safety

How to defend against attacks resulting in large volumes of 404 or other 4xx HTTP error codes with Fail2Ban

botond published 2023/03/14, k - 00:38 time
Our websites are constantly under attack from the outside world. The vast majority of these are done by robots, which try to discover the weak points of the websites running on the server. Some of the robots with this purpose try to do this by making various seemingly random HTTP requests to our websites, most of which are directed to non-existent URL addresses. As a result, our server responds with a 404 HTTP response code. In this description, we will look at how to ban the large number of attempts resulting in 404 and other 4xx HTTP response codes using Fail2Ban.

How can we change the default tcp port 22 of our SSH server on our Debian or Ubuntu Linux server for better security?

botond published 2022/10/23, v - 08:10 time
There are several ways to manage web servers and other servers remotely, of which SSH is the most common command line solution. The SSH protocol communicates over an encrypted channel between the server and the client. Like all similar communications, SSH transmits data through a specific port, which by default is the well-known tcp port 22. Since the function of this port is known to many people, it exposes the servers to regular attacks. This is usually avoided - or at least to reduce the number of attempts - by switching this well-known port to another, unknown port number, which can only be detected externally by port scanning, which is a more time-consuming task.
In this write-up, we will look at how to change SSH's well-known TCP port 22 to a unique port number to minimize the number of attack attempts via SSH.

Installing, configuring and using a UFW firewall on Debian / Ubuntu systems

botond published 2022. 06. 27., h - 12:54 time
UCW (Uncomplicated Firewall) is an easy-to-use netfilter firewall management program. It uses a command line interface that consists of a few simple commands and uses iptables for configuration, so it is the frontend of iptables. In this description we will look at the installation and basic use and configuration of the UFW firewall, the steps of which I will perform on a minimal Debian 11 server.

UFW (Uncomplicated Firewall)

botond published 2022/06/26, v - 15:52 time
Uncomplicated Firewall (UFW) is one such frontend of iptables and is particularly suitable for server-based firewalls. Ufw provides a framework for managing netfilter, as well as a command-line interface for managing a firewall that uses few and simple commands. Ufw is designed to provide an easy-to-use interface for those unfamiliar with firewall concepts, while simplifying complex iptables commands to help administrators who know what they are doing. UFW is also an upstream software package for other distributions and graphical frontends.

How to protect our server from attacks on our databases with "Access denied for user root@ip address (using password: YES / NO)" using Fail2Ban

botond published 2022/06/05, v - 01:45 time
When we run websites, our server and the websites and services that run on it are often vulnerable to external attacks, and our MySQL / MariaDB database server is no exception. If the Fail2Ban protection software is also available on your server, this short description will show you how to make your server more secure against attacks on your "Access denied for user root @ ip address (using password: YES / NO)" database server.

How to deal with "Possible attack detected. This action has been logged." error message in our ISPConfig control panel

botond published 2021/03/23, k - 09:19 time
ISPConfig uses a variety of protection systems to keep it secure, including IDS (Intrusion Detection System) technology. However, this setting may be too sensitive and disable us from the control panel as well. In this little troubleshooter, we'll see what we can do if our ISPConfig control panel doesn't allow us, but instead gets a "Possible attack detected. This action has been logged." error message.

Install Ubuntu 20.04 LTS (Focal Fossa) LAMP Server v1.0

botond published Jan. 2020, 10, 21:18 p.m. time
With the help of LAMP systems, we can run dynamic web pages on our server or even on our home computer. I have previously built LAMP servers for Debian 8 (Jessie), Debian 9 (Stretch) and Ubuntu 18.04 LTS (Bionic Beaver), and in this description we will install the LAMP server components for the Ubuntu 20.04 LTS (Focal Fossa) Linux distribution.