I'm transitioning from a shared account to a VPS and am trying to run it as securely as practical.
I've been looking at ways of keeping administrative connections to the server secure. So far I've considered VPN technologies like L2TP/IPSec and RAS but they don't seem suitable for what I need.
I just want a simple encypted, tamper-proof, computer-to-server connection in a Windows Server environment.
I'm using plesk with CentOS 6.6 and the postfix/courier mail services...I tried to connect an existing mail account with a mail program like thunderbird. But I'm not able to connect to it, except when I'm using "no connection security"...So I tried, if manually contacting the POP3s Port is working:
Code: openssl s_client -ssl3 -host mail.domain.de -port 995 with the following result:
Code: CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent
[code]....
the same results come for trying to connect to port 465 (ssmtp) and 993 (imaps)port 443 (https) seems to work fine..i already checked if the corresponding certificates exist (e.g. /usr/share/imapd.pem) and filled with the standard certificate informtaion given by plesk checking openssl on the server gives the following result:
Code: # openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
I have used the patch : [URL] .... to disable ssl v3.
After I applied the patch getting error below when i try to send email via horde webmail:
There was an error sending your message: Could not open secure TLS connection to the server.
Roundcube can send mails well but horde not. Otherwise since applied the parch i can't get mails from gmail and maybe other providers i don't know yet.
I've written a script to send property data to rightmove.co.uk as part of their new automated data feed. However they require a secure connection to their systems when posting the data. They have provided me with a .pem file which is a security certificate. I need to install this on my plesk server but where to start as most certificates require a private key and the actual certificate. The private key I have been provided is only an 8 charter string, like a password.
We have a script that run for more day without problem Script connect to port 25
Now we get this:
Warning: fsockopen() [function.fsockopen]: unable to connect to my.domain.com:25 in /home/mydom/public_html/backend/go.php on line 47 Connection refused (111)
Currently having a problem with proftpd on my centos plesk 8.1 server.
During large uploads, lets say around 10 MB the FTP connection fails within 5 minutes or so saying:
"A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond."
I have asked for help from my server provider but they have tried and are now unable to help.
I currently have the APF firewall in my server.
Has anyone experienced this?
Below is the APF config file that i currently have & the proftpd config files that i have, if anyone can help it would be really really appreciated
APF CONFIG:
Code: #!/bin/sh # # APF 0.9.6 [apf@r-fx.org] # # NOTE: This file should be edited with word/line wrapping off, # if your using pico please start it with the -w switch # (e.g: pico -w filename) #
## # [Devel Mode] # !!! Do not leave set to (1) !!! # When set to enabled; 5 minute cronjob is set to stop the firewall. Set # this mode off (0) when firewall determined to be operating as desired. ##
# The installation path of APF; this can be changed but it has not # been tested what would happen. INSTALL_PATH="/etc/apf"
# Untrusted Network interface(s); all traffic on defined interface will be # subject to all firewall rules. This should be your internet exposed # interfaces. Only one interface is accepted for each value. # NOTE: The interfacing structure is being worked towards support of MASQ/NAT IFACE_IN="eth0" IFACE_OUT="eth0"
# Trusted Network interface(s); all traffic on defined interface(s) will by-pass # ALL firewall rules, format is white space or comma seperated list. IFACE_TRUSTED=""
# Enable virtual network subsystem; creats independent policy ruleset for each # ip on a system (pulls data from 'ip addr list') to /etc/apf/vnet/ip.rules # Template is located in the vnet/ folder for rule files. This feature can # reduce apf start/stop performance and is not recommend for systems with more # than 255 (/24) ip's. [0 = Disabled / 1 = Enabled] SET_VNET="0"
# Support Monolithic kernel builds [no LKM's]. This mode of operation is # not really supported and you use at your own risk. SET_MONOKERN="0"
# Verifies that all inbound traffic is sourced from a defined local gateway MAC # address. All other traffic that does not match this source MAC address will be # rejected as untrusted traffic. It is quite trivial to forge a MAC address and as # such this feature executes NO default accept policy against this MAC address. VF_LGATE=""
# Verifies that the IF and IFACE_TRUSTED interfaces are actually routed (/sbin/route) # to something. If not then chances are APF will not start properly if at all. VF_ROUTE="1"
# Verifies that crond service is running when DEVEL_MODE=1; if not then APF will not # try to load as if lock-up occures no cron service to flush firewall VF_CROND="1"
# Verifies that the current system uptime is greater than this value before APF # can activate. This is to prevent on-boot lockup issues or delays due to excessive # amount of firewall rules. Value is in seconds; should you wish to disable this # feature, simply set VF_UTIME to 0 value. !! NOTE: APF WILL NOT START ON IT's OWN; # IT WILL EXIT WITH FATAL ERROR BELOW SET UPTIME !! VF_UTIME="0"
## # [Packet Filtering/Handling] ##
# How to handle TCP packet filtering? # # RESET (sends a tcp-reset; TCP/IP default) # DROP (drop the packet; stealth ?) # REJECT (reject the packet) TCP_STOP="DROP"
# How to handle UDP packet filtering? # # RESET (sends a icmp-port-unreachable; TCP/IP default) # DROP (drop the packet; stealth ?) # REJECT (reject the packet) # PROHIBIT (send an icmp-host-prohibited) UDP_STOP="DROP"
# How to handle all other packet filtering? (icmp,arp,igmp) # # DROP (drop the packet) # REJECT (reject the packet) DSTOP="DROP"
# The sanity options control the way packets are scrutinized as # they flow through the firewall. The main PKT_SANITY option is a # top level toggle for all SANITY options and provides general # packet flag sanity as a pre-scrub for the other sanity options PKT_SANITY="1"
# Block any packets that do not conform as VALID; this feature # is safe for most but some may experience protocol issues with # broken remote clients PKT_SANITY_INV="0"
oot@server [/]# rndc status rndc: connect failed: 127.0.0.1#953: connection refused
root@server [/]# /etc/init.d/named status rndc: connect failed: 127.0.0.1#953: connection refused named is stopped
root@server [/]# /scripts/fixndc Named could not be restarted, any obvious config errors should show up below this line. No critical problems found, will attempt to regenerate keys regardless. warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused Creating rndc.conf Creating /etc/rndc.key warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused Restarting named warn [fixrndc] /usr/sbin/rndc status failed: rndc: connect failed: 127.0.0.1#953: connection refused /scripts/fixrndc failed to fix the rndc key (or named is otherwise broken), please investigate manually
and i have try to reload the rndc but i got this error :
Error: Test the database server connection failed:
mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file
when I get a dedi server for shared hosting. I secure it as much as i can and then just incase I miss stuff etc I hire 2 other companys to check over everything. Since I bought a vps from fsckvps are there any guides to secure and optimize a vps other then the one located in the vps section? thanks. I Dont feel like spending 50+ dollars on securing a vps that costs less then 15 a month.
How secure is my VPS? Anyone who has some free time and is reading this thread could please try to do some penetration-testing or something related (I really do not know much about network security) in order to know if my server configuration could be the problem?
Do you find any way to download the full database without login on the system (cPanel or phpMyAdmin)?
I have an application that requires a Secure FTP connection to a server to work. I am having trouble connecting to one server, a windows based server, while the CentOS Linux server is working fine.
Does anyone know where I can find test Secure FTP locations so I can determine if the issue is with misconfiguration or with an incompatibility of the program with windows Secure FTP sites?
I am able to connect to both sites using WinSCP and choosing Secure FTP.
Check out this blog and suggest what thing more can be added to secure the vps and i think this information database can be helpful for newbies and intermediate users which like to secure the VPS.. which sometimes exploited due to bad scripts.
Ive been using Dreamhost for years and there great however, One of my clients needs has drastically changed and they are now required to comply with the Data Protection Act.
In particular this bit make Dreamhost a bit of a no go due to them being in California:
"Personal information may not be transmitted outside the EEA unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data."
Unless my client goes and asks all 1000+ customers they are kinda in a bit of a quandary. So here's what im looking for:
Secure UK Datacenter, eg Easynet, Blue Square etc 128mb RAM, 256mb Burstable, 20GB storage, 500GB transfer LAMP Environment Support within Business Hours Control Panel