We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
how to secure VPS
how to secure VPS
HI guys,
I have a VPS with Ubuntu 18 and Vesta panel running on it. I'm a newbie so can you please help me?
And the goal was to secure my VPS and here is what I wanted to do:
Disable IPv6
via editing grub parameters in /etc/default/grub
I don't use IPv6 so as my VPS hoster so can this configuration affect any service on VPS ?
Put ssh to nonstandard port
Add basic http authentication to phpmyadmin
Add to apache2 config file /etc/phpmyadmin/apache.conf these lines
And it works fine.
Add basic http authentication to Vesta
I added to /usr/local/vesta/nginx/conf/nginx.conf file these lines
and created htpasswd.
From authentication perspective it works fine but Vesta and other sites are working extremely slow. And I can't find anything specific in logs.
For example with this configuration I need 30 seconds to move from USER menu to WEB menu inside Vesta.
When I'm disabling it all sites work as they should.
Any ideas how to implement http auth but not broke other sites and Vesta's performance?
Next to in I'd like to secure MySQL
by adding password to root%localhost and interface configuration. Instead of using 0.0.0.0/0 I added bind-address = 127.0.0.1 to my.cnf
But as a result backup process don't work as it should, looks like I broke it. Vesta create a lot of folders every 10 minutes until free space will end in /backup folder.
Looks like it can't complete backup process because of some reasons and there are only such folders inside /backup/tmp.* folder
db dns mail pam vesta web
and there are no
cron user_dir
folders.
Looks like here is the answer to my question
and I deleted interface binding and a password on the root%localhost user.
But still no luck, Vesta is trying to create backups but instead archives it generates folders. And I'm constantly deleting these . tmp.* folders because there is not much space on VPS.
Thanks in advance.
I have a VPS with Ubuntu 18 and Vesta panel running on it. I'm a newbie so can you please help me?
And the goal was to secure my VPS and here is what I wanted to do:
Disable IPv6
via editing grub parameters in /etc/default/grub
I don't use IPv6 so as my VPS hoster so can this configuration affect any service on VPS ?
Put ssh to nonstandard port
Add basic http authentication to phpmyadmin
Add to apache2 config file /etc/phpmyadmin/apache.conf these lines
Code: Select all
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /usr/share/phpmyadmin/passwd
Require valid-user
Add basic http authentication to Vesta
I added to /usr/local/vesta/nginx/conf/nginx.conf file these lines
Code: Select all
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
expires max;
index index.php;
}
From authentication perspective it works fine but Vesta and other sites are working extremely slow. And I can't find anything specific in logs.
For example with this configuration I need 30 seconds to move from USER menu to WEB menu inside Vesta.
When I'm disabling it all sites work as they should.
Any ideas how to implement http auth but not broke other sites and Vesta's performance?
Next to in I'd like to secure MySQL
by adding password to root%localhost and interface configuration. Instead of using 0.0.0.0/0 I added bind-address = 127.0.0.1 to my.cnf
But as a result backup process don't work as it should, looks like I broke it. Vesta create a lot of folders every 10 minutes until free space will end in /backup folder.
Code: Select all
ls -lah /backup
drwx------ 5 root root 4.0K Mar 27 19:15 tmp.5Vg0vTSI1n
drwx------ 8 root root 4.0K Mar 27 18:40 tmp.Sgr4ZfbM1B
drwx------ 8 root root 4.0K Mar 27 18:50 tmp.T3VpJdwJTz
drwx------ 8 root root 4.0K Mar 27 19:00 tmp.fXcXGATI56
drwx------ 8 root root 4.0K Mar 27 19:10 tmp.hvwohvHQMd
du -h -d1 /backup
4.0G ./tmp.fXcXGATI56
4.0G ./tmp.hvwohvHQMd
4.0G ./tmp.Sgr4ZfbM1B
4.0G ./tmp.5Vg0vTSI1n
4.0G ./tmp.T3VpJdwJTz
db dns mail pam vesta web
and there are no
cron user_dir
folders.
Looks like here is the answer to my question
Code: Select all
2021-03-27T19:00:03.943416Z 46 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:00:09.877277Z 47 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:05:02.979728Z 81 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:10:03.009843Z 119 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:10:22.250889Z 122 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:15:03.593465Z 163 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:20:03.774285Z 201 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:20:07.150538Z 202 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:25:02.475571Z 236 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:30:03.487948Z 272 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:30:07.456764Z 273 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2021-03-27T19:35:02.893016Z 308 [Note] Access denied for user 'root'@'localhost' (using password: YES)
But still no luck, Vesta is trying to create backups but instead archives it generates folders. And I'm constantly deleting these . tmp.* folders because there is not much space on VPS.
Thanks in advance.
Re: how to secure VPS
I added password from /usr/local/vesta/conf/mysql.conf to root%localhost user and now backup process works fine.
And there are no issues in these logs
/var/log/vesta/system.log
/var/log/vesta/backup.log
So now I have to add basic http authentication to Vesta panel and avoid performance issues I described in previous message.
And there are no issues in these logs
/var/log/vesta/system.log
/var/log/vesta/backup.log
So now I have to add basic http authentication to Vesta panel and avoid performance issues I described in previous message.
Re: how to secure VPS
Don't use VestaCP..
Re: how to secure VPS
Is this Vesta's official forum? =) It's hard to believe because you are telling that I shouldn't use it.
So the main question is how to enable basic http auth for Vesta and do not affect it's performance like I described earlier.
So the main question is how to enable basic http auth for Vesta and do not affect it's performance like I described earlier.
Re: how to secure VPS
https://github.com/serghey-rodin/vesta/issues/2045 (Hasn't been Published so far)
https://cve.mitre.org/cgi-bin/cvename.c ... 2021-28379 or https://www.exploit-db.com/exploits/49659
https://www.exploit-db.com/exploits/49674
https://www.exploit-db.com/exploits/49662
https://www.exploit-db.com/exploits/49220
https://www.exploit-db.com/exploits/49219
https://www.exploit-db.com/exploits/49667
(Also aplies to VestaCP)
And even I have missed a lot ...
Maybe read this:
https://github.com/serghey-rodin/vesta/issues/2006
I don't care if you like keeping to run VestaCP but it hasn't been updated for over 1,5 years.With the amount has been found lately and the complete lack information for the last 1,5 year please consider the use of VestaCP... And there has been found all ready a new one that has been published at all.
https://cve.mitre.org/cgi-bin/cvename.c ... 2021-28379 or https://www.exploit-db.com/exploits/49659
https://www.exploit-db.com/exploits/49674
https://www.exploit-db.com/exploits/49662
https://www.exploit-db.com/exploits/49220
https://www.exploit-db.com/exploits/49219
https://www.exploit-db.com/exploits/49667
(Also aplies to VestaCP)
And even I have missed a lot ...
Maybe read this:
https://github.com/serghey-rodin/vesta/issues/2006
I don't care if you like keeping to run VestaCP but it hasn't been updated for over 1,5 years.With the amount has been found lately and the complete lack information for the last 1,5 year please consider the use of VestaCP... And there has been found all ready a new one that has been published at all.
Re: how to secure VPS
oh, a huge amount of issues....
Can you suggest other Panel please? MyVesta?
Can you suggest other Panel please? MyVesta?
Re: how to secure VPS
MyVesta stays close to VestaCP but only supports Debian OS.
HestiaCP has more features and other improvements. Only supports Debian / Ubuntu OS
HestiaCP has more features and other improvements. Only supports Debian / Ubuntu OS
Re: how to secure VPS
Thanks!