Server security


#1

Hi Installed wordpress with HHVM and fast cgi cache so does EE handle all security itself or it can be improved Please Link to some article to do it


#2

Hi, as far as I know EasyEngine does one thing and it does it well: WordPress Autosetup and Hosting. But Serversecurity has to be handled by you yourselve.

Please google it and you will find a ton of info. Most important are:

  • A firewall and blocking all ports you dont need (I like UFW in Ubuntu as it gives you simple commands to get most things done just like EE)
  • Securing your SSH connection (No Root login, no password login…)
  • Automatic Security Updates

I am sure I forgot something, youll find what you need by googling your Linux Distro together with “securing”.


#3

Thanks For the reply find virtubox Github and it knowledgebase virtubox github

Knowledgebase

The article

https://kb.virtubox.net/knowledgebase/ufw-iptables-firewall-configuration-made-easier/

in running process there is HHVM something like this 2123/hhvm so should i enable it in ufw like this ufw allow 2123 and other process too

in these three i put my own ip ?

Allow connections on all ports from an IP ufw allow from 123.45.67.89

Allow connections on all ports from a subnet ufw allow from 123.45.67.89/24

Specify a port + an IP + a protocol ufw allow from 123.45.67.89 to any port 22 proto tcp

and what to do when my ip changed


#4

can you help me with ufw ?


#5

@vibhi This is what I do with ufw on a new ubuntu server:

sudo apt-get install ufw -y
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow 22
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw logging on
echo "y" | sudo ufw enable

#6

should i use this config


#7

Looks good. If you look at it you will see my commands are also in there. ufw allow 443/tcp for example does the same as ufw allow https.

You should make sure to only allow the ports you really need. SSH is a given of course with the standard port 22. But you can change it also if you want. And if you host any kind of website http and https are also necessary.

Just see what the other ports are for and then decide if you need them.

Like I mentioned before there are also plenty of other and more complete tutorials out there of how to secure your Ubuntu Server. If you have another OS just search for that one of course.


#8

do i need to add other port in ufw or not? like hhvm or memcache


#9