to pay via paypal. It took me 3 hours of phone call to explain them, In my coutnry paypal was not alloewed ( by the way outstanding balance was only $12), they told me to pay with wire transfer if I dont have a paypal account which costs around $30 for international transfers. I advise you tu use better vpn, no vpn service can beat Hetzner's cheapest vpn. Using for years, no downtime for the last 3 years and specs are :

    for 2.49 Euro : 1vcpu,20gb disk,20tb traffic,2 ram
    Ports are 1gbit and I have worked with many dedicated and vpn providers because of my services provided with load balancer including aws,sys(ovh brand),linode,digitalocean, hetzner is the number 1. just try it.
    Last edited: Nov 13, 2019
  9. Enrique Gonzalez R

    Enrique Gonzalez R Well-Known Member Licensed User

    i used to like ionos and always recommended them whenever i could but once one of my customers bought a server from them (recommend by me) and Ionos decided to ask for ID's and blocked the server. no more for them from me.

    i am now using pebblehost.com
    they have a vps 1.87 dollars per month with unmettered traffic with 500mpbs uplink, ionos gave 1gbps but 500mpbs is enough.
  10. MarkusR

    MarkusR Well-Known Member Licensed User

    tested it too, if you not open Firefox u can use it because it have only 512MB Ram :)
    since some days my linux enviroment is broken, it started with 100% cpu warnings and now i can not log in
    and have no extra backup service used. i hate linux, it get so fast out of control and you need hours to fix something.
    windows is so much better to handle.
  11. KMatle

    KMatle Expert Licensed User

    Here's a nice video about hardening a centos server:
    udg and Alexander Stolte like this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice