Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Security Recommendations...

    Discuss
    9
    12
    344
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      roofboard last edited by roofboard

      Just had my first brush up on security... a wordpress site got hacked... what a headache!

      Moving on, I am happy that Cloudron is holding up against the subsequent DDOS attack I seem to be getting pinged now over 200mm times a day, but now I need to start thinking security. Any recommendations from the community on how to beef up server security while running Cloudron?

      There are many subdomains etc to think about... Maybe this security layer would need to be installed directly on the server side by side of cloudron?

      murgero robi humptydumpty 3 Replies Last reply Reply Quote 0
      • murgero
        murgero App Dev @roofboard last edited by

        @roofboard Cloudron security is pretty reasonable, but if you're just getting DDOS'd you can block that with a simple script.

        I've never used this, but it has a lot of stars and seems to be kept up to date when needed.

        https://github.com/anti-ddos/Anti-DDOS

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~
        Matrix: @murgero:urgero.org

        A 1 Reply Last reply Reply Quote 1
        • A
          ApplegateR @murgero last edited by

          @murgero sadly owner of this bash script had left. You can check his profile link now is 404 error 😕

          Richard Applegate
          Anthem Coffee and Tea
          The Joint Chiropractic
          IT/Administrator Server/Network

          murgero 1 Reply Last reply Reply Quote 0
          • murgero
            murgero App Dev @ApplegateR last edited by

            @ApplegateR Looks like his profile is private cause his profile pic and description still load for me. Weird it shows a 404 instead.

            --
            https://urgero.org
            ~ Professional Nerd. Freelance Programmer. ~
            Matrix: @murgero:urgero.org

            1 Reply Last reply Reply Quote 0
            • robi
              robi @roofboard last edited by

              @roofboard said in Security Recommendations...:

              a wordpress site got hacked...

              A few questions:

              Who did you piss off? 😆

              Which WP Cloudron App were you using?

              Were updates enabled? For the plugins too?

              What was changed during the hack?

              Why is it a headache? (Other than it happening)

              Have backups pre-hack to restore? Easy-peasy?

              As @murgero said, Cloudron was designed to mitigate these types of things in many ways, and getting back online is much easier thanks to that.

              Life of Advanced Technology

              1 Reply Last reply Reply Quote 0
              • humptydumpty
                humptydumpty @roofboard last edited by humptydumpty

                @roofboard Are you using Sucuri or Wordfence for that site? You might want to consider their premium offerings for DDOS protection and post-hack services.

                Either way, you need to figure out how they got in. Most likely it's a corrupt plugin.

                jdaviescoates R 2 Replies Last reply Reply Quote 2
                • jdaviescoates
                  jdaviescoates @humptydumpty last edited by

                  @humptydumpty said in Security Recommendations...:

                  Wordfence

                  +1

                  The first I do with any new WordPress site is to install WordFence

                  I use Cloudron with Gandi & Hetzner

                  1 Reply Last reply Reply Quote 1
                  • R
                    roofboard @humptydumpty last edited by

                    @humptydumpty said in Security Recommendations...:

                    for that site?

                    Thanks for all the replies, yes I am using wordfence. The whole story is that I had just spinned up and was working on a new website and (the big admit) Never changed the default password.

                    So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours, rolled to a backup and rolled passwords pretty quickly. Then I installed wordfence....

                    In the mean time it got me thinking... If I was a hacker and was able to get into xxx.aaa.bbb.ccc then I would try again on every port. So while it is easy to install a firewall and get monitoring on wordpress....

                    How do I get that monitoring for the whole server? It is a rude awakening when your VPS provider wakes you up with an unusual traffic notice....

                    subven scooke robi 3 Replies Last reply Reply Quote 0
                    • subven
                      subven @roofboard last edited by subven

                      Another case that would have benefited from Custom Default Password ^^ Hope you learned from your mistake @roofboard :<

                      1 Reply Last reply Reply Quote 1
                      • scooke
                        scooke @roofboard last edited by

                        @roofboard afaik, Cloudron has built-in security for all the various ports that might be open. I don't think you need to install anything else as Cloudron does it all. I know I automatically set ssh to allow only a non-root sudo user to login with only a key, but Cloudron has had no problem installing with around that.

                        A life lived in fear is a life half-lived

                        1 Reply Last reply Reply Quote 0
                        • robi
                          robi @roofboard last edited by robi

                          @roofboard said in Security Recommendations...:

                          So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours,

                          Yep, can't be lazy, as botnets are scanning the entire IP space for targets constantly.

                          And yes, many revisit previous active targets for more interesting exploits for a short time before moving on.

                          So order of operations and not skipping crucial initial steps is important 😇

                          It happens. 🤷 Lesson learned.

                          Could have been worse if you were not on Cloudron.

                          Life of Advanced Technology

                          1 Reply Last reply Reply Quote 2
                          • L
                            LoudLemur last edited by

                            https://attack.mitre.org/

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Powered by NodeBB