Hosting protecting

Started by shanewatson11, Dec 06, 2022, 12:57 AM

Previous topic - Next topic

shanewatson11Topic starter

There is a regular hosting, and recently a lot of viruses have been sneaking in there. After the global purge, the question arose how to protect the hosting so that I don't waste my working time on it again.
The rights seem to be all right.


First of all, what do you mean by viruses?
Have you been hooked on rootkit?  Or has someone stuffed a backdoor into the miracle php scripts?
In general, there are only 3 mass methods of penetration:

a) Vulnerability in server software. (sensational heartbleed, vulnerability in bash and much more)
When using cheap shared/vps hosting - you can only hope that the hoster will update everything.
The solution is to rent a dedicated server and upgrade yourself.
By the way, it is inexpensive, normal servers in hetzner start from 70 euros per month.

b) Vulnerability in logins/passwords.
Ideally, use authorization only by certificates.

c) The most frequent - crooked scripts. In mass cms, there is an unreal amount of shit code and holes generated by it.


In practice, according to leaky scripts, systematic scanning for infection with sending soap to the administrator helps well, if something was found:
General scanning of engine directories - maldet/clamav
Quick scan of the entire server for known dependencies and rootkits - rkhunter
Scanning a specific engine - AI-Bolit
Protection from scanning by bots, from a simple ban on ua, for a script, to psad settings.
Continuous analysis to prevent intrusions - Snort

Well, keep your SMS up-to-date along with plugins. In general, good server security is the joint competent work of a system administrator, a programmer and a security guard, but the price is also appropriate, in other cases, we scan, clean, update (close the holes found) and so on in a circle.