Learn about Centmin Mod LEMP Stack today
Register Now

Introduction and question :D

Discussion in 'Introductions' started by hitman, Jul 18, 2014.

  1. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    5:19 AM
    hallo everyone
    i am new to centmin mod and i like the work that has been done
    i am planning to use it along with IPB and i would like to know in general what measures have you taken to make it safe enough against hacking attempts.


    have you somewhere a post regarding what needs to be done to make the vps as safe as possible?
    thank you
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    welcome @hitman

    IP.Board setup is listed at http://centminmod.com/nginx_configure_ipboard.html and forum software forum at https://community.centminmod.com/forums/forum-software-usage.34/ and that is as far as I've done along with Getting Started guide http://centminmod.com/getstarted.html.

    Further extensive VPS security is left up to the end user but what is setup by Centmin Mod out of the box including CSF Firewall http://centminmod.com/csf_firewall.html (thread https://community.centminmod.com/threads/csf-firewall-info.25/) is safe. This very forum runs Centmin Mod LEMP stack along with 17 out of 20 of my servers.

    Hacking attempts would be from code in IP.Board so that's all on the forum software authors and end user's management of forum software updates and forum related security practices . Basically, no ones hacking your forum unless 1) you give them the keys (weak root user password, weak forum/admin user passwords) or 2) misconfigure your forums or 3) misconfigure your Nginx configuration or do something not recommended i.e. disable CSF Firewall :)

    Also as download page says, you can also do a test install on test VPS first to get a feel. No one says you need to jump into the deep end first ;)
     
    Last edited: Jul 18, 2014
  3. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    5:19 AM
    first of all i would like to thank you for you response
    i have already setup a test vps and i am trying it there and i have to say that you have done an amazing job.Congratulations!!!

    i already know how to protect the forum software but i have never used nginx before.
    could you please let me know what you mean by 3) misconfigure your Nginx configuration .... what would that be?

    thank you
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    It would be web app relative misconfiguration stuff like https://community.centminmod.com/threads/how-to-config-rewrite-in-joomla-3.659/ with correct way like https://community.centminmod.com/threads/tut-config-rewrite-and-run-in-joomla-3.737/. Unfortunately, I don't use Joomla so end users are left to figuring out specifics. I can give some basic advice there.

    With IP.Board it's more complete as I have used the forum software hence http://centminmod.com/nginx_configure_ipboard.html i.e. taking note to rename admin directory etc.

    Best advice is to setup a duplicate test forum beside the live to try out everything first. If unsure of something Nginx or VPS related, try it out on test VPS before live - that's basically what I do for any major changes even forum upgrades :)
     
  5. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    5:19 AM
    thank you once again
    that is exactly what i have done,i have a vps for testing

    can you please give a little bit more details for the
    block common exploits, sql injections etc part in the conf file of the domain.
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    the block.conf pretty much has explanatory comments in it - Github hosted .07 stable block.conf at https://github.com/centminmod/centminmod/blob/123.07stable/config/nginx/block.conf with top link to howtoforge article explaining them at http://www.howtoforge.com/nginx-how...jections-file-injections-spam-user-agents-etc :)

    For more Nginx/PHP-FPM and MariaDB specific questions maybe this forum https://community.centminmod.com/forums/nginx-php-fpm-mariadb-mysql.21/ more appropiate or for install related at https://community.centminmod.com/forums/install-upgrades-or-pre-install-questions.8/ ;)
     
  7. hitman

    hitman Member

    126
    11
    18
    Jul 18, 2014
    Ratings:
    +15
    Local Time:
    5:19 AM
    a last question please regarding the email handling
    i will probably be able to send mails through php but will i be able to receive mails that are mail@domain.com?
    if not is there a way to redirect mail@domain.com to mail@gmail.com?

    thank you

    ps
    i tried enabling the limit_conn limit_per_ip 16 but when i restart nginx i get error "zero sized shared memory zone"
    what should be done?
     
    Last edited: Jul 21, 2014
  8. eva2000

    eva2000 Administrator Staff Member

    53,554
    12,135
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,678
    Local Time:
    12:19 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Email question best asked in this forum https://community.centminmod.com/forums/domains-dns-email-ssl-certificates.44/. And best long term solution https://community.centminmod.com/threads/free-yourdomain-com-email-accounts-alternatives.280/

    see at very bottom of /usr/local/nginx/conf/nginx.conf the relevant settings for that

    Code:
    ## limit number of concurrency connections per ip to 16
    ## add to your server {} section the next line
    ## limit_conn limit_per_ip 16;
    ## uncomment below line allows 500K sessions
    # limit_conn_log_level error;
    #######################################
    # use limit_zone for Nginx <v1.1.7 and lower
    # limit_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    # use limit_conn_zone for Nginx >v1.1.8 and higher
    # limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################