Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > VPS Security - CSF + SSH Key


VPS Security - CSF + SSH Key




Posted by harvinder, 09-19-2013, 05:26 AM
Hi I bought a VPS package from PrismaVPS a week ago and so far all is fine. I noticed in the cPHulk logs a regular try from several places to access SSH, so I was slightly worried about breaches. Breck from PrismaVPS is great, his help is spot on and on time. With his confirmation and this forum/online search I managed to secure my box a little better now: - Installed SSL certificate for cPanel/WHM/Webmail - I now have CSF installed and its working, blocking the IP addresses of invalid SSH access. - I have also increased my security by adding SSH key access to UNIX and disabled password logins all together. SO I am feeling a lot more safe now, the only thing is bugging me a little now is the web interface logins such as cPanel/WHM/Webmail etc. wonder if I can make these things any more secure. Any suggestions guys?
Posted by Patrick, 09-19-2013, 09:08 AM
Setup a deny by default rule with iptables. Basically, deny all traffic to the cPanel ports except for authorized IP addresses.
Posted by net, 09-19-2013, 09:21 AM
This is what I recommend too if this is for your personal usage only.
Posted by psalm91, 09-19-2013, 09:38 AM
there must be an option in whm to do that. NO? also the security question is there to help . NO?
Posted by CodyRo, 09-19-2013, 05:50 PM
If you're using CSF and the cPanel plugin you can go through that and setup the default open ports (rest would be dropped by default). I do recommend people learn iptables (even basic usage) as it's truly useful.
Posted by Lost Eagle, 09-20-2013, 01:06 AM
Enable brute force protection in whm. And use a small number of tries like 5
Posted by Kailash12, 09-20-2013, 01:40 AM
If you are using this VPS for personal use, restrict cPanel, WHM, webmail and even SSH port to your IP address only. You can also block cPanel, WHM, Webmail port from CSF firewall and allow those port whenever you need them.
Posted by harvinder, 09-20-2013, 04:43 AM
Thanks for the suggesstions. I would not be able to restrict cPanel/Webmail because I will be getting some 'known' people on this server running their cPanel accounts individually as well. However I am the only one using WHM, so possibly do something about that, but not sure whether restricting access only to WHM would be possible as I currently have root user setup in it.
Posted by Zimple, 09-20-2013, 05:06 AM
Change the default SSH port as well.
Posted by andr0meda, 09-20-2013, 05:17 AM
Just enable the brute force attack and you are safe. The cPanel brute force does a great job.
Posted by harvinder, 09-20-2013, 05:20 AM
Yup, thanks for the suggestions, most appreciated! - I will change the SSH ports today - Already got the cPanel Brute Force running, thats where I found the login attempts in the logs in the first place CSF now controls it much better, which I also have enabled including mod_security. Is there a way or is it recommended to change cPanel/WHM/Webmail ports?
Posted by Lost Eagle, 09-20-2013, 05:48 AM
No need however, its in the the cpanel config file. Note, before changing, update the same in csf configs. Dont lock yourself :-)
Posted by harvinder, 09-20-2013, 05:52 AM
Seems like cPHulk/Brute Force protection is able to take care fo the existing ports for cPanel/WHM/Webmail etc so I guess I won't bothor, it was just a thought and by your reply and looking online it seems to be not that required. Action for today: - SSH port to be changed - I think it would be best to change my username instead of using root if possible, to easy to guess Thanks for the help guys!
Posted by renthemighty, 09-20-2013, 06:09 AM
You can Enable login failure detection using following parameters in csf.conf file. Enable login failure detection of ftp connections LF_FTPD = "10" Enable login failure detection of cpanel, webmail and whm connections LF_CPANEL = "5" Enable login failure detection of webmin connections LF_WEBMIN = "5" Enable login failure detection of SMTP AUTH connections LF_SMTPAUTH = "10" Enable login failure detection of pop3 connections LF_POP3D = "10" Enable login failure detection of imap connections LF_IMAPD = "10" Do not forget to whitelist your IP


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
missing php (Views: 642)
Reseller Hosting with HostForWeb.Com? (Views: 701)
IP Address Question (Views: 727)
[PowerVPS] Network Down (Views: 764)
Issue with joomla stories folder (Views: 750)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.