Security Recommendations...
-
Just had my first brush up on security... a wordpress site got hacked... what a headache!
Moving on, I am happy that Cloudron is holding up against the subsequent DDOS attack I seem to be getting pinged now over 200mm times a day, but now I need to start thinking security. Any recommendations from the community on how to beef up server security while running Cloudron?
There are many subdomains etc to think about... Maybe this security layer would need to be installed directly on the server side by side of cloudron?
-
@roofboard Cloudron security is pretty reasonable, but if you're just getting DDOS'd you can block that with a simple script.
I've never used this, but it has a lot of stars and seems to be kept up to date when needed.
-
@murgero sadly owner of this bash script had left. You can check his profile link now is 404 error
Richard Applegate
Anthem Coffee and Tea
The Joint Chiropractic
IT/Administrator Server/Network -
@ApplegateR Looks like his profile is private cause his profile pic and description still load for me. Weird it shows a 404 instead.
-
@roofboard said in Security Recommendations...:
a wordpress site got hacked...
A few questions:
Who did you piss off?
Which WP Cloudron App were you using?
Were updates enabled? For the plugins too?
What was changed during the hack?
Why is it a headache? (Other than it happening)
Have backups pre-hack to restore? Easy-peasy?
As @murgero said, Cloudron was designed to mitigate these types of things in many ways, and getting back online is much easier thanks to that.
-
@roofboard Are you using Sucuri or Wordfence for that site? You might want to consider their premium offerings for DDOS protection and post-hack services.
Either way, you need to figure out how they got in. Most likely it's a corrupt plugin.
-
@humptydumpty said in Security Recommendations...:
Wordfence
+1
The first I do with any new WordPress site is to install WordFence
-
@humptydumpty said in Security Recommendations...:
for that site?
Thanks for all the replies, yes I am using wordfence. The whole story is that I had just spinned up and was working on a new website and (the big admit) Never changed the default password.
So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours, rolled to a backup and rolled passwords pretty quickly. Then I installed wordfence....
In the mean time it got me thinking... If I was a hacker and was able to get into xxx.aaa.bbb.ccc then I would try again on every port. So while it is easy to install a firewall and get monitoring on wordpress....
How do I get that monitoring for the whole server? It is a rude awakening when your VPS provider wakes you up with an unusual traffic notice....
-
Another case that would have benefited from Custom Default Password ^^ Hope you learned from your mistake @roofboard :<
-
@roofboard afaik, Cloudron has built-in security for all the various ports that might be open. I don't think you need to install anything else as Cloudron does it all. I know I automatically set ssh to allow only a non-root sudo user to login with only a key, but Cloudron has had no problem installing with around that.
-
@roofboard said in Security Recommendations...:
So @robi I think I just got picked up by a crawler. I caught the hack in a matter of hours,
Yep, can't be lazy, as botnets are scanning the entire IP space for targets constantly.
And yes, many revisit previous active targets for more interesting exploits for a short time before moving on.
So order of operations and not skipping crucial initial steps is important
It happens.
Lesson learned.Could have been worse if you were not on Cloudron.
-
