Linux, server protection from attacks?

S

Sergey2016-06-03 17:40:41

linux

Sergey, 2016-06-03 17:40:41

Is there a universal solution for my problem? If so, write it down and explain. Why am I asking this? On vds there is a web server ngx, the task is a site (gives pages, css, and images), and server management via ssh. As I believe it is easier to resolve what I wrote above, and the rest will drop. And the question arises ... how would the ssh connection not be dropped. How to implement this on iptable or maybe differently.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

H

Human, 2016-06-03
@chelovekmuravei

It is most correct to do everything that was said above +
1. turn off password authorization (only through a certificate)
2. in iptables set access to ssh only from certain ip
3. in ssh duplicate access from certain ip
4. For nginx, hide the version, for php also, for the system, also read how it hides
5. configure fail2ban for all open services with authorization
6. limit the number of simultaneous connections on all services, it's different everywhere. limits and more
For the paranoid, you can always do it on the openvpn server on port 443, allow sharing it with nginx, get yourself a non-exportable certificate, transfer it in a complicated way through a split archive with a password, then import it using the password into the device’s private storage and sit from it in ssh to the server .

X

xmoonlight, 2016-06-03
@xmoonlight

And the question arises ... how would the ssh connection not be dropped. How to implement this on iptable or maybe differently.

Yes, you are all correct. I would do that too. It is imperative to exclude ssh from the drop list so as not to lose access to the server.