Web Hosting Forums

Page 1 of 2 1 2 LastLast
Results 1 to 15 of 19

This is a discussion on Securing my VPS in the Hosting Talk & Chit-chat forum
Ok. I've finally managed to get up to speed with this whole WHM thing. Now I have to new questions: 1) How to I ensure ...

  1. #1
    Loyal Client Daiver's Avatar
    Join Date
    Jul 2005
    Posts
    191

    Securing my VPS

    Ok. I've finally managed to get up to speed with this whole WHM thing. Now I have to new questions:

    1) How to I ensure security on my VPS? I know no system is perfect, but I want to make sure that it's not so loose that anyone can hack into it.

    2) I run a vBulletin forum. Is there a way to get automatic backups of the DB? Basically, in my head, there's a way to get the server to automatically make backups of the DB and store it elsewhere in case sh** happens. Is there a way to do this?

    Thanks.

  2. #2
    Loyal Client
    Join Date
    Jul 2005
    Location
    Uk
    Posts
    125

  3. #3
    CTO JPC-Masood's Avatar
    Join Date
    Aug 2002
    Location
    Jaguar Servers
    Posts
    1,916
    [COLOR="DarkRed"]Masood N. [/COLOR] | [COLOR="Red"]Chief Technical Officer[/COLOR][SIZE="3"] JaguarPC.com[/SIZE]

  4. #4
    Loyal Client Daiver's Avatar
    Join Date
    Jul 2005
    Posts
    191
    Alright, the first one is complicated as hell. There is an unmeasureable learning curve on that.

    I think the link that masood posted is a bit more "doable" by me. So I'll start with that and let you know if I managed to do this.

    /Really need to learn Linux.

  5. #5
    Loyal Client Daiver's Avatar
    Join Date
    Jul 2005
    Posts
    191
    So yeah. Gwaihir's thing is also impossible for me. If I go into PHPmyAdmin, is there a way to make a backup and download it?

    The best thing would be to have the server do a daily backup and store it somewhere, but I think that this is going to be quite impossible considering my Linux skills.

  6. #6
    the Windlord Gwaihir's Avatar
    Join Date
    Jun 2002
    Posts
    2,570
    Quote Originally Posted by Daiver
    If I go into PHPmyAdmin, is there a way to make a backup and download it?
    Sure, just go to the "export" tab in there and pick "save as file".

    Downsides:
    - not automated: gotta do it manually one database at a time
    - messes up once your databases get big

    The best thing would be to have the server do a daily backup and store it somewhere.
    JagPC offers such. It's got a bill attached to it, but it is exactly that. Just ask support about it.

    They're talking about soon offering "just the space" for free btw. But since the actual moving is your trouble, that might not be much help.

    BTW: I'd still recommend taking a backup off of the servers every now and then, just in case.

    So yeah. Gwaihir's thing is also impossible for me.
    Couldn't we talk you through it, assuming you are interested to learn more of these matters? Pick up that old thread with a post of where you're stuck?
    Regards,

    Wim Heemskerk
    ---
    Visit MeCCG.net - Cardgaming in J.R.R. Tolkien's Middle-earth
    And Gwaihir.net - The Middle-earth CCG store

  7. #7
    Loyal Client Daiver's Avatar
    Join Date
    Jul 2005
    Posts
    191
    You do realize what you're getting into, right Gwaihir?

  8. #8
    the Windlord Gwaihir's Avatar
    Join Date
    Jun 2002
    Posts
    2,570
    Quote Originally Posted by Daiver
    You do realize what you're getting into, right Gwaihir?
    On the command line, you can play with your scroll wheel all you like, without messing anything up, so.. I think we'll manage
    Regards,

    Wim Heemskerk
    ---
    Visit MeCCG.net - Cardgaming in J.R.R. Tolkien's Middle-earth
    And Gwaihir.net - The Middle-earth CCG store

  9. #9
    Loyal Client Daiver's Avatar
    Join Date
    Jul 2005
    Posts
    191
    Alright, after dinner I'm hitting that other thread. Thanks!

  10. #10
    Voltron wannabe tank's Avatar
    Join Date
    Apr 2004
    Location
    Houston
    Posts
    306
    just set up a cron job to run everynight (or wheneer you want it to run) and plug this line into the command:
    mysqldump --opt -p{passowrd} -u{username} {database_name} > backup.sql

    jsut replace the info in the braces.. also do NOT include the braces. they are there for example only

    this will create a backup of your DB and put it in your root.

    there is plenty of reading in these forums on how to do this type of stuff. Just get real familiar with the Search

    heres a good one on site backup and DB backup. it basically says what I posted above but just explains it more:
    http://jaguarpc.com/forums/showthread.php?t=639
    Last edited by tank; 08-05-2005 at 07:49 PM.

  11. #11
    Yeah, I know a LOT! Vin DSL's Avatar
    Join Date
    Mar 2003
    Location
    Arizona Uplands
    Posts
    10,661
    Bah! You're missing half the fun of being a webMASTER! The idea is to cover your ass with asbestos, then stick it in the fire...

    What I do, on my web site, is protect myself against all the usual/known exploits, then post all the information the hackers need to hack my web site on the home page - the OS version, PHP, MySQL, phpBB version, and so forth. Then, when they use this info to hack my site, they are automatically banned via scripts, e.g. I guide the attacks - I don't wait for them to attack me, THEN react...

    Proof?



    Hahahaha! What a bunch of fools these hackers are! Offense is the best defense... quit hiding in the corner like a girlie-man! Show 'em what you got, but don't give it to 'em... That's the way I survive in the shark-infested waters of the Internet...
    DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.

    No Guts, No Story! VinDSL 2010

  12. #12
    Loyal Client Daiver's Avatar
    Join Date
    Jul 2005
    Posts
    191
    The great difference is that you have the hacking know-how, which I don't. Hell, I'm still learning things like chmod, rm -rf, etc.

    I have absolutely no idea of how scripts work, etc. Webmastering is not a bone I can chew on for the moment. All I want is my aviation forum, my blog, email and streaming audio. So far, I have these things and the reason why I hired a VPS is to be able to have everything in one place and run ShoutCast in it.

    However, next week I will try to start working on Gwaihir's thing and perhaps your advice could be useful as well. I'm planning on posting on Gwaihir's original thread so look in there please.

    Later.

  13. #13
    Pointy Stick Expert
    Join Date
    Nov 2002
    Posts
    141
    I don't have time to write it all up in detail, but if you've got an old PC laying around somewhere, here's the best fully automated method I've found for backup. This is just an overview - all the details are here and elsewhere, if you want to invest the time to find them.

    - Install Linux on your spare PC. It can be any old beater you have, as long as it has sufficient disk space for the OS and your backups. Linux distribution is not important, use any modern distribution you are comfortable with.

    - Setup an SSH tunnel between your Linux box and Jag that requires no login. It's been discussed here before - search on SSH and rsync.

    - Setup two cron jobs on your local box - one to remotely export and compress your Jag database(s), one to run an rsync job to copy Jag changed files to your local Linux box. Here are my two cron jobs - the first runs the export, the second runs a few minutes later and catches all changed/new server files, including the database export. Obviously, you'll need to modify the login id's, passwords, directories, etc.:

    Code:
    59 2 * * * ssh www.myjagdomain.com 'mysqldump -u jaglogin_mysqladmin -pmysqlpassword jaglogin_mysqldb | gzip > /home/jaglogin/mysqlbackup/dbname.sql.gz'
    0 3 * * * rsync -e ssh -avz --delete --ignore-errors [email protected]:/home/jaglogin /data/backups/mydomain
    - Configure logrotate on your local Linux box to compress and archive your locally stored Jag backups. I save daily, weekly and monthly archives, deleting the daily after 3 mos., the weeklys after a year. Configure logrotate for whatever retention makes the most sense for your data.

    There are at least two advantages to initiating your backups from a local Linux box, as opposed to cron'ing them from your Jag account. First, you don't have to embed any ID's or passwords on your web site or in the cron job - all this information is stored locally, which is far more secure. Second, using rsync allows you to get the most complete backups possible, with the least amount of bandwidth usage since it's an incremental copy. I'm using too much disk space at Jag to bring down a full backup nightly - that alone would exceed my monthly bandwidth quota.

    I'm a little paranoid about losing stuff, so I've got a pair of mirrored drives (Linux software RAID) in my local box, and burn things off to CD once a month.

    If you're a Linux novice, the above may sound a bit daunting, but it's not all that tough. It's also a good learning experience, particularly for somebody running a VPS. Given that you essentially have root on the box, it's not a bad idea to polish the nerd skills a bit...

  14. #14
    the Windlord Gwaihir's Avatar
    Join Date
    Jun 2002
    Posts
    2,570
    You've got an extra box running 24/7/365 just for that? What a waste of electricity and through that, your funds and our environment.

    Rsync is indeed the best way to transfer the backups, AFAIK. But that works just fine from a windows box. Installing cygwin with ssh and rsync is a LOT less work and simpler than setting up a seperate Linux box, especially if you know nothing about all that. Cron as built in in Windows is called "task scheduler", but works just as fine.

    Why run that first job from home? That makes no sense at all since it is all done server side. Your mysql password is obviously on the server anyway, otherwise your website won't function. Having that in one more file that is you-readable only is hardly adding insecurity. And yet with that paranoia level, you still put your mysql password on the command line, thus exposing it in your process list without any need for that?
    Regards,

    Wim Heemskerk
    ---
    Visit MeCCG.net - Cardgaming in J.R.R. Tolkien's Middle-earth
    And Gwaihir.net - The Middle-earth CCG store

  15. #15
    Pointy Stick Expert
    Join Date
    Nov 2002
    Posts
    141
    Quote Originally Posted by Gwaihir
    You've got an extra box running 24/7/365 just for that? What a waste of electricity and through that, your funds and our environment.
    Nope, it serves many other functions. Handles file/print/fax/mp3 services for my home network. I also use it for all testing before implementing things on my production Jaguar site. Which is a piece of cake, since the data and environment are virtually identical - unlike your cygwin solution.

    As for the environment...please. Even if I didn't need the extra Linux services, I'd still run automated backups on a standalone box, for reasons listed below. One small box, running headless, ain't gonna kill any dolphins.

    Quote Originally Posted by Gwaihir
    Rsync is indeed the best way to transfer the backups, AFAIK. But that works just fine from a windows box. Installing cygwin with ssh and rsync is a LOT less work and simpler than setting up a seperate Linux box, especially if you know nothing about all that. Cron as built in in Windows is called "task scheduler", but works just as fine.
    Less work != better solution.

    I'd prefer to have my backups handled and stored on a non-Windows platform for stability and security reasons. Nothing critical ever resides on my Windows workstations.

    Additionally, since backups are typically best handled in the middle of the night, I'm actually being more "green" than your one box solution. My low-end headless Linux box runs 24x7, my Windows workstation is only on when I need it. If I were running backups via cygwin from the Windows box, it would be on 24x7 - complete with it's beefy power supply and monitor. Instead, it's on 1-2 hours a day.

    Quote Originally Posted by Gwaihir
    Why run that first job from home?
    I used to have several cron jobs configured at Jag. After the third time they lost them all during server moves/updates, I took responsibility for them on my end.

    It's also far easier to manage all of my automated jobs (I have many others in addition to backup) from a central crontab.

    Quote Originally Posted by Gwaihir
    And yet with that paranoia level, you still put your mysql password on the command line, thus exposing it in your process list without any need for that?
    Well, we are discussing this in the VPS forum, so you may have a point. If Jag doesn't configure non-root accounts in a jailshell for VPS, AND you allow others to login to your VPS, I'll concede the vulnerability. However, I'm not on VPS yet - still on SDX. On Jag's shared plans, you can't see other users' processes from the jailshell, so I'm only vulnerable to root - not a huge concern... And then, only for the 1-2 minutes the export takes.

Page 1 of 2 1 2 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •