Go to the profile of Alireza Savand
Alireza Savand
I am Alireza Savand, a Software Architect. Founder of Savand Bros, Director at https://instavest.com

Securing Linux (OpenVZ) images by Kloud51 — Anti-Hack Involved

Lately, we had many reports from people that their server got blocked from us due to Anti-Hack reason.

Our users were stating that none of them did anything wrong, some of them didn’t even use the machines, their server would get blocked before they even gain access to it.

Kloud51 team started testing all of the official and unofficial OpenVZ OS templates that were available to users one by one, so far all of them were fine with not a single malicious files or activity. We ran many tests and different tools to find a hole or malicious file, absolutely nothing was there.

We launched hundreds of VPS machines and keep monitoring them, each with different OS templates and different kind of software installed on. Of course, we got some help from volunteers in this test from our clients, which they allow us to install our monitoring and log collectors on their machines.

The result was amazing, not only we found the source of the issues but the solution to fix them as well.

VPS machines would get hacked or cracked and get rootkit and back doors installed on them in less than 5 minutes, each attacks coming from many different IPs and changing attacks in seconds, once the hack attempt got successful, most of the time a rootkit would get installed or a script with root access would be created in the system. There were many different kinds of attacks that we were surprised how they were working.

Good news is we found the solution to prevent such attacks.

Below you can see what kind of customization we’ve done on each server image to get them working securely:

  • Configuring firewalls (iptables).
  • SSH Brute Force.
  • FTP Hardening.
  • Closing Unused Ports.
  • Removing unnecessary applications.
  • Disabled unused services and daemons.

Since then we have applied those basic security hardening features to most of the OpenVZ OS templates we’re offering and still recommend our users to don’t forget to do their best to prevent getting hacked.

The sad part is, almost all of the OpenVZ/KVM/XEN OS templates come with complete dummy and insecure default settings and web hosting providers don’t take the time to configure and fix the issue.

It hurts the users, give more opportunity for malicious activities and obviously a real good opportunity to companies that offer security hardening for lots of $$$ for applying basic stuff on people servers.

I’d like to note that having all of these won’t help if you have a weak password and root allowed login either with authentication_key or password you’ll be doomed most of the times.

Take care of your machines, secure them, change default SSH port and always be aware what is being running in the background of your machine. Tools like top, htop and ps are the wild bunch you’re looking for when going to find running processes.