provider asks me not to install firewall?
I have a dedicated server
I wanted to install a firewall my provider told me I don't need one because they have iptables and if I want I can ask them to include an ip in there
what do they mean?
I don't need a firewall? will it harm if I install a firewall for myself?
My VPS provider has asked me to let them know the list of softwares I want
and they would install it for me.
Now for the moment I just want to make sure my VPS is secure what should I ask them to install for me.
In general what basic things do I need?
Also I just do not want to install a lot of unnecessary things or firewalls which may cause problems for users.
Sometimes some of the .php scripts on my site prompts me to download the script rather than executing it.
View 7 Replies View RelatedOk so you need a firewall. Well we recommend using APF. The following are the instructions you need to install
1) Login to your box as root
2) Download the APF Source (current version 0.9.3.3) ...........
Can anyone recommend a firewall to install on my VPS using CentOS5.3.
Please explain why should I choose it or what are its advantages.
And do firewalls make your VPS slower by consuming some resources?
I am thinking about install CSF firewall (without cPanel or any control Panel) in the master (the dedicated is virtualized with OpenVZ).
I no have services (only the OpenVZ panel to manage -hypervm-) and no extra services. Only for increase secutiry on master and avoid security problems-related.
Its recomendable to use any firewall in Master? Could be problematic on future?
I need to open the vps ports in use on master firewall?
I have read on this forums and google CSF seem to be the best firewall out there, so i installed it configure and run it. After the installation i found that i received a lot time out error on web service. Page take a lot longer to load. I think it's my configuration.
Can someone take a look at my configuration if possible please share your configuration. I really like to have CSF run without poor performance on web service.
TESTING = "0"
TESTING_INTERVAL = "5"
AUTO_UPDATES = "1"
ETH_DEVICE = "eth1"
ETH_DEVICE_SKIP = ""
TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,8184"
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"
UDP_IN = "20,21,53,953"
UDP_OUT = "20,21,53,113,123,873,953,6277"
ICMP_IN = "1"
ICMP_OUT = "0"
SMTP_BLOCK = "1"
SMTP_ALLOWLOCAL = "0"
MONOLITHIC_KERNEL = "0"
DROP = "DROP"
DROP_LOGGING = "1"
DROP_IP_LOGGING = "1"
DROP_ONLYRES = "0"
DROP_NOLOG = "67,68,111,113,135:139,445,513,520"
PACKET_FILTER = "1"
DROP_PF_LOGGING = "0"
VERBOSE = "1"
SYSLOG = "0"
DYNDNS = "0"
RELAYHOSTS = "1"
DENY_IP_LIMIT = "100"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
LF_GLOBAL = ""
LF_DAEMON = "1"
LF_TRIGGER = "0"
LF_TRIGGER_PERM = "1"
LF_SELECT = "1"
LF_SSHD = "3"
LF_SSHD_PERM = "1"
LF_FTPD = "3"
LF_FTPD_PERM = "1"
LF_SMTPAUTH = "3"
LF_SMTPAUTH_PERM = "1"
LF_POP3D = "5"
LF_POP3D_PERM = "1"
LF_IMAPD = "5"
LF_IMAPD_PERM = "1"
LF_HTACCESS = "5"
LF_HTACCESS_PERM = "300"
LF_MODSEC = "0"
LF_MODSEC_PERM = "1"
LF_CPANEL = "3"
LF_CPANEL_PERM = "3600"
LF_CSF = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_SCRIPT_ALERT = "1"
LF_SCRIPT_LIMIT = "100"
LF_SCRIPT_PERM = "0"
LF_DIRWATCH = "60"
LF_DIRWATCH_DISABLE = "1"
LF_DIRWATCH_FILE = "1"
LF_INTEGRITY = "3600"
LF_INTERVAL = "300"
LF_PARSE = "5"
LF_EMAIL_ALERT = "1"
LT_EMAIL_ALERT = "1"
LT_POP3D = "60"
LT_IMAPD = "0"
RT_RELAY_ALERT = "1"
RT_RELAY_LIMIT = "100"
RT_RELAY_BLOCK = "0"
RT_AUTHRELAY_ALERT = "1"
RT_AUTHRELAY_LIMIT = "100"
RT_AUTHRELAY_BLOCK = "0"
RT_POPRELAY_ALERT = "1"
RT_POPRELAY_LIMIT = "100"
RT_POPRELAY_BLOCK = "0"
RT_LOCALRELAY_ALERT = "1"
RT_LOCALRELAY_LIMIT = "100"
RT_LOCALRELAY_BLOCK = "0"
LF_DSHIELD = "86400"
LF_DSHIELD_URL = [url]
LF_SPAMHAUS = "86400"
LF_SPAMHAUS_URL = [url]
LF_BOGON = "86400"
LF_BOGON_URL = [url]
CT_LIMIT = "300"
CT_INTERVAL = "60"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "1"
CT_BLOCK_TIME = "1800"
CT_SKIP_TIME_WAIT = "0"
CT_STATES = ""
PT_LIMIT = "30"
PT_INTERVAL = "60"
PT_SKIP_HTTP = "0"
PT_USERPROC = "8"
PT_USERMEM = "100"
PT_USERTIME = "1800"
PT_USERKILL = "0"
PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"
PT_SMTP = "0"
IPTABLES = "/sbin/iptables"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
NETSTAT = "/bin/netstat"
PS = "/bin/ps"
FUSER = "/sbin/fuser"
VMSTAT = "/usr/bin/vmstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/exim_mainlog"
SMTPRELAY_LOG = "/var/log/exim_mainlog"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
CPANEL_LOG = "/usr/local/cpanel/logs/login_log"
SCRIPT_LOG = "/var/log/exim_mainlog"
I heard that CSF firewall will block the ips but still its useful to install? or is there any other method to stop to automatically block the ips from csf? Just want to know about it.
View 14 Replies View RelatedI'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
Is it possible to install Plesk 12 to Debian Jessie with the autoinstall script?
View 7 Replies View Relatedproblem with install suhosin and ...
how i can install Mod_security
What difference between yum install php or manually install php from scrach (build, make and install)?
I know manually install could configure lots of parameters and paths, like --iconv, --mbsting, etc. I don't know anything behind yum install php. If I want to install php everything in the following:
./configure --prefix=/usr/local/webserver/php --with-config-file-path=/usr/local/webserver/php/etc --with-mysql=/usr/local/webserver/mysql --with-mysqli=/usr/local/webserver/mysql/bin/mysql_config --with-iconv-dir=/usr/local --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-debug --disable-rpath --enable-discard-path --enable-safe-mode --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-fastcgi --enable-fpm --enable-force-cgi-redirect --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-sendmail=/usr/sbin/sendmail
to installing linux software and have been beating my head for a couple of days. I just learned that I can use something on my CENTOS 5 - which is the same as RHEL 5 - to install the rpm and all dependencies.
Numeric-24.2-1.i586.rpm is the rpm I want to install, if that matters.
How can I do install it AND any dependencies?
i am considering moving over from a dedicated server to a VPS solution, but host files via a CDN provider.
Can people give me their experiences of CDN providers please.
In particular i am looking at:
The prices they are paying
The quality of their bandwidth
The speeds they are getting (average)
Is your provider a reseller of another
Am looking to make available a variety of files from PNG, PSD, Vector and ISO files. Some of the files are as big as 10GB in size. I know some providers only manage certain file types.
I've shortlisted 5 VPS providers for hosting a user-generated news site, please post your insights on them, particularly on these issues
1.Support
2.Upgrade features and scalability
3.Performance
1.mxhub.com - 12GB 250GB 128M Ram $19/mo
2.dediwebspace.com - 30GB 400GB 256 MB (Gauranteed) $20/mo
3.jaguarpc.com - 10GB 150GB 128MB (Gauranteed Ram) 512MB (Burstable) $20 /mo
4.knownhost.com - 10GB 256 MB(768 MB Burstable) 200GB b/w $30/mo
5.vpslink.com - 20GB 500GB bw 512MB Ram $40/mo.
Anybody know a very good Xen VPS provider in the UK? All I can find (and I have look around a lot) is either a brand of VaServ or has a website is completely built with images and is just too stupid to be of a real hosting company.
View 3 Replies View Relatedif we can really know the #1 provider in the world.
View 14 Replies View RelatedI got a VPS, I have
ns1.mydomain.com 123.123.123
ns2.mydomain.com 123.123.124
For all my sites I used the first Ip until recently I tried to use the second ip for a particular site
Every thing went alright, I thought my site with second ip is working until yesterday I received a Call from India and the guy told me that he could not view my website because he got some thing like Network error DNS failed
I checked my site it was loading, I asked my provider and he says nothing is wrong and he can view my site
I checked
[url]
I got this Error
ERROR: Although you have at least 2 NS records, they both point to the same server, resulting in a single point of failure. You are required to have at least 2 nameservers per RFC 1035 section 2.2.
I talked with my provide but the response was this
''''''''''
This message will show up always when dnsstuff is able to detect that both nameserver names are pointing to the same physical system. This message doesn't affect connectivity and/or performance.
'''''''''''''''''''
Do I have two IPS or One IP Is this a common practice? I do not want to feel suspisious of the host and those guys are nice and supportive
Is Xen really as good as claimed?
Who is the best provider with Xen VPS offerings.
im interested in selling SSL certificates, but i dont want to resell them, i'd like to sign them myself. What is out there to do this and how would i go about doing it?
View 5 Replies View RelatedI am looking for a VPS to host some personal sites.
Data is very important.
My budget is under 20 dollar per month. DirectAdmin is preferred. ( No lxadmin or webmin)
The VPS provider must be in business for more than 1 year.
Anybody know such a provider?
What is the best hosting provider? Host Gator?
View 24 Replies View RelatedI've been having a rough morning with my hosting.
They're claiming that the problem is with the upstream provider.
So I had a question for all you smarter than a 5th grader guys.
When there's a problem with the upstream provider, shouldn't all my IPs go down?
I have a /24 with hosted with these guys, but some IPs are up while others keep going up/down.
Does anyone have experience with a good IRC VPS provider? I want to run an couple of BNC's. Unmanaged is fine. My budget for this would be $20/month.
View 14 Replies View RelatedI've been thinking about getting a dedicated server in the EU, as the UK is just to expensive to rent a dedicated server.
I've read reviews of the two hosts I found on the net (OVH and 1&1) and none were all that favourable. (Especially 1&1 heh)
anyone recommend some alternative EU providers? or perhaps any reasonable priced UK services?
Has anyone else here experienced terrible support responses.
Over a week ago I submitted a request to resubmit new CSR requests for 2 SSL certificates. I've ended up emailing 2 departments and trying to phone for a response.
When I phone the only response I've ever had is an answering message saying leave a message or email for a faster response!
The only email response I've ever had is a single reply saying I need to email a different department and a request has been forwarded to the correct department.
I aprreciate these are budget products but this is a dreadful support level and I'm seriously thinking I'll never purchase any of this company's products again, what if I purchase on a clients behalf, delays like this arent going to look good at all. I also appreciate its a seasonal period but come on, over a week!
I have a budget of around $400/m for a Dedicated Servers in LA. I Understand there are a lot of options but I was hoping you guys could point me in the correct direction for the best global connectivity. Im assuming since LA is so diverse in its x connects there should be one provider out there with outstanding bandwidth and a lot of connects to different providers.
View 14 Replies View RelatedI have been researching the vps market for a month or so now and have started to compile a list of questions to put to vps providers who get short listed. I would love some contributions!
1) What is the cpu and how is cpu capacity distributed, by account number limits, by assigning a certain number of mhz, is the asisgned capcity burstable?
2) ram is usually clearly advertised but who scalable is it? Can you add just extra ram or do you need to upgrade to the next package. Is it burstable and with what constraints.
3) are there any limits for the number of processes (shared hosting providers may limit processes to only a few, 15 for instance before terminating them). This isnt advertsised but need to be answered for dynamic sites with high traffic.
4) Number of simaltanious connections, both from individual Ips to the sites/account or to pop3 accounts. If the pop3 account sim con is low its will be annoying when trying to donwlaod email from several of your sites at the same time....attempts after the X number will fail.
5) Will your account have assigned bandwidth or will you just be sharing whatever connection 10/100mbps with the other uses on the server. This isnt such a big deal as a lot of servers will be streched to output 100mbps of data. If the connection is a 10mbps one then its much more important.
6) if you're used to a certain type of control panel make sure they have it and at what possible extra cost.
7) Check their terms and conditions for liability regards lost data. I chose a hosting company beofre because of their superior back up system, turns out they didnt use it and I lost 5 weeks of data (about $4000 loss for me). Their t & C avioded libility for any losses inspite of the fact that they advertises the b/u facility as a special feature.
8) quiz them on "Monitoring" and "Management". Us hosting novices may see these as the same thing but hosting companies do not. Monitoring is knowing that something is wrong, management is doing something about it. Many vps providers advertise full management but wait to be asked to fix problems that could have been lossing you money for days till one of your kind users lets you know.
9) What is their infrastructure...power, location, connectivity redundency like (ie how many T1,2 or 3 do they have and is that enough).
10) Support. Is it in house or outsourced....the later is bad as they are usually given little power to do anything and you have to wait longer for an inhouse guy to get off his lazy boy.
11) Do they limit the number of emails per period (ie like 500 per hour). This wont affect some but for those of us who have large memberships to send newsletters to this is a non starter.
I am currently on shared hosting (i will not mention who with) however since I have been with them my site has been down about 4 times. The good thing is my site hadnt launched it was just a placeholder page so nothing critical.
Due to the above issues, I think i might want to get a VPS, it is essential there is no downtime, its a new site and I dont want our reputation to suffer due to downtime.
