Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section General Discussion
  • Search

how to secure VPS

General questions about VestaCP
Post Reply
  • Print view
Advanced search
8 posts • Page 1 of 1
Huanana
Posts: 5
Joined: Sat Mar 27, 2021 6:41 pm

Os: Ubuntu 17x
Web: apache + nginx
how to secure VPS
  • Quote

Post by Huanana » Sat Mar 27, 2021 7:30 pm

HI guys,
I have a VPS with Ubuntu 18 and Vesta panel running on it. I'm a newbie so can you please help me?
And the goal was to secure my VPS and here is what I wanted to do:

Disable IPv6
via editing grub parameters in /etc/default/grub
I don't use IPv6 so as my VPS hoster so can this configuration affect any service on VPS ?

Put ssh to nonstandard port

Add basic http authentication to phpmyadmin
Add to apache2 config file /etc/phpmyadmin/apache.conf these lines

Code: Select all

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/share/phpmyadmin/passwd
Require valid-user
And it works fine.

Add basic http authentication to Vesta
I added to /usr/local/vesta/nginx/conf/nginx.conf file these lines

Code: Select all

 auth_basic "Restricted";
 auth_basic_user_file /etc/nginx/.htpasswd;
expires max;
index index.php;
}
and created htpasswd.
From authentication perspective it works fine but Vesta and other sites are working extremely slow. And I can't find anything specific in logs.
For example with this configuration I need 30 seconds to move from USER menu to WEB menu inside Vesta.
When I'm disabling it all sites work as they should.
Any ideas how to implement http auth but not broke other sites and Vesta's performance?

Next to in I'd like to secure MySQL
by adding password to root%localhost and interface configuration. Instead of using 0.0.0.0/0 I added bind-address = 127.0.0.1 to my.cnf

But as a result backup process don't work as it should, looks like I broke it. Vesta create a lot of folders every 10 minutes until free space will end in /backup folder.

Code: Select all

ls -lah /backup
drwx------  5 root  root  4.0K Mar 27 19:15 tmp.5Vg0vTSI1n
drwx------  8 root  root  4.0K Mar 27 18:40 tmp.Sgr4ZfbM1B
drwx------  8 root  root  4.0K Mar 27 18:50 tmp.T3VpJdwJTz
drwx------  8 root  root  4.0K Mar 27 19:00 tmp.fXcXGATI56
drwx------  8 root  root  4.0K Mar 27 19:10 tmp.hvwohvHQMd

du -h -d1 /backup
4.0G    ./tmp.fXcXGATI56
4.0G    ./tmp.hvwohvHQMd
4.0G    ./tmp.Sgr4ZfbM1B
4.0G     ./tmp.5Vg0vTSI1n
4.0G    ./tmp.T3VpJdwJTz
Looks like it can't complete backup process because of some reasons and there are only such folders inside /backup/tmp.* folder
db dns mail pam vesta web
and there are no
cron user_dir
folders.


Looks like here is the answer to my question

Code: Select all

2021-03-27T19:00:03.943416Z 46 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:00:09.877277Z 47 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:05:02.979728Z 81 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:10:03.009843Z 119 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:10:22.250889Z 122 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:15:03.593465Z 163 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:20:03.774285Z 201 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:20:07.150538Z 202 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:25:02.475571Z 236 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:30:03.487948Z 272 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:30:07.456764Z 273 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:35:02.893016Z 308 [Note] Access denied for user 'root'@'localhost' (using password: YES)
and I deleted interface binding and a password on the root%localhost user.
But still no luck, Vesta is trying to create backups but instead archives it generates folders. And I'm constantly deleting these . tmp.* folders because there is not much space on VPS.



Thanks in advance.
Top

Huanana
Posts: 5
Joined: Sat Mar 27, 2021 6:41 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by Huanana » Sat Mar 27, 2021 10:12 pm

I added password from /usr/local/vesta/conf/mysql.conf to root%localhost user and now backup process works fine.
And there are no issues in these logs
/var/log/vesta/system.log
/var/log/vesta/backup.log


So now I have to add basic http authentication to Vesta panel and avoid performance issues I described in previous message.
Top

eris
Posts: 34
Joined: Fri Jun 26, 2020 9:25 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by eris » Sun Mar 28, 2021 10:07 am

Don't use VestaCP..
Top

Huanana
Posts: 5
Joined: Sat Mar 27, 2021 6:41 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by Huanana » Mon Mar 29, 2021 8:46 am

Is this Vesta's official forum? =) It's hard to believe because you are telling that I shouldn't use it.

So the main question is how to enable basic http auth for Vesta and do not affect it's performance like I described earlier.
Top

eris
Posts: 34
Joined: Fri Jun 26, 2020 9:25 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by eris » Mon Mar 29, 2021 11:20 am

https://github.com/serghey-rodin/vesta/issues/2045 (Hasn't been Published so far)
https://cve.mitre.org/cgi-bin/cvename.c ... 2021-28379 or https://www.exploit-db.com/exploits/49659
https://www.exploit-db.com/exploits/49674
https://www.exploit-db.com/exploits/49662
https://www.exploit-db.com/exploits/49220
https://www.exploit-db.com/exploits/49219

https://www.exploit-db.com/exploits/49667
(Also aplies to VestaCP)

And even I have missed a lot ...

Maybe read this:
https://github.com/serghey-rodin/vesta/issues/2006

I don't care if you like keeping to run VestaCP but it hasn't been updated for over 1,5 years.With the amount has been found lately and the complete lack information for the last 1,5 year please consider the use of VestaCP... And there has been found all ready a new one that has been published at all.
Top

Huanana
Posts: 5
Joined: Sat Mar 27, 2021 6:41 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by Huanana » Mon Mar 29, 2021 2:03 pm

oh, a huge amount of issues....
Can you suggest other Panel please? MyVesta?
Top

eris
Posts: 34
Joined: Fri Jun 26, 2020 9:25 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by eris » Mon Mar 29, 2021 2:30 pm

MyVesta stays close to VestaCP but only supports Debian OS.

HestiaCP has more features and other improvements. Only supports Debian / Ubuntu OS
Top

Huanana
Posts: 5
Joined: Sat Mar 27, 2021 6:41 pm

Os: Ubuntu 17x
Web: apache + nginx
Re: how to secure VPS
  • Quote

Post by Huanana » Mon Mar 29, 2021 3:59 pm

Thanks!
Top


Post Reply
  • Print view

8 posts • Page 1 of 1

Return to “General Discussion”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password