View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions How to secure my ubuntu to prevent malicious attacks
Log in to Ask a Question

How to secure my ubuntu to prevent malicious attacks

networking

Hi,

This is my second time that I'm reinstalling my server because of malicous attacks :D

So please can you give me tips on how to secure my linode.

I'll be using ubuntu 12.04 LTS.

Thank you

7 Replies

First lock down ssh

make sure root is unable to log in

set up public keys and turn off password log ins this is where I would start

@dyyyy:

Hi,

This is my second time that I'm reinstalling my server because of malicous attacks :D

So please can you give me tips on how to secure my linode.

I'll be using ubuntu 12.04 LTS.

Thank you

How did they get in? How do you know that you were attacked?

Yes I'd be interested to know how you know too?

-Don't use password authentication for SSH.

-Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day.

-If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues.

@A-KO:

-Don't use password authentication for SSH.

-Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day.

-If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues.

I run updates everyday and also I have a IDS (ossec) system running that emails me any issues in real time.

Just to add to your post

Assuming your problem is SSH-related:

http://www.wolfpaw.co.uk/2012/03/securing-a-linux-vps/

@kyrunner:

@A-KO:

-Don't use password authentication for SSH.

-Keep updated. If possible, get on mailing lists for applications you use (Apache, PHP). Follow various vulnerability databases. If you are unable to do this, run an update script every day.

-If you use a webserver there are many things to do to lock it down. Use something like the PHP Suhosin patch to limit the functions that can be used together. Lock down the combination of eval() and base64_decode() in a function in PHP. This will help guard against a LOT of issues.

I run updates everyday and also I have a IDS (ossec) system running that emails me any issues in real time.

Just to add to your post

How does that work out for you? I tried running snort as IDS as well as a port monitor, and ended up flooded with a ton of stuff. I don't have the knowledge to really set up a good ids setup and then to set up something else to monitor, so if I could get something like a daily logwatch email that tells me what I need, it'd be nice.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct