We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
How to defend my sites vs Hackers
-
- Posts: 2
- Joined: Wed Mar 21, 2018 2:58 pm
- Os: Ubuntu 15x
- Web: nginx + php-fpm
How to defend my sites vs Hackers
Hellos guys, I wonder if anyone can give me some advice, or place where I should start (since online security has so many information that I dont know where to start)
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.
Any info will be thankful!
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.
Any info will be thankful!
Re: How to defend my sites vs Hackers
There is no definite solution to your problem, but here comes a checklist of what you can do to prevent it from happening:nicoocattaa wrote: ↑Fri May 25, 2018 4:26 pmHellos guys, I wonder if anyone can give me some advice, or place where I should start (since online security has so many information that I dont know where to start)
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.
Any info will be thankful!
* Write a custom rule for Fail2Ban that bans a user that does a certain action, such as trying to bruteforce login page or so.
* Change to a provider that have a reliable DDoS-protection that filter out the traffic upstream - you won't be able to block it on the server itself as it clogs up the bandwidth.
* Install ModSecurity with the Owasp ruleset to prevent SQL-injections, XSS attacks and such.
* Update your server to Linux kernel 4.x and change to FQ traffic scheduler.
* Install CSF to detect attacks on the server
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: How to defend my sites vs Hackers
The problem of "too many clicks on your site" is not DDos, this happens when you do marketing stuff and promote your site, many people receive your site's links through referrals and try to click randomly. You may want to use "Negative keywords" and optimize your marketing, plus secure your mail sending function for accidental clicks.nicoocattaa wrote: ↑Fri May 25, 2018 4:26 pmHellos guys, I wonder if anyone can give me some advice, or place where I should start (since online security has so many information that I dont know where to start)
I use vesta+ubuntu and then I have a web page with Prestashop plataform, sometimes I get some kind of DDOS, people or bots click at an option in my site to Share with a friend via email, they clicked 6 times every second to mails that are not real.
I just cancel that butom in my site,... but then I dont know how its gona be next.
Already live when someone exploit VESACP in april and my site was down 2 days, and I run an Ecommerce. I cant let that things happen.
Any info will be thankful!
It is also not related to the VestaCP April 09 hack, please don't mix conclusions without having sound knowledge about webservers and how things work. This misleads many more new users and readers on the forum.
This forums has enormous links and discussions to secure your server and sites, however please know that Security is a process, not a product. It needs to be constantly monitored and hardened at many levels, your app, server, DNS and more. It needs patience and research to learn, there isn't a magic set of rules anyone can give you in straight reply.