server security question

[Luis Manson]

Hello, i have a mad user threating me with hacking the server with DoS, sql injection and all the mambo jumbo... im not THAT scared, but i think its time to take security seriously, would you share what you have on your server to protect against all this?

im using mostly iptables and limit services connection to certain addresses

thanks!

[Makoto]

He's likely a skiddy who at best would try and LOIC you from his home network.

I wouldn't take the threat seriously, honestly. Google can show you some ways to defend and deter DoS attacks if you're worried though.

[Dmacleo]

iirc you're running varnish right?
supposed to help and the attackers get served from cache.

blocked a lot of crap automatically using CSF myself.

[TracyIsland]

Gary installed Fail2Ban and Rootkit Hunter for me and I feel safer.

[Grumpy]

If you know who... u can report to the police. lol
pwn in real life is always more effective. ^^

--------------
With truly heavy ddos, there's frankly little you can do to combat it than throw lots of money at it. And I mean LOTS...
With dos, often just IP ban is sufficient. You can even ask your hosting provider to have that IP banned at network level.
With sql injection, you can cross your fingers that IPB did the job.
With xss attacks, you can cross your fingers that IPB did the job.
With random unwanted connections, you can use iptables for a strict settings and/or opt for something more well controlled like configserverfirewall (CSF).
With worries that you may already be at a problem, things like fail2ban, rootkit hunter, etc may be useful.
With system settings... well... hire a sysadmin. Not exactly a one liner.

[Luis Manson]

He's likely a skiddy who at best would try and LOIC you from his home network.

I wouldn't take the threat seriously, honestly. Google can show you some ways to defend and deter DoS attacks if you're worried though.

The problem with that is that even if he is just playing with me i cant know for sure

It was not easy to google LOIC, i tought it was something space related with that name and ignored the search results LOL

iirc you're running varnish right?

supposed to help and the attackers get served from cache.

blocked a lot of crap automatically using CSF myself.

Yes, i have varnish :) sadly it cant limit requests :(

CSF: http://configserver.com/cp/csf.html ?

Gary installed Fail2Ban and Rootkit Hunter for me and I feel safer.

i have them :)

If you know who... u can report to the police. lol

pwn in real life is always more effective. ^^

--------------

With truly heavy ddos, there's frankly little you can do to combat it than throw lots of money at it. And I mean LOTS...

With dos, often just IP ban is sufficient. You can even ask your hosting provider to have that IP banned at network level.

With sql injection, you can cross your fingers that IPB did the job.

With xss attacks, you can cross your fingers that IPB did the job.

With random unwanted connections, you can use iptables for a strict settings and/or opt for something more well controlled like configserverfirewall (CSF).

With worries that you may already be at a problem, things like fail2ban, rootkit hunter, etc may be useful.

With system settings... well... hire a sysadmin. Not exactly a one liner.

Report to the police here? it would be easier to get his address and send some nice guys


i will give CSF a try!

[Dmacleo]

Yes, i have varnish :smile: sadly it cant limit requests :sad:

CSF:

http://configserver.com/cp/csf.html

?

no but while its serving from cache you will have the resources available to ban ip.
been bunch of stories (and I cannot say if valid or not) about that.
yes that is csf link, some like it some don't.
some openvzw vps DO have issues