New Editorial: The Myth of VPS Hosting, Reasons to Avoid It!

kpmedia · #1 11-17-2013, 09:46 PM

Latest editorial:

Author Notes:

This is one of those topics that's been annoying for years. It feels good to get things like this out in the open. Far too often, JimBobGuruRockstarNinja at some forum -- in other words, a kiddie or amateur hosting user, often from Webhostingtalk.com or WarriorForum.com -- insists VPS is the best thing ever. These people couldn't be more wrong. A VPS is great -- just like a dedicated server or private cloud -- but it's not for everyone. And this editorial goes over the reasons why.

Have Comments or Feedback?

As always, feel free to share your opinions, comments, etc, here in the forum, in this very thread.
If you're not already a member of The Digital FAQ forum, simply join as a Free Member. Or better yet, become a Premium Member.
If you liked it, then please share it on Facebook, Google+ and Twitter, by clicking the links on the editorial page.
Useful tips or updates from the community may be added to current/past editorials, at the author's discretion.

Thanks for reading.

thecoalman · #2 12-01-2013, 02:37 PM

Quote:

When your server was deployed, it likely came with SSH already enabled — often accessed via the command-line interface shown above (PuTTY in Windows). The would-be hacker uses malicious tools that attempts to login every second. I’ve seen login attempts in excess of 40,000 attempts in a row — almost 12 hours non-stop!

Move SSH to another port.

Brent · #3 12-01-2013, 04:29 PM

Quote:

Originally Posted by thecoalman

Move SSH to another port.

Security through obscurity is good however, unless the firewall is blocking port scanning, the port can still be found.

A better alternative would be to change the port still, but also use a wheel group for privilege elevation. That alone adds a second layer of security, of course as long as the root password is different from any standard user passwords.

thecoalman · #4 12-01-2013, 10:06 PM

Quote:

Originally Posted by Brent

Security through obscurity is good however, unless the firewall is blocking port scanning, the port can still be found.

It's certainly not the only thing I do, the benefits are a cleaner log file and more room for firewalling the more aggressive IP's.

Moving SSH to another port is my first layer of defense and my last is I get sent an email for any successful root logins. If it gets to that point obviously they are in but at least I know they are in. There is many layers in between.

kpmedia · #5 12-14-2013, 07:24 AM

Quote:

Originally Posted by Brent

A better alternative would be to change the port still, but also use a wheel group for privilege elevation.

And disable root logins. Most of this was in my "cheat sheet" in the editorial, where I gave the example of what happens to VPS when deployed. Like I had said there, this is just SSH too. There is so much more to it. Trying to monitor everything every day is really a PITA sometimes. Even when you take a "day off", you have to at least spend 15 minutes looking over the logs and alerts.

Shared hosting is so much easier.

lordsmurf · #6 12-14-2013, 07:25 AM

Several guides for these things are here: http://www.digitalFAQ.com/forum/guides-ssh/
Part of the new hosting guides section being developed right now.