Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
*SSH's into VPS*
*Starts doing some general maintainance (updating, checking the logs etc)*
*runs the who command for fun*
*NOTICES THAT THERE"S ANOTHER ACTIVE SESSION*
*FURIOUSLY STARTS TO TRY AND LOOK HOW THAT USER MIGHT HAVE GOTTEN IN (root)*
*Goes one terminal to the left after a few minutes to see if I can use that one as well*
*notices an active and forgotten SSH session to that VPS*
I am stupid.19 -
So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!
It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"
Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.
My parents found it very easy to work with as well so we decided to stick with it.
I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.
Then I started to experiment more and more.
After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!
From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.
Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!
I started to learn stuff like FTP, SSH and so on.
Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?
First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.
Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.
Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!
I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.
Finally made the jump to NginX and CentOS!
Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.
Started with simple, one screen linux setup with ubuntu 10.04.
Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!
It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).20 -
https://git.kernel.org/…/ke…/... sure some of you are working on the patches already, if you are then lets connect cause, I am an ardent researcher for the same as of now.
So here it goes:
As soon as kernel page table isolation(KPTI) bug will be out of embargo, Whatsapp and FB will be flooded with over-night kernel "shikhuritee" experts who will share shitty advices non-stop.
1. The bug under embargo is a side channel attack, which exploits the fact that Intel chips come with speculative execution without proper isolation between user pages and kernel pages. Therefore, with careful scheduling and timing attack will reveal some information from kernel pages, while the code is running in user mode.
In easy terms, if you have a VPS, another person with VPS on same physical server may read memory being used by your VPS, which will result in unwanted data leakage. To make the matter worse, a malicious JS from innocent looking webpage might be (might be, because JS does not provide language constructs for such fine grained control; atleast none that I know as of now) able to read kernel pages, and pawn you real hard, real bad.
2. The bug comes from too much reliance on Tomasulo's algorithm for out-of-order instruction scheduling. It is not yet clear whether the bug can be fixed with a microcode update (and if not, Intel has to fix this in silicon itself). As far as I can dig, there is nothing that hints that this bug is fixable in microcode, which makes the matter much worse. Also according to my understanding a microcode update will be too trivial to fix this kind of a hardware bug.
3. A software-only remedy is possible, and that is being implemented by all major OSs (including our lovely Linux) in kernel space. The patch forces Translation Lookaside Buffer to flush if a context switch happens during a syscall (this is what I understand as of now). The benchmarks are suggesting that slowdown will be somewhere between 5%(best case)-30%(worst case).
4. Regarding point 3, syscalls don't matter much. Only thing that matters is how many times syscalls are called. For example, if you are using read() or write() on 8MB buffers, you won't have too much slowdown; but if you are calling same syscalls once per byte, a heavy performance penalty is guaranteed. All processes are which are I/O heavy are going to suffer (hostings and databases are two common examples).
5. The patch can be disabled in Linux by passing argument to kernel during boot; however it is not advised for pretty much obvious reasons.
6. For gamers: this is not going to affect games (because those are not I/O heavy)
Meltdown: "Meltdown" targeted on desktop chips can read kernel memory from L1D cache, Intel is only affected with this variant. Works on only Intel.
Spectre: Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution, by allowing malicious processes access to the contents of other programs mapped memory. Works on all chips including Intel/ARM/AMD.
For updates refer the kernel tree: https://git.kernel.org/…/ke…/...
For further details and more chit-chats refer: https://lwn.net/SubscriberLink/...
~Cheers~
(Originally written by Adhokshaj Mishra, edited by me. )
23 -
Before anyone starts going batshit crazy, this is NOT a windows hate post. Just a funny experience imo.
So I was tasked with installing ProxMox on a dedicated server at my last internship. The windows admin was my guider (he could also do debian). (he was a really nice/chill guy)
So we were discussing what VM's we wanted and the boss (really cool dude by the way) said he wanted a VPS for storing some company stuff as well. Fair enough, what would we use? I suggested debian and centos. Then we started discussing what we'd do if the systems would fuck up etc (at installation or whatever).
So I didn't wanna look like a Linux Nazi so I suggested windows. Then the happy/positive guider/windows admin suddenly became dead serious (I was actually like 'woah' for a second) and said this:
No. We're not going to fucking use windows for this. For general servers etc sometimes, fair enough but we're talking about sensitive company data here. I don't want that data to be stored on a proprietary/closed source system, hell what if there's some kinda fucking backdoor build in, who can fucking verify that? We're using Linux, end of discussion.
😓
I was pretty flabbergasted as he's a nice guy and actually really likes windows!
Linux it became.5 -
Got my front end friend (also my irl best friend) to agree on me setting up a vm/vps on one of my dedi's with a sub domain so he can learn to work with servers.
He agreed on me leaving root access for myself in case he couldn't figure something out and I (a Linux server engineer myself) would have to help him out.
He seemed so excited, will set this up when I get home 😊6 -
Since I was little I was fascinated by club light shows I saw on TV shows. I just couldn't find out how they made light react to sound, which were two completely unrelated things to me back then. But I wasn't dumb and somehow figured out that if I hooked some low energy fairy lights to my amp and turned the bass up, they would lightup to the beat.
3 fried fairy lights and angry parents for to loud music later I swore to myself that I would someday build something that could light up my whole room and react to the music I was playing.
I started coding about the age 13 (turned 20 a month ago) with some old school bat scripts. But I wanted something that would generate a .exe so I googled and ended up installing Visual Studio Express (again angry parents for installing without asking) and started copying my first VB.Net program together. From there no one could stop me. I wanted to archive something with an application and googled until I found what I needed and learned to code this way.
I learned writing decent vb.net code and itvwas about this time I came into contact with IRC. I lurked arround there and this is were I came into contact with Linix servers, because I wanted to code IRC (eggdrop) bots, so I learned TCL and got used to Linux. Time passed and I ended uo being a Global OP on some network back then.
I did go further, coded Minecraft Mods, thus Java, changed back to C#, learned PHP and started setting things up on my VPS, Mails server, web server, etc.
Nowadays I work as a Systemadmin / Developer Hybrid, earning my first real money doing what I love to do and guess what? In the meantime I proved myself I can accomplish what I wanted as kid. I bought some Club LED DMX capital lights and programmed a controller for them which can control them in C#, but in a way I can run it on my raspi using mono. I also coded a client which runs on windows which uses some native libraries to calculate the dominant color of the shown picture in realtime (Handels 24fps 1080p) and uses the lights as ambient light, like you see them behind TVs sometimes.
The same app uses Bass.NET and an algorithm to dedect a beat in realtime and switches the light colors. Exactly what I wanted as akid, but better.
I can even control the lights via the new Google Assistant and/or Tasker.
Feels fcking good.
Some of my work lies on github among other, mostly trash: https://github.com/Kimmax - didn't updated there in a while tho.
I plan on writing a new free opensource plugin based modular home automatication server and pretty sure could use some helping hands..
I don't know why I wrote all this, just felt like it.
Also: first Rant
Please don't kill me for errors in the text, I'm to lazy to read through it again right now :P8 -
Thank you guys. Especially thank you @linuxxx. Because of your help, patience and advice I accomplished to setup and manage my new VPS on my own. I even moved to linux on my local machine.
It has been a long path. But I feel confident now. Thank you for growing that feeling in me.6 -
Hey there!
So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.
Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.
Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.
Thanks in advance for enduring my rant and infodump 😅7 -
TL;DR my first vps got hacked, the attacker flooded my server log when I successfully discovered and removed him so I couldn't use my server anymore because the log was taking up all the space on the server.
The first Linux VPN I ever had (when I was a noob and had just started with vServers and Linux in general, obviously) got hacked within 2 moths since I got it.
As I didn't knew much about securing a Linux server, I made all these "rookie" mistakes: having ssh on port 22, allowing root access via ssh, no key auth...
So, the server got hacked without me even noticing. Some time later, I received a mail from my hoster who said "hello, someone (probably you) is running portscans from your server" of which I had no idea... So I looked in the logs, and BAM, "successful root login" from an IP address which wasn't me.
After I found out the server got hacked, I reinstalled the whole server, changed the port and activated key auth and installed fail2ban.
Some days later, when I finally configured everything the way I wanted, I observed I couldn't do anything with that server anymore. Found out there was absolutely no space on the server. Made a scan to find files to delete and found a logfile. The ssh logfile. I took up a freaking 95 GB of space (of a total of 100gb on the server). Turned out the guy who broke into my server got upset I discovered him and bruteforced the shit out of my server flooding the logs with failed login attempts...
I guess I learnt how to properly secure a server from this attack 💪3 -
So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...17 -
I'm currently planning to set myselv up with some vps/dedicated server's for a project. What i plan to do to secure these servers is.
*Use centos 7
* Setup Wireguard and join all of the servers +1 client (my pc) to that network
*Disable SSH Access from outside that VPN
*Only allow RSA Key login to the Servers
*Install Cockpit for monitoring
*Intall docker/kubernetes for the applications i plan to run
What do you guys think of that as a baseline? Im not sure if my lower powered VPS (VPS M SSD from Contabo) will work as Kubernetes Nodes, does anyone have experience with that?
In general these Servers will be used for my projects and other fooling around.
If you guys have other suggestions for Securing/monitoring or other software i could put on to have more control without eating up to much of the Servers power, let me know :D12 -
Have a question about my career:
So far my career out of uni has been like this:
8 months in first place working as C# .NET dev, creating native desktop apps for windows. job was shitty, was not getting any best practices skills so I left.
12 months in 2nd place working as android dev in a startup. was working all alone and had to rebuilt my app up to 5-6 times to learn best practices. startup didnt care about android app at all so I left and now doing just some small freelance work for them.
3 months in new startup as android dev.Today I was told that its decided to focus on iOS and do all marketing (also uplift of new design) only on iOS. basically for next 3-4 months they don't plan to do much on android side. they saw that I showed some interest in backend and now they are asking me to talk with two other senior guys about starting with some small tasks for me on backend.
Our backend is mainly using python. Also backend guys will be pretty busy for next few months because they will have to deliver many new features in next few upcoming months. I've talked with one of them and he said that this is a bad idea to force frontend to start working on backend. However I feel that he's sort of gateekeping and probably just doesn't want to help me with getting up to speed.
In my defense, my knowledge doesn't end with C# .NET desktop apps and native mobile apps for android.
I have hobbie projects (gameservers) where I worked on websites (php,html,css,javascript,mysql) and also was taking care of a java based gameserver which is hosted in a linux vps.
Also I've had a small hosting "company" where with available tools I've managed to automate VPS(virtual private server) ordering, web hosting ordering and domain ordering. Basically I owned a dedicated server and did everything using whmcs, cpanel and proxmox virtualization.
I trust myself in learning this backend stuff and doing whats required, however I learned everything by myself and I won't follow all of these best practices.
Should I accept more responsibility on backend or should I continue focusing on android?7 -
Aaaand I did it again T_T
Installed knockd for some reason it wasn't working well, couldn't unlock the port and guess what, internet disconnected for five minutes ==> My SSH session closed and I am locked out of my VPS :')
What is even worse Scaleway doesn't have a root user password when creating the server it uses a pre-entered ssh key that I put in my account, so I was pretty much locked out.
But I was able to remove it, they have custom scripts for booting so I was able to fireup a shell session during boot and removed knockd
Either I fail at using Linux or I really need to work on my self lol2 -
This is the single most important question of the year:
Where is a good Minecraft server service that can run FTB Modpacks?
My options are:
1 - A dedicated linux box with Minecraft management software with a port open to the world.
2 - Purchase a vps or something similar to host MC.
I have done 1, and it worked pretty well. It ran on a tiny A8 processor with 8GB ram and an SSD. I see services and they cost like 15 to 20 a month and seem like they are awfully stingy on storage. I can get an enterprise server for 30 a month, but I just asked (my webhost, who I really like) and they said they cannot run Minecraft servers. They said I would need a vps, and they don't have them yet. So I could dig around for a vps service and that is an option. I am really wary of "minecraft" branded services as many are outright ripoffs.
Thoughts? Successes? Just do it myself?5 -
What my ADHD brain looks like to an outsider:
My media player doesn't support ordered chapters, so now I have FreshRSS running on my VPS.
The actual mental process:
> MPC-BE doesn't support ordered chapters with the built-in filters
> I should install the third-party LAV Filters
> Not available on Scoop and I'm never touching Chocolatey again
> I wish I had Linux on this PC instead of Windows, so I could have a proper package manager to handle updates, but I digress
> Sure would be nice if I could find a way to know when this updates.
> Actually, tracking versions for multiple GitHub repos would be really nice.
> I would just subscribe but my email inbox is a mess already and I'd probably fail to see the emails
> GitHub Release pages have their own Atom feeds!
> I don't currently use any feed readers
> Maybe I should self-host a feed reader
> Set up FreshRSS Docker container on my server
> Actually installed the LAV Filters to solve the original problem.7 -
Ok peeps!
A newbie to nodejs and linux VPS (ubuntu) would appreciate any tips you could throw my way on how to push locally developed nodejs webapp to prod in vps server 😊
Thanks!5 -
I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.
With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.
The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.
1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?
If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)
I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.24 -
What are 3 problems that may occur if the agent application nydus ex and ex-api porte 2224 is down on a vps? Apart from metric issues and task completion issues.
Top Tags
Weekly Rant
View