1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

After signing up for KVM VPS, what info do they give you?

Discussion in 'Server Configuration and Hosting' started by andrew3d, Jul 10, 2013.

  1. andrew3d

    andrew3d Member

    After you pay your money, they email your information to you. What does
    this email tell you? If you are rusty with linux, and have never installed MYSQL or PHP before, is there
    any guidance on steps to take, tutorials to access for how to do these things? Any guidance on teaching
    you the order to install things, etc? I presume with a KVM, you can select your own versions for MYSQL, PHP, etc, and pretty much decide yourself how you want your system to be set up. Not a lot different than a model railroad enthusiast who enjoys the creative challenge of building something new. ;)

    I know someone will ask why do you need VPS and while I do not need such a package to run my forum, the idea of tinkering and learning new skills appeals to me. I want to know what kind of
    resources are available to insure a reasonable hope of success. :)
    Thanks.
     
  2. Tracy Perry

    Tracy Perry Well-Known Member

    Depends a lot on what OS you installed. @Adam Howard has a nice little tutorial for Debian at http://xenforo.com/community/resources/debian-server-setup.952/.
    You are also going to need to know how to edit your iptables and secure your system. For SSH I would suggest using ssh keys. If you have installed Debian I would also STRONGLY suggest installing fail2ban.
    A KVM (which is what I have with RamNode - before I got my 3 dedicated servers) is basically a container that runs a full OS install.
    It's just like setting up a computer at home.
    You sound like me on the "don't need it - but want it" theory. I have one forum running on a dedicated server that has all of 1 active user (me), another on a separate dedicated server that currently has 4 active members. The VPS would have worked, but I was able to get dedicated servers for a base of $55 each - so I jumped on them.
     
    Last edited: Jul 10, 2013
    Adam Howard likes this.
  3. Adam Howard

    Adam Howard Well-Known Member

    I would recommend you install Fail2Ban on any install... Debian, Ubuntu, CentOS, or other.
     
  4. Tracy Perry

    Tracy Perry Well-Known Member

    For iptables, here is what I use
    Code:
    # Generated by iptables-save v1.4.14 on Tue Jun  4 18:31:40 2013
    *filter
    :INPUT DROP [12:2679]
    :FORWARD DROP [0:0]
    :OUTPUT ACCEPT [158:20328]
    -A INPUT -d 199.48.164.159/32
    -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 4 -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 21 -j DROP
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i eth0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
    -A INPUT -i eth0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
    -A INPUT -i eth0 -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
    -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -i eth0 -p udp -m udp --dport 443 -j ACCEPT
    -A INPUT -i eth0 -p udp -m udp --dport 520 -j REJECT --reject-with icmp-port-unreachable
    -A INPUT -i lo -j ACCEPT
    -A FORWARD -o lo -j ACCEPT
    -A INPUT -s 193.32.20.88/32 -j DROP
    -A INPUT -s 62.75.220.25/32 -j DROP
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -s 199.48.164.159/32
    -A OUTPUT -o lo -j ACCEPT
    COMMIT
    # Completed on Tue Jun  4 18:31:40 2013
    The -A INPUT -s 193.32.20.88/32 -j DROP and -A INPUT -s 62.75.220.25/32 -j DROP drop two IP's that have been constantly bombarding me on SSH. The -A INPUT -d 199.48.164.159/32 and -A OUTPUT -s 199.48.164.159/32 are for monitoring via Munin, and you would either change those to your VPS IP if you are going to use the Munin module to monitor your ETH0 traffic or just remove them. You would save the code as a text file on your VPS and then use iptables-restore < saved_text_file (where saved_text_file is whatever ou named it - I use rules.v4). I would also install (if you choose Debian) iptables-persistent as it will keep your iptables settings across server reboots without any extra intervention on your part. If you install it, be sure to issue a /etc/init.d/fail2ban stop before you install it as it will want to write your current iptables to a file it can read from upon reboot and you don't want the fail2ban stuff in there.
     
  5. Adam Howard

    Adam Howard Well-Known Member

    A little toy for advance users to help fight spam bots
    You're welcome :)


    Command: crontab -e

    0 12 * * * /home/spam.sh >/dev/null 2>&1

    PHP:
    #!/bin/bash

    IPT=/sbin/iptables”

    FILE
    =/tmp/drop.lasso”

    URL
    =”http://www.spamhaus.org/drop/drop.lasso”

    echo “”

    echo -n “Deleting DROP list from existing firewall…”

    #This will delete all dropped ips from firewall

    ipdel=$(cat $FILE  egrep -v ‘^;’ awk ‘{ print $1})

    for 
    ipblock in $ipdel

    do

    $IPT -D spamhaus-droplist -s $ipblock -j DROP

    $IPT 
    -D droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”

    done

    echo -n “Applying DROP list to existing firewall…”

    #This will drop all ips from spamhaus list.

    [ -f $FILE ] && /bin/rm -f $FILE || :

    cd /tmp

    wget $URL

    blocks
    =$(cat $FILE  egrep -v ‘^;’ awk ‘{ print $1})

    $IPT -N spamhaus-droplist

    for ipblock in $blocks

    do

    $IPT -A droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”

    $IPT 
    -A droplist -s $ipblock -j DROP

    done

    $IPT 
    -I INPUT -j droplist

    $IPT 
    -I OUTPUT -j droplist

    $IPT 
    -I FORWARD -j droplist

    echo “…Done”

     
  6. Tracy Perry

    Tracy Perry Well-Known Member

    Nice... but I'm not crazy about dropping IP's like that as if they get a DHCP address from their ISP - and it was one used by someone else that got smacked by malware then that IP could be in the list and you could be blocking a valid user - right? For the spam stuff I just use @tenants add-ons - which seem to work very well.
     
    SneakyDave likes this.
  7. Adam Howard

    Adam Howard Well-Known Member

    If you check that closely, you notice that it adds and removes old IP's.

    Tenants add-on depends on Project Honey Pot, who keeps their IP's on record a lot longer than that scripts.

    So the fear that you fear, happens a lot easier with that add-on vs my script.
     
  8. Tracy Perry

    Tracy Perry Well-Known Member

    On this part, it should provide you a logon into their panel (SolusVM or whatever they use) that will allow you to pick a flavor of OS to install, set your reverse DNS, and other features. Usually when you signed up, you either picked the OS you wanted installed at that time or you will log into your panel and pick the OS you want. Usually after the installation is done you will get an email with SSH logon credentials.
     
  9. Tracy Perry

    Tracy Perry Well-Known Member

    Yeah, but at least they have the ability to use the "Contact Us" if they are a valid user... whereas if they are just dropped they never even get to that point.
    And I believe in AnyApi you can define the number of days in the response to use.
    Code:
    {$response[1]} < 21 // last seen less than 21 days ago
     
    SneakyDave likes this.
  10. Adam Howard

    Adam Howard Well-Known Member

    You're under the assumption that people will use the "contact us". The few times in which I reach such an error.... I move on.

    In fact, thinking about it, the few people who have used the "contact us", ended up being spammers.

    Few ISP's (Internet Service Providers) allow you to change your IP Address in fewer than 12 hours. Which my script accounts for.

    If X IP is blocked, its blocked for the needed length. By the time Y innocent user has that same IP, they're in the clear.
     
  11. Tracy Perry

    Tracy Perry Well-Known Member

    I must be on a lucky one then.. I can drop my DHCP address via my router, wait a few minutes and request an address and get something totally different.
    It's just a different philosophy on how to block. I'm just not a fan of doing global drops on something as simple as that. I use it more for those that keep trying to hack into the system. :cautious:
     
    SneakyDave likes this.
  12. Adam Howard

    Adam Howard Well-Known Member

    Don't get me wrong... There are those who can change their IP address often or who's ISP changes it often.

    I use a VPN provider because my IP address changes so often, that I've got a good chance of actually ending up with a blocked IP address. Or at the very least, it make most administrator / web master a little nervous to see my IP change every 30 - 60 minutes. So its just easier for me to use a VPN.

    spamhaus.org doesn't just add anyone. You have to be on several black list and bring up a lot of red flags, before they add someone onto it. So its a safer bet that the IP being blocked, isn't being passed onto a normal users.

    But yes, the few people who have used the "contact us" to tell us that they were wrongfully blocked... Ended up being spammers anyways. And I assume most people, like myself, when reaching such a notice from an add-on... Don't even bother and just move on.
     
  13. tenants

    tenants Well-Known Member

    @Adam Howard Actually, none of them depend on Project Honey Pot, one of the free anti-spam addons can use it, but it can be set up to use Any API(up to 10 APIs configurable by you: AnyApi), but if you use StopForumSpam + StopBotters, there is very little additional APIs do for you.

    Using AnyApi, it is YOU the forum owner who configures how to use it and how long they should be "kept on the record". By default it is set up so you can just tick boxes to turn each APIs on, project honey pot is set up with the following options:

    • {$response[0]} = 127 // all Http:BL start with 127 for the 1st octet
    • {$response[1]} < 21 // last seen less than 21 days ago
    • {$response[2]} > 20 // must have a threat score of over 20
    But this is configurable (and I would avoid using too many APIs together)

    The more API's you use, the more false positives you are likely to run in to, the longer it takes for the requests, and API's never stop 100% (of even bots)

    I have always avoided layering APIs, this is bad (and not what my anti-spam add-ons do), in fact, I personaly would never use more than just StopBotters + StopForumSpam in a real environment (since there are many ways at stopping bots/spam without ever stopping humans, the APIs are only ever used as a secondary / tertiary mechanism, I am not a fan of using multiple APIs, I have stated this many times)

    However, FoolBotHoneyPot does stop 100% of bots elegantly without even being noticed by humans, and using one good API (just StopHumanSpam) on top of this acts as a good secondary measure (and stops quite a few Human spammers too).

    But APIs will always pick up some false positives (although, StopBotters has not had one false positive reported and has stopped more than 5 Million bots in the last few months, I run this), additional APIs will never stop 100% of bots. The more APIs you use in conjunction, the more false positives you are likely to find, but this rarely increase the number of bots/spam you detect by very much. If the bots/spammers are not detect by StopForumSpam / StopBotters they rarely get picked up by anything else.

    For instance.. .I'm waving my hands at figures (and may develop FPHP to produce stats at some point, but I don't need to right now)

    StopBotters: Stops ~98% of bots + ~0 % false positives
    Now, for every 100 bots attempts per day, 2 get passed StopSotters (obviously they never get passed FBHP), but for every 100 humans, 0 humans get falsely rejected..

    StopForumSpam + StopBotters: Stops 98.2% bots + 0.1% false positives (guestimates)
    StopForumSpam + 5 others: Stops 98.3% bots + 3% false positives (some API are horrendous at detecting false positives, but I wont name and shame)

    Now, for every 100 bots attempts per day, 2 get through, but for every 100 humans 3 get falsely rejected..

    Layering APIs is not as useful as you might think. Layers of APIs just slows things down without having much impact on spam.. it has more impact on false negatives
    If a user hasn't been caught by StopHumanSpam+StopBotters, they are unlikely to be caught by the next 10 APIs you use

    AnyApi was given out, since user like choice, and some users like to use FBHP with Project Honey Pot (this API would not be my choice). For my strict honeypot environment (just for spam), I've been using them all in conjuction to see which APIs are "better" at being used together, but I've found using the following in conjunction:
    • StopForumSpam
    • StopBotters
    • FSpamlist
    • Bot Scout
    • Spam Busted
    • Project Honey Pot Http:BL
    has no significant additional impact than just using StopForumSpam + StopBotters (but may produce significantly more false positives)
     
    Last edited: Jul 10, 2013
    SneakyDave, Adam Howard and Walter like this.

Share This Page