#fail2ban | Explore Tumblr Posts and Blogs

nyaza · 1 year

Text

(this is a small story of how I came to write my own intrusion detection/prevention framework and why I'm really happy with that decision, don't mind me rambling)

Preface

About two weeks ago I was faced with a pretty annoying problem. Whilst I was going home by train I have noticed that my server at home had been running hot and slowed down a lot. This prompted me to check my nginx logs, the only service that is indirectly available to the public (more on that later), which made me realize that - due to poor access control - someone had been sending me hundreds of thousands of huge DNS requests to my server, most likely testing for vulnerabilities. I added an iptables rule to drop all traffic from the aforementioned source and redirected remaining traffic to a backup NextDNS instance that I set up previously with the same overrides and custom records that my DNS had to not get any downtime for the service but also allow my server to cool down. I stopped the DNS service on my server at home and then used the remaining train ride to think. How would I stop this from happening in the future? I pondered multiple possible solutions for this problem, whether to use fail2ban, whether to just add better access control, or to just stick with the NextDNS instance.

I ended up going with a completely different option: making a solution, that's perfectly fit for my server, myself.

My Server Structure

So, I should probably explain how I host and why only nginx is public despite me hosting a bunch of services under the hood.

I have a public facing VPS that only allows traffic to nginx. That traffic then gets forwarded through a VPN connection to my home server so that I don't have to have any public facing ports on said home server. The VPS only really acts like the public interface for the home server with access control and logging sprinkled in throughout my configs to get more layers of security. Some Services can only be interacted with through the VPN or a local connection, such that not everything is actually forwarded - only what I need/want to be.

I actually do have fail2ban installed on both my VPS and home server, so why make another piece of software?

Tabarnak - Succeeding at Banning

I had a few requirements for what I wanted to do:

Only allow HTTP(S) traffic through Cloudflare

Only allow DNS traffic from given sources; (location filtering, explicit white-/blacklisting);

Webhook support for logging

Should be interactive (e.g. POST /api/ban/{IP})

Detect automated vulnerability scanning

Integration with the AbuseIPDB (for checking and reporting)

As I started working on this, I realized that this would soon become more complex than I had thought at first.

Webhooks for logging This was probably the easiest requirement to check off my list, I just wrote my own log() function that would call a webhook. Sadly, the rest wouldn't be as easy.

Allowing only Cloudflare traffic This was still doable, I only needed to add a filter in my nginx config for my domain to only allow Cloudflare IP ranges and disallow the rest. I ended up doing something slightly different. I added a new default nginx config that would just return a 404 on every route and log access to a different file so that I could detect connection attempts that would be made without Cloudflare and handle them in Tabarnak myself.

Integration with AbuseIPDB Also not yet the hard part, just call AbuseIPDB with the parsed IP and if the abuse confidence score is within a configured threshold, flag the IP, when that happens I receive a notification that asks me whether to whitelist or to ban the IP - I can also do nothing and let everything proceed as it normally would. If the IP gets flagged a configured amount of times, ban the IP unless it has been whitelisted by then.

Location filtering + Whitelist + Blacklist This is where it starts to get interesting. I had to know where the request comes from due to similarities of location of all the real people that would actually connect to the DNS. I didn't want to outright ban everyone else, as there could be valid requests from other sources. So for every new IP that triggers a callback (this would only be triggered after a certain amount of either flags or requests), I now need to get the location. I do this by just calling the ipinfo api and checking the supplied location. To not send too many requests I cache results (even though ipinfo should never be called twice for the same IP - same) and save results to a database. I made my own class that bases from collections.UserDict which when accessed tries to find the entry in memory, if it can't it searches through the DB and returns results. This works for setting, deleting, adding and checking for records. Flags, AbuseIPDB results, whitelist entries and blacklist entries also get stored in the DB to achieve persistent state even when I restart.

Detection of automated vulnerability scanning For this, I went through my old nginx logs, looking to find the least amount of paths I need to block to catch the biggest amount of automated vulnerability scan requests. So I did some data science magic and wrote a route blacklist. It doesn't just end there. Since I know the routes of valid requests that I would be receiving (which are all mentioned in my nginx configs), I could just parse that and match the requested route against that. To achieve this I wrote some really simple regular expressions to extract all location blocks from an nginx config alongside whether that location is absolute (preceded by an =) or relative. After I get the locations I can test the requested route against the valid routes and get back whether the request was made to a valid URL (I can't just look for 404 return codes here, because there are some pages that actually do return a 404 and can return a 404 on purpose). I also parse the request method from the logs and match the received method against the HTTP standard request methods (which are all methods that services on my server use). That way I can easily catch requests like:

XX.YYY.ZZZ.AA - - [25/Sep/2023:14:52:43 +0200] "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA==" 400 150 "-" "-"

I probably over complicated this - by a lot - but I can't go back in time to change what I did.

Interactivity As I showed and mentioned earlier, I can manually white-/blacklist an IP. This forced me to add threads to my previously single-threaded program. Since I was too stubborn to use websockets (I have a distaste for websockets), I opted for probably the worst option I could've taken. It works like this: I have a main thread, which does all the log parsing, processing and handling and a side thread which watches a FIFO-file that is created on startup. I can append commands to the FIFO-file which are mapped to the functions they are supposed to call. When the FIFO reader detects a new line, it looks through the map, gets the function and executes it on the supplied IP. Doing all of this manually would be way too tedious, so I made an API endpoint on my home server that would append the commands to the file on the VPS. That also means, that I had to secure that API endpoint so that I couldn't just be spammed with random requests. Now that I could interact with Tabarnak through an API, I needed to make this user friendly - even I don't like to curl and sign my requests manually. So I integrated logging to my self-hosted instance of https://ntfy.sh and added action buttons that would send the request for me. All of this just because I refused to use sockets.

First successes and why I'm happy about this After not too long, the bans were starting to happen. The traffic to my server decreased and I can finally breathe again. I may have over complicated this, but I don't mind. This was a really fun experience to write something new and learn more about log parsing and processing. Tabarnak probably won't last forever and I could replace it with solutions that are way easier to deploy and way more general. But what matters is, that I liked doing it. It was a really fun project - which is why I'm writing this - and I'm glad that I ended up doing this. Of course I could have just used fail2ban but I never would've been able to write all of the extras that I ended up making (I don't want to take the explanation ad absurdum so just imagine that I added cool stuff) and I never would've learned what I actually did.

So whenever you are faced with a dumb problem and could write something yourself, I think you should at least try. This was a really fun experience and it might be for you as well.

Post Scriptum

First of all, apologies for the English - I'm not a native speaker so I'm sorry if some parts were incorrect or anything like that. Secondly, I'm sure that there are simpler ways to accomplish what I did here, however this was more about the experience of creating something myself rather than using some pre-made tool that does everything I want to (maybe even better?). Third, if you actually read until here, thanks for reading - hope it wasn't too boring - have a nice day :)

#coding #codeblr #virtual private servers #python #dns #dns server #dnsmanagement

8 notes · View notes

hostragonsturkiye · 29 days

Link

0 notes

hontanytimes · 1 month

Text

What is the Difference Between Plesk and cPanel?

When it comes to web hosting control panels, Plesk and cPanel are the two giants in the industry. Both offer comprehensive tools for managing web servers, websites, databases, emails, and more. However, they have their differences, and choosing the right one for your needs can significantly impact your hosting experience. In this article, we will explore the difference between Plesk and cPanel, focusing on their features, user interface, security, compatibility, and pricing, while highlighting the positive aspects of Plesk hosting.

1. User Interface and Ease of Use

One of the most noticeable differences between Plesk and cPanel is their user interface. Both platforms have designed their interfaces to be user-friendly, but they do so in different ways.

Plesk:Plesk is known for its clean, modern, and intuitive interface. It organizes its features into categories, making it easy for users to find what they need quickly. The dashboard is less cluttered, and the navigation is straightforward, which is especially beneficial for beginners. Plesk’s interface is also responsive, meaning it works well on various devices, including tablets and smartphones.

cPanel:cPanel’s interface, while powerful, can feel a bit outdated compared to Plesk. It organizes tools into icons, and while this can be effective for users who are familiar with the layout, it can be overwhelming for beginners. The interface is also less customizable than Plesk, which might be a drawback for those who want to tailor their control panel experience.

Verdict:When comparing the difference between Plesk and cPanel in terms of user interface, Plesk takes the lead. Its modern design, simplicity, and responsiveness make it more user-friendly, especially for beginners.

2. Operating System Compatibility

Operating system compatibility is another critical factor when choosing a web hosting control panel. The ability to work with different OS platforms can be a deciding factor for many users.

Plesk:Plesk is highly versatile and works on both Linux and Windows servers. This cross-platform compatibility makes it an excellent choice for users who may need to switch between different operating systems or those who prefer Windows-based hosting. The ability to manage both Linux and Windows servers from the same interface is a significant advantage of best plesk hosting.

cPanel:cPanel is limited to Linux servers, specifically CentOS, CloudLinux, and Red Hat Enterprise Linux. This limitation can be a dealbreaker for those who need Windows hosting, as cPanel does not support Windows servers.

Verdict:When considering the difference between Plesk and cPanel in terms of OS compatibility, Plesk emerges as the clear winner. Its ability to work seamlessly with both Linux and Windows servers gives it a significant edge over cPanel.

3. Security Features

Security is a top priority for anyone managing websites and servers. Both Plesk and cPanel offer robust security features, but there are some differences worth noting.

Plesk:Plesk is known for its strong security features. It comes with integrated security tools like Fail2Ban for intrusion detection and prevention, and ModSecurity for web application firewall protection. Plesk also supports Let’s Encrypt, allowing users to install SSL certificates easily. Additionally, Plesk offers advanced security options like two-factor authentication (2FA) and anti-spam filters. The platform's security is further enhanced by regular updates and patches, ensuring that vulnerabilities are addressed promptly.

cPanel:cPanel also offers a range of security features, including a virus scanner, SSH access management, IP blocking, and password-protected directories. cPanel integrates with several third-party security tools, which can be a plus for users who prefer specific security solutions. However, some of these features might require additional configuration, making them slightly less user-friendly compared to Plesk.

Verdict:In the battle of security features, Plesk has a slight edge due to its out-of-the-box security tools and ease of use. Plesk’s comprehensive security measures make it a preferred choice for those who prioritize a secure hosting environment.

4. Application Support and Management

The ability to manage and deploy applications efficiently is a crucial aspect of any control panel. Both Plesk and cPanel offer application support, but they differ in how they handle it.

Plesk:Plesk excels in application management with its integration of the Plesk Application Catalog. It supports a wide range of applications, including WordPress, Joomla, and Drupal, allowing users to install and manage these applications with a single click. Plesk’s WordPress Toolkit is particularly impressive, offering features like cloning, staging, and automatic updates, which are invaluable for WordPress users. Additionally, Plesk’s Docker support allows users to run Docker containers directly from the control panel, making it a versatile choice for developers.

cPanel:cPanel also supports a variety of applications through its Softaculous Apps Installer. Users can install popular CMS platforms, e-commerce tools, and more with just a few clicks. However, cPanel’s application management features are not as advanced as Plesk’s. For example, while cPanel supports WordPress, it lacks the comprehensive management tools found in Plesk’s WordPress Toolkit.

Verdict:Plesk takes the lead in application support and management. Its robust tools, especially for WordPress, make it an ideal choice for users who rely heavily on CMS platforms and need efficient management options.

5. Customer Support and Documentation

Reliable customer support and comprehensive documentation are essential for users of all experience levels.

Plesk:Plesk offers a wide range of support options, including an extensive knowledge base, community forums, and ticket-based support. The platform’s documentation is detailed and covers a wide array of topics, making it easy for users to find answers to their questions. Plesk also provides premium support options for users who require personalized assistance.

cPanel:cPanel also offers a comprehensive knowledge base and community forums. Additionally, cPanel provides ticket-based support, though some users have noted that response times can vary. Like Plesk, cPanel offers premium support for those who need more dedicated assistance.

Verdict:Both Plesk and cPanel offer strong customer support and documentation. However, Plesk’s extensive documentation and the variety of support options give it a slight advantage in this area.

6. Pricing and Licensing

Pricing can be a significant factor when choosing between Plesk and cPanel, especially for businesses or individuals managing multiple websites.

Plesk:Plesk’s pricing model is flexible and varies depending on the features and the number of domains you need to manage. Plesk offers three main plans: Web Admin, Web Pro, and Web Host. These plans cater to different needs, from managing a single website to hosting multiple domains. Plesk’s pricing is generally considered competitive, especially given the extensive features it offers. Additionally, Plesk often comes bundled with hosting packages, which can be cost-effective.

cPanel:cPanel’s pricing is based on the number of accounts managed on the server. This pricing model can become expensive for users who manage multiple accounts or websites. cPanel offers three main tiers: Solo (for one account), Admin (up to 5 accounts), and Pro (up to 30 accounts). For larger businesses or hosting providers, the Premier plan allows for more accounts, but at a higher cost.

Verdict:When comparing the difference between Plesk and cPanel in terms of pricing, Plesk’s flexible pricing structure and cost-effectiveness for multi-domain management make it a more attractive option for a broader range of users.

7. Backup and Restore Options

Having reliable backup and restore options is critical for website management. Both Plesk and cPanel provide these features, but they differ in execution.

Plesk:Plesk offers robust backup and restore options that are easy to use. Users can schedule automatic backups and store them in various locations, including remote storage. Plesk also allows for incremental backups, which can save time and storage space. Restoring from backups is straightforward, with options to restore entire websites, databases, or individual files.

cPanel:cPanel provides similar backup and restore functionalities, with the ability to perform full or partial backups. However, some users find cPanel’s backup system to be less intuitive compared to Plesk’s. cPanel also supports remote backups, but setting this up might require more configuration.

Verdict:Plesk’s backup and restore options are more user-friendly and versatile, making it a better choice for users who prioritize ease of use and flexibility in managing their backups.

8. Server Resource Management

Efficient server resource management is crucial for maintaining optimal performance, especially for websites with high traffic.

Plesk:Plesk provides detailed resource usage statistics and monitoring tools. Users can track CPU, memory, and disk usage, and manage resources efficiently. Plesk’s integration with tools like Grafana and Prometheus allows for advanced monitoring and alerting, which can be invaluable for larger websites or hosting providers.

cPanel:cPanel also offers resource management tools, but they are not as advanced as those provided by Plesk. While cPanel allows users to monitor resource usage and set limits, the lack of integration with more sophisticated monitoring tools might be a drawback for some users.

Verdict:Plesk’s advanced resource management tools make it a superior choice for users who need detailed monitoring and efficient management of server resources.

9. Customization and Extensibility

The ability to customize and extend the functionality of a control panel can greatly enhance the user experience.

Plesk:Plesk is highly customizable.

#best plesk hosting #plesk vs cpanel #hostanytime

0 notes

algoentremanos · 3 months

Text

Cómo bloquear bots, SPAM y tráfico malicioso con el firewall CSF y LFD

Cómo bloquear bots, SPAM y tráfico malicioso con el firewall CSF y LFD #RockyLinux #CSFFirewall #Bots #Spam

CSF o Config Server Firewall, es una de las opciones más sencillas que puedes instalar en tu servidor VPS para mejorar la seguridad de tu instalación web. Es un firewall sencillo de configurar (o por lo menos más sencillo que firewalld, fail2ban), pero eso no quita para que haya que prestar un poco de atención a varios parámetros menos conocidos de su configuración para mejorar la seguridad del…

View On WordPress

#Bots #CSF #SPAM

0 notes

gslin · 4 months

Text

#IFTTT #Gea-Suan Lin's BLOG

0 notes

ericvanderburg · 4 months

Text

Fail2Ban: Ban hosts that cause multiple authentication errors

http://securitytc.com/T7KKfn

0 notes

bestarhost · 8 months

Text

How to Allow IP Addresses through Firewall Linux?

Configuring IP Access with iptables

Verifying iptables Installation

Listing Current Firewall Rules

Allowing Specific IP Addresses

Saving iptables Rules

Creating a Secure IP Whitelist

Defining Your IP Whitelist

Configuring iptables Rules

Testing Connectivity

Streamlining Firewall Management with BeStarHost

Introducing BeStarHost

Using BeStarHost for IP Whitelisting

Best Practices for Linux Firewall Management

Regularly Review and Update Whitelist

Implement Fail2Ban for Additional Security

Conclusion:

Effectively managing your Linux firewall is an integral part of maintaining a secure server environment. By mastering iptables and understanding how to allow specific IP addresses, you fortify your defenses against potential threats. Whether you opt for manual configuration or utilize tools like BeStarHost, the key is to stay vigilant, update your rules regularly, and adapt your security measures to evolving threats. Implementing these practices will empower you to keep your Linux server secure and resilient.

To Learn More, Click this Link:

#Linux Firewall Configuration #IP Address Whitelisting #Linux Firewall Rules #Network Security on Linux #Firewall Tutorial

0 notes

serverp · 8 months

Text

Choosing the Right Control Panel for Your Hosting: Plesk vs cPanel Comparison

Whether you're a business owner or an individual creating a website, the choice of a control panel for your web hosting is crucial. Often overlooked, the control panel plays a vital role in managing web server features. This article compares two popular control panels, cPanel and Plesk, to help you make an informed decision based on your requirements and knowledge.

Understanding Control Panels

A control panel is a tool that allows users to manage various features of their web server directly. It simplifies tasks like adjusting DNS settings, managing databases, handling website files, installing third-party applications, implementing security measures, and providing FTP access. The two most widely used control panels are cPanel and Plesk, both offering a plethora of features at affordable prices.

Plesk: A Versatile Control Panel

Plesk is a web hosting control panel compatible with both Linux and Windows systems. It provides a user-friendly interface, offering access to all web server features efficiently.

cPanel: The Trusted Classic

cPanel is the oldest and most trusted web control panel, providing everything needed to manage, customize, and access web files effectively.

Comparing Plesk and cPanel

User Interface:

Plesk: Offers a user-friendly interface with a primary menu on the left and feature boxes on the right, similar to WordPress.

cPanel: Features an all-in-one page with visually appealing icons. Everything is sorted into groups for easy navigation.

Features and Tools:

Both offer a wide range of features, including email accounts, DNS settings, FTP accounts, and database management.

Plesk: Comes with more pre-installed apps, while cPanel may require additional installations.

Security:

Plesk: Provides useful security features like AutoSSL, ImunifyAV, Fail2ban, firewall, and spam defense.

cPanel: Offers features such as password-protected folders, IP address rejections, automated SSL certificate installations, and backups.

Performance:

Plesk and cPanel: Both offer good performance. cPanel is designed for faster performance by using less memory (RAM).

Distros:

Plesk: Compatible with both Linux and Windows systems.

cPanel: Works only on Linux systems, supported by distributions like CentOS, CloudLinux, and Red Hat.

Affordability:

cPanel: Known for its cost-effective pricing, making it preferred by many, especially new learners.

Preferred Hosting Options

If you are looking for a hosting solution with cPanel, explore web hosting services that offer it. For those preferring Plesk, Serverpoet provides fully managed shared, VPS, and dedicated hosting solutions. Serverpoet also offers server management support for both Plesk and cPanel, including troubleshooting, configuration, migration, security updates, and performance monitoring.

Conclusion

In the Plesk vs cPanel comparison, cPanel stands out for its cost-effective server management solution and user-friendly interface. On the other hand, Plesk offers more features and applications, making it a versatile choice. Consider your specific needs when choosing between the two, keeping in mind that cPanel is known for its Linux compatibility, while Plesk works on both Linux and Windows systems.

#cloud vps hosting #web hosting and server

0 notes

leasepacket · 9 months

Text

8 Best Tips to Secure VPS

More and more businesses are doing their work on the internet. Many small and medium-sized businesses (SMBs) begin their journey on the internet by using something called a virtual private server (VPS). Whether they take care of it themselves or hire someone to help, keeping this VPS secure is very important for the success of any business.

Companies that provide space on the internet, called web hosting providers, offer different ways to manage these VPS setups. Some are taken care of by the provider, and some need the users to do it themselves. If the provider takes care of it, they make sure it's safe by fixing any problems and setting up the server in a secure way. But if users have more control (something called root access), they can do some or all of these safety measures on their own.

No matter if someone is really good at this computer stuff or just starting to learn, it's important to know how to keep their VPS safe. This article will give you eight tips to make your VPS more secure.

What is VPS?

A VPS, which stands for Virtual Private Server, is like having your own special space on the internet. It's not an entire computer, but it's a part of one that you can use just for yourself. People and businesses use VPS to put their websites, apps, or other things on the internet. It's like having your own little corner on the web where you can do your own things without sharing with others.

Best Tips to Secure VPS

Keep Everything Updated

Imagine your VPS is like a garden, and updates are the water and sunlight it needs to thrive. Regularly updating your server's operating system, software, and applications is the first line of defense against potential security vulnerabilities. Most updates come with security patches that help fix known issues, keeping your VPS strong and resilient.

Set Strong Passwords

Think of your VPS password as the key to your castle. Creating a strong and unique password is essential. Combine uppercase and lowercase letters, numbers, and special characters to make it complex and harder for others to guess. Avoid using easily guessable information like birthdays or common words. Changing your password periodically adds an extra layer of security.

Enable Firewall Protection

A firewall acts like a shield, monitoring and controlling the incoming and outgoing network traffic on your VPS. Configure your firewall to allow only the necessary connections and block anything suspicious. This helps safeguard your VPS from unauthorized access and potential cyber threats.

Install and Configure Fail2Ban

Fail2Ban is like a vigilant guard at your VPS's gate. It automatically detects and responds to multiple failed login attempts, protecting your server from brute-force attacks. By temporarily banning IP addresses that show suspicious behavior, Fail2Ban adds an extra layer of security to your VPS.

Regular Backups are Your Safety Net

Imagine having a safety net below your tightrope – that's what regular backups are for your VPS. In case something goes wrong, like a system failure or a security breach, having recent backups ensures you can quickly restore your data and configurations. Set up automatic backups and store them in a secure, remote location.

Use SSH Key Authentication

Secure Shell (SSH) key authentication is like having a unique fingerprint for accessing your VPS. Instead of relying solely on passwords, SSH keys add an extra layer of security. Even if someone manages to crack your password, they would still need the SSH key to gain access.

Monitor Server Logs

Server logs are like a diary for your VPS, documenting all activities. Regularly reviewing these logs helps you detect any unusual behavior or potential security threats. Monitoring your logs allows you to take proactive measures and respond swiftly to any security incidents.

Regular Security Audits

Conducting regular security audits is like giving your VPS a health check. Scan for vulnerabilities, review access controls, and ensure that your security measures are up-to-date. This proactive approach helps you stay ahead of potential risks and fortify your VPS against emerging threats.

Conclusion

Securing your VPS doesn't have to be complicated. By implementing these eight easy tips – keeping everything updated, setting strong passwords, enabling firewall protection, installing Fail2Ban, regular backups, SSH key authentication, monitoring server logs, and conducting security audits – you can create a robust defense system for your virtual space. Remember, a well-protected VPS ensures a safer and more resilient online presence, allowing you to navigate the digital landscape with confidence.

#webhostingcompany #webhostingservices #webhostingprovider #hosting #hostingprovider #hostingweb #dedicatedserverhosting #leasepacket #webhosting #hostingservices

0 notes