The Perfect Server - Debian

When it comes to Web hosts, though, a large number use Red Hat or CentOS with cPanel, with which is optimized for them. Some hosts give you an OS choice (1and1 being one example), while DreamHost has focused strictly on Debian.
 
As you've been so helpful on my quest for the perfect server, and I think I'm at a stage where I've got a reasonable grasp of what I'm doing. I'm on to my next headache. IPTables.

I've done some research on this but its just all gobbledegook, even the simple guides. I really don't know where to start with this one. I'm wanting to only allow traffic on port 80 which is the web server and obviously me connecting the SFTP along with allowing outbound mail that's being relayed onto google etc. I'm also wanting to protect against common forms of attacks, which I'm not even sure what they would be.
 
Gene Steinberg said:
When it comes to IPTables, is this for a server firewall? If you don't know what to do, don't do it. See if the host offers a firewall.

There is this free one (donation requested by publisher) that is often used on cPanel servers with success:

http://www.configserver.com/cp/csf.html
Click to expand...

Yea its for my server firewall
I used to use csf when I had a cpanel server, I'm trying to get more hands on with my servers after suggestions in this very thread. Which seems to be working for me, I'm a lot more confident in what I'm doing and having to learn why and how something is done rather than just clicking a button in a browser.
 
Well in that case, good luck. But take careful note of what you're doing. You don't want to lock yourself out; that happened to me on a couple of servers due to some weird config stuff on the part of a certain host that will go unmentioned here.
 
akia said:
As you've been so helpful on my quest for the perfect server, and I think I'm at a stage where I've got a reasonable grasp of what I'm doing. I'm on to my next headache. IPTables.

I've done some research on this but its just all gobbledegook, even the simple guides. I really don't know where to start with this one. I'm wanting to only allow traffic on port 80 which is the web server and obviously me connecting the SFTP along with allowing outbound mail that's being relayed onto google etc. I'm also wanting to protect against common forms of attacks, which I'm not even sure what they would be.
Click to expand...
Install Shorewall, it is a wrapper script around IPTables and takes all the hassle away.
 
Deebs said:
Install Shorewall, it is a wrapper script around IPTables and takes all the hassle away.
Click to expand...

+1 to this - I use Shorewall via Webmin (an alternative to Cpanel) which makes it easier to manage/block IP ranges and addresses. In particular I've added the Baidu IP ranges (their aggressive spidering doesn't seem to bring me any traffic benefit) and anyone who pokes around at SSH or FTP for more than a couple of tries gets their IP checked and added to my Shorewall blacklist (mainly IPs in China).
 
Adam Howard said:
This I can help you with easily

I'm again going to assume your starting out with Debian Minimum Install. I'm also going to assume you're using either a dedicated or vps server, with root access.
Click to expand...

Wow, thanks for posing this guide! reading through your posts really clear up some of my own questions. This should really be stickied as a guide for server admin newbies like me.
 
You must log in or register to reply here.

Similar threads

ShikiSuen
XF 2.2 Sign your localhost dev server to make it https-capable.
Replies
1
Views
1K
ShikiSuen
ShikiSuen
TPerry
centOS, PHP mail function & xenForo
Replies
9
Views
2K
TPerry
TPerry
Top Bottom