Advertisement:

Author Topic: Secure web server without blacklisting everything  (Read 1714 times)

Offline MarkoKg

  • Jr. Member
  • **
  • Posts: 352
  • Gender: Male
Secure web server without blacklisting everything
« on: November 08, 2017, 05:17:06 PM »
Hey there,

I have a client with a server (linux based), which is locked for access unless specific IP of user is whitelisted. So if my IP is not whitelisted I can't access cPanel, ssh, ftp, nothing. And as my IP is dynamic and is changing from time to time - it's hard to depend of server support and their not so responsive actions.

Therefore, I'd like some advice about how to secure web server, without need to lock everything? I'm a noob when it comes to server administration, I know just basics, but I'm willing to hear and learn.

Do note that on server there's one SMF forum with Simple Portal, and few custom pages, one chat script and that's all.

Here's more details about the server:
GD version: bundled (2.1.0 compatible)
MySQL version: 5.5.58-cll
PHP: 5.6.26
Server version: Apache/2.2.31 (Unix) mod_ssl/2.2.31 OpenSSL/1.0.1e-fips mod_bwlimited/1.4

Offline Colin

  • Lead Developer
  • SMF Hero
  • *
  • Posts: 7,767
  • Gender: Male
  • SMF Developer
    • colinschoen on GitHub
Re: Secure web server without blacklisting everything
« Reply #1 on: November 08, 2017, 05:41:11 PM »
Use a VPN which should have a static IP or a subset of IPs that you can whitelist on your webserver. Connect to this VPN when you need to tunnel into make administrative server configuration changes.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Offline MarkoKg

  • Jr. Member
  • **
  • Posts: 352
  • Gender: Male
Re: Secure web server without blacklisting everything
« Reply #2 on: November 08, 2017, 05:50:36 PM »
Use a VPN which should have a static IP or a subset of IPs that you can whitelist on your webserver. Connect to this VPN when you need to tunnel into make administrative server configuration changes.
Thanks for your answer.
Is that a only and the best solution? I mean isn't there safe way to let someone in apart from providing access for specific IP?

Apart from that, any suggestion about which VPN to use, which provider I mean?

Thanks!

Offline Colin

  • Lead Developer
  • SMF Hero
  • *
  • Posts: 7,767
  • Gender: Male
  • SMF Developer
    • colinschoen on GitHub
Re: Secure web server without blacklisting everything
« Reply #3 on: November 08, 2017, 06:13:18 PM »
If you are required to only allow access to an IP address or specific IP address range then yeah this is the best way I can think of.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Offline MarkoKg

  • Jr. Member
  • **
  • Posts: 352
  • Gender: Male
Re: Secure web server without blacklisting everything
« Reply #4 on: November 08, 2017, 06:27:29 PM »
Thanks Colin, although I'm asking for a better way to secure web server itself rather than blocking all IPs by default. Not really sure what's the best workaround there, as servers which I've worked on earlier didn't had this type of security measure.

Offline CoreISP

  • Server Admin
  • Server Team
  • SMF Super Hero
  • *
  • Posts: 16,990
  • Gender: Male
  • CoreISP.net
    • liroyvh on LinkedIn
    • @liroyvh on Twitter
    • CoreISP Corporation :: WebHosting, Dedicated Servers, and more!
Re: Secure web server without blacklisting everything
« Reply #5 on: November 08, 2017, 07:43:19 PM »
Well this is hard to say without context. Surely there must be a reason why they chose for such a rather agressive defense? Have you asked them?

There are multiple ways to protect your server. The base things are rather simple. But, with no offense, if you don’t know how to do it and thus don’t know what you’re doing: why mess with the security? If it works fine for them but not for you, find an alternative route as suggested. Don’t start weakening the security just for your convenience, especially not if you haven’t got a clue what you’re doing...

Its something you need to learn, but there is *a lot* to learn. Don’t start messing with production servers if you don’t know what you’re doing yet, that’s probably the best suggestion for this case.
Again, with no offense. :)
- CoreISP.net Corporation -
  WebHosting, Colocation, Domain Registration & Network Services
- DedicatedBox.us Servers -
  Low priced Servers in a high-quality Network, the place for all your (advanced) server needs.
  We specialize in hosting big boards. Contact us!

((U + C + I)x(10 − S)) / 20xAx1 / (1 − sin(F / 10))
President/CEO of Simple Machines - Server Manager
Please do not PM for support - anything else is usually OK.

Offline MarkoKg

  • Jr. Member
  • **
  • Posts: 352
  • Gender: Male
Re: Secure web server without blacklisting everything
« Reply #6 on: November 08, 2017, 08:28:46 PM »
None taken :) Thanks for your explanation, that actually makes sense for now.
Any suggestion about which VPN to use in that case?