1. Web server migration completed!

We're on a new server now! And here's why: it looks like our friend bern (or apeto1/2/3 or CoJaBo3 or who-knows-what-else) managed to compromise jeremy's local user account, which gained him root access to the system and the MySQL database. From there, it looks like he was resetting passwords for old forum accounts and that's how he was harassing us. I've taken many, many steps to harden and secure this new server to prevent any further intrusions.

  • The hosting technology is now KVM (a real virtual machine) instead of OpenVZ (a shared-system container).
  • The operating system is much newer (CentOS 7 vs Debian 5) and is running with SELinux enabled.
  • The system using a firewall (firewalld) and several active intrusion detectors (auditd, aide, fail2ban).
  • Remote root access is disabled altogether. The root user can only log on via the physical console of the machine.
  • Password authentication for SSH is disabled. Admins with SSH access must use a public/private key pair to log on to the server.
  • User accounts with sudo access must still enter their very very long password to gain root access.
  • The database connection for euweb is running as a dedicated MySQL account. Previously it was using the root account.
  • Currently only myself and jimcbrown have access to this system. Additional access will be on a discretionary basis.
  • The website now requires the use of HTTPS and is using a valid Let's Encrypt certificate.

Here are the specs for those interested:

Old server New server
Hosting provider HostWinds HyperExpert
Technology OpenVZ KVM
Processor 1 vCPU 2 vCPU
Memory 1 GB 2 GB
Storage 50 GB SSD 40 GB SSD
Operating System Debian 5.0.6 CentOS 7.5.1804
Architecture 32-bit 64-bit
Database Server MySQL 5.0.51 MySQL 5.7.22
Euphoria version Euphoria 4.0.5 Euphoria 4.1.0

-Greg

new topic     » topic index » view message » categorize

2. Re: Web server migration completed!

Great work, Greg! Thanks so much for handling this!

new topic     » goto parent     » topic index » view message » categorize

3. Re: Web server migration completed!

Seconded!

Chris

new topic     » goto parent     » topic index » view message » categorize

4. Re: Web server migration completed!

Thanks. I'm just a bit in awe of your skill set.

new topic     » goto parent     » topic index » view message » categorize

5. Re: Web server migration completed!

Many thanks Greg! All your services are deeply appreciated.

Ken Rhodes

new topic     » goto parent     » topic index » view message » categorize

6. Re: Web server migration completed!

Thanks, Greg.

new topic     » goto parent     » topic index » view message » categorize

7. Re: Web server migration completed!

FYI, euphoric pointed out that the site seemed slower than normal. Turned out I had left it running in interpreted mode.

I've switched back to compiled again, so it should be running a lot faster now.

-Greg

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu