Lately we had many reports from people that their server got blocked from us due to
Our users were stating that none of them did anything wrong, some of them didn't even use the machines, their server would get blocked before they even gain access to it.
Kloud51 team started testing all the official and un-official OpenVZ OS templates one by one, so far all of them were fine with not a single malicious files or activity. We ran many tests and different tools to find a hole or malicious file, absolutely nothing was there.
We launched hundreds of VPS machines and keep monitoring them, each with different OS templates and kind of software installed on. Of course we got some help from volunteers in this test from our clients, which they allow us to install our monitoring and log collectors on their machines.
Result was obvious, amazing, not only we found the source of the issues but solution to fix them as well.
VPS machines would get hacked or cracked and get rootkit and back doors installed on them in less than 5 minutes, each attacks coming from many different IPs and changing attacks in seconds, once the hack attempt got sucessfull, most of the time a rootkit would ge installed or a ser with root root access would be created in the system. There were many different kind of attacks that we were surprised how they were working.
Good news is we found the solution to prevent such attacks, below you can see what kind of customization we've done on each server image to get them working securely.
It's been a while that we started hardening our OS templates:
- Configuring firewalls
- SSH Brute Force
- FTP Hardening
- Closing Unused Ports
- Removing unnecessary applications
- Install CRON jobs to ensure all these.
- Disabled unused services and daemons
So far our secured images are as below:
We're adding more secured images, we update this list once an image has been added.
I'd like to note that having all of these won't help if you have a weak password and root allowed login either with authentication_key or password you'll be doomed most of the times.
Take care of your machines, secure them, change default SSH port and always be aware what is being running in the background of your machine. Tools like top, htop and ps are wild bunch you're looking for when going to find running processes.
By Alireza Savand, Founder Savand Bros