Simple Machines Community Forum

SMF Support => Server Performance and Configuration => Topic started by: MarkoKg on November 08, 2017, 05:17:06 PM

Title: Secure web server without blacklisting everything
Post by: MarkoKg on November 08, 2017, 05:17:06 PM
Hey there,

I have a client with a server (linux based), which is locked for access unless specific IP of user is whitelisted. So if my IP is not whitelisted I can't access cPanel, ssh, ftp, nothing. And as my IP is dynamic and is changing from time to time - it's hard to depend of server support and their not so responsive actions.

Therefore, I'd like some advice about how to secure web server, without need to lock everything? I'm a noob when it comes to server administration, I know just basics, but I'm willing to hear and learn.

Do note that on server there's one SMF forum with Simple Portal, and few custom pages, one chat script and that's all.

Here's more details about the server:
GD version: bundled (2.1.0 compatible)
MySQL version: 5.5.58-cll
PHP: 5.6.26
Server version: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Title: Re: Secure web server without blacklisting everything
Post by: Colin on November 08, 2017, 05:41:11 PM
Use a VPN which should have a static IP or a subset of IPs that you can whitelist on your webserver. Connect to this VPN when you need to tunnel into make administrative server configuration changes.
Title: Re: Secure web server without blacklisting everything
Post by: MarkoKg on November 08, 2017, 05:50:36 PM
Quote from: Colin on November 08, 2017, 05:41:11 PM
Use a VPN which should have a static IP or a subset of IPs that you can whitelist on your webserver. Connect to this VPN when you need to tunnel into make administrative server configuration changes.
Thanks for your answer.
Is that a only and the best solution? I mean isn't there safe way to let someone in apart from providing access for specific IP?

Apart from that, any suggestion about which VPN to use, which provider I mean?

Thanks!
Title: Re: Secure web server without blacklisting everything
Post by: Colin on November 08, 2017, 06:13:18 PM
If you are required to only allow access to an IP address or specific IP address range then yeah this is the best way I can think of.
Title: Re: Secure web server without blacklisting everything
Post by: MarkoKg on November 08, 2017, 06:27:29 PM
Thanks Colin, although I'm asking for a better way to secure web server itself rather than blocking all IPs by default. Not really sure what's the best workaround there, as servers which I've worked on earlier didn't had this type of security measure.
Title: Re: Secure web server without blacklisting everything
Post by: LiroyvH on November 08, 2017, 07:43:19 PM
Well this is hard to say without context. Surely there must be a reason why they chose for such a rather agressive defense? Have you asked them?

There are multiple ways to protect your server. The base things are rather simple. But, with no offense, if you don't know how to do it and thus don't know what you're doing: why mess with the security? If it works fine for them but not for you, find an alternative route as suggested. Don't start weakening the security just for your convenience, especially not if you haven't got a clue what you're doing...

Its something you need to learn, but there is *a lot* to learn. Don't start messing with production servers if you don't know what you're doing yet, that's probably the best suggestion for this case.
Again, with no offense. :)
Title: Re: Secure web server without blacklisting everything
Post by: MarkoKg on November 08, 2017, 08:28:46 PM
None taken :) Thanks for your explanation, that actually makes sense for now.
Any suggestion about which VPN to use in that case?