Tips & Tricks for server hosters.

[Miky Mouse]

1. Never use Apache webservers for your project in case you want your website to remain 24/7 (except you know how to secure it properly) - use IIS with fastCGI instead.
2. Use IIS ftp for your guild icons instead of filezilla.
3. You don't need stuff like hyperfilter or something else, it's just a big advertisement which has been taken here by some dumbf**ks who rly believe it'll secure them fully.
4. Harden your SYN/UDP/TCP packet filters on server configuration itself, implement autoban function for connections per ip (5+ = ban).
5. Always keep in mind to close all unneccesary open ports.
6. It's better to hire a programmer to make yourself a good/secure website rather than using the released ones in case you really want security and to be sure that you're safe.
7. Choose the hosting company wisely, check their internet connection limits/speeds - check their bandwith power, that's really important (prices sometimes might be looking really cheap, but check what's under that).

If anybody have more, post them down, i'll add them to the thread.

[magicanoo]

8-Be kral.

@number 1,I've heard otherwise (IIS has more exploits than Apache).

[AceSpace]

Quote:

Originally Posted by Miky Mouse

1. Never use Apache webservers for your project in case you want your website to remain 24/7 (except you know how to secure it properly) - use IIS with fastCGI instead.
2. Use IIS ftp for your guild icons instead of filezilla.
3. You don't need stuff like hyperfilter or something else, it's just a big advertisement which has been taken here by some dumbf**ks who rly believe it'll secure them fully.
4. Harden your SYN/UDP/TCP packet filters on server configuration itself, implement autoban function for connections per ip (5+ = ban).
5. Always keep in mind to close all unneccesary open ports.
6. It's better to hire a programmer to make yourself a good/secure website rather than using the released ones in case you really want security and to be sure that you're safe.
7. Choose the hosting company wisely, check their internet connection limits/speeds - check their bandwith power, that's really important (prices sometimes might be looking really cheap, but check what's under that).

If anybody have more, post them down, i'll add them to the thread.

k i agree with you but.
how you will protect your server? most of famous servers are using hyperfilter and tell us a good company to use cause idk what 2 choose aswell

[Miky Mouse]

Quote:

Originally Posted by ²²Rock²²

k i agree with you but.
how you will protect your server? most of famous servers are using hyperfilter and tell us a good company to use cause idk what 2 choose aswell

it's cause they dont know that packet hardening/filtering will do basically the same thing, it should by idea prevent all noobish ddos which we have in sro section, there has never been REALLY serious botnet ddos - they're all just noobish ddoses which you can prevent with just basic security.

[Zodiao]

8-Change ur billing port and close that port =)

[theross]

Quote:

Originally Posted by ²²Rock²²

k i agree with you but.
how you will protect your server? most of famous servers are using hyperfilter and tell us a good company to use cause idk what 2 choose aswell

some servers are being supervised by me, and those don't need any hyperfilter **** it's just a matter of knowledge and decisions

[sarkoplata]

Quote:

Originally Posted by theross

some servers are being supervised by me, and those don't need any hyperfilter **** it's just a matter of knowledge and decisions

You can't stop HUGE attacks using software-firewall only, you need a hardware-firewall. You have knowledge, we know that, but don't talk like you are a ***.

[theross]

Quote:

Originally Posted by sarkoplata

You can't stop HUGE attacks using software-firewall only, you need a hardware-firewall. You have knowledge, we know that, but don't talk like you are a ***.

I'm *** on these corners.
not offending or anything.

Please spend some time "studying" the different types of these attacks.
These kind of attacks are like 10 years old. They just became popular again as it's very easy to make these.
In fact, these attacks come from 1, max 2 machines. Due to the ip-spoof function it looks like it comes from a botnet, which is totally bullshit. There is no such thing as a "hardware firewall" as even a hardware has the software to determine which packets may go through, and which not. A piece of software can do a little trace back to the origin hops, and can decide within milliseconds if the ip is spoofed or not. A tiny piece of software within the operating system can handle it. As i said: the servers i managed were taken down - before i re-configured them. There were attacks after, actually the same ones, but they didn't crash the server. Though they caused about 30mbit traffic incoming (which doesn't affect a standard 100mbit machine).

For the flooding **** on a certain port (port 80 preferably ) you can simply reduce the amount of allowed sockets for each ip.


Let's not flame around. If i sound like a ***, then let me. But your comment won't change anything on this topic or on my point of view.
I have never been thought otherwise. So, i can technically say, that i do know how to solve these kiddy issues. Whether you call me a bragger or not. I have managed to stop this kind of **** without any "hardware firewall" . have you? If not, then in a certain point of view, i am a *** comparing to you.

[sarkoplata]

Quote:

Originally Posted by theross

I'm god on these corners.
not offending or anything.

Please spend some time "studying" the different types of these attacks.
These kind of attacks are like 10 years old. They just became popular again as it's very easy to make these.
In fact, these attacks come from 1, max 2 machines. Due to the ip-spoof function it looks like it comes from a botnet, which is totally bullshit. There is no such thing as a "hardware firewall" as even a hardware has the software to determine which packets may go through, and which not. A piece of software can do a little trace back to the origin hops, and can decide within milliseconds if the ip is spoofed or not. A tiny piece of software within the operating system can handle it. As i said: the servers i managed were taken down - before i re-configured them. There were attacks after, actually the same ones, but they didn't crash the server. Though they caused about 30mbit traffic incoming (which doesn't affect a standard 100mbit machine).

For the flooding crap on a certain port (port 80 preferably ) you can simply reduce the amount of allowed sockets for each ip.


Let's not flame around. If i sound like a god, then let me. But your comment won't change anything on this topic or on my point of view.
I have never been thought otherwise. So, i can technically say, that i do know how to solve these kiddy issues. Whether you call me a bragger or not. I have managed to stop this kind of shit without any "hardware firewall" . have you? If not, then in a certain point of view, i am a god comparing to you.

You are not god or something comparing to me, but yes you are better than me.

What I mean HUGE attacks aren't that "10 year old" attacks which you call them. Here's a graph of the attack size i meant: (4.5g inbound on a 100mbit line)


img1.uploadscreenshot.com/images/orig/6/17610040583-orig.png
(I seached my email's past to find this pic)

If you can stop such attack with your softwares, on a WIN OS, you are a god. And 99,99999% of people who is in networking are idiots to use a hardware firewall, including me.

Won't go further with this discussion.

[Cr4nkSt4r]

Who the hell uses IIS?
Use nginx instead. Servers should run with linux and not M$ Windows...

I don't know how someone can choose IIS when he knows what he's doing.
And the fact that hardware firewalls are useless, did you ever had a good one in your network? I don't think so, otherwise you will know that theese kind of firewall does his work correctly

[LastThief*]

Quote:

Originally Posted by Cr4nkSt4r

Who the hell uses IIS?
Use nginx instead. Servers should run with linux and not M$ Windows...

I don't know how someone can choose IIS when he knows what he's doing.
And the fact that hardware firewalls are useless, did you ever had a good one in your network? I don't think so, otherwise you will know that theese kind of firewall does his work correctly

That's silkroad section , go home Cr4nkSt4r , you're drunk

[Zodiao]

@LastThief, you r EPIC!

[Cr4nkSt4r]

Quote:

Originally Posted by LastThief*

That's silkroad section , go home Cr4nkSt4r , you're drunk

Nice try, but I let some brain for this section here, so they can eat and live one day longer