I have a debian linux VPS and i am wondering how would someone be able to hack into it , in what ways ?
I've asked a more knowledgeable friend and he said the only way someone would be able to get into my VPS is via FTP or SSH, are there some other ways someone can enter my machine ?
I have extremely strong passwords for all the accounts enabled and use fail2ban as well to ban SSH and FTP attackers.
I don't use apache,mysql,email accounts and update the server as often as possible.
Would appreciate if some of you guys could tell me, in what ways can my machine be compromised ?
some go in with a smile and a hello ... really ... you also have to be careful with internal hackers who have access -- you have heard of snowden and manning, right?
also, see if you can have users use SFTP instead of FTP ... turn off all unnecessary services and remove all compilers ... run the security scans as well as the hardening tools regularly if possible ...
Anything open to access is part of the attack surface and can be attacked though whether this allows a successful hack is another matter.
The only way to secure a server is consider attacks and what you can do to prevent them.
In your case, you may have strong passwords, but are you going to know if someone tries your root account 506938 times with a brute force attack until they happen to find your password? Does your version of openssh have any security vulnerabilities that are remotely vulnerable? If you give someone else access, how do you know that they are changing things appropriately and not introducing vulnerabilities?
I am considering attacks, actually i have proof of them and that's why i am posting here, trying to find out how they can get in other than SSH and FTP.
I do regular updates of my server so as far as i know everything is patched, should be no vulnerabilities,also,no one else has access to the server.
To brute-force my root account 506938 times they will need 253469 IP's cause they get permanently banned after 2 failed login attempts, but even if they did, my password is over 30 randomly generated characters long including upper + lower case letters, numbers, symbols and brackets.
For comparison a 10 char password with upper + lower case letters and numbers has a bit over 107 Billion combinations so i wish them good luck if they try to brute-force their way in lol.
Thats why i've posted here though to find out other ways they can get in other than SSH or FTP login so i can take measures to stop them or reduce their chances of success.
What services do you use, what ports do you have open? If you are not using a web server what is the account www-data for? Any service that is running on the server and that can be approached from the Internet by some port number, can be used for a hack and can be vulnerable. If there is a weakness in a service / daemon, than an attacker could potentially acquire the access rights of the user that is used to run that daemon, bypassing any strong password authentication you might have in place..
This kind of paranoid security can be used against you in a pretty effective denial-of-service. If someone wants to lock you out of your machine, failing two logins can do it.
Easier said than done, they will first need to have access to my PC to do that and even if by some miracle someone decides to do that my internet IP is dynamic so i can just reconnect to the internet and reset the ban :rolleyes: or log in from my phone and reset the ban.
This aren't really the answers i am looking for though, would be nice if you guys can tell me other ways an external attacker could get in my machine or what to do to better secure it.
Good that you have a backup plan, but test it very VERY thoroughly; worst case, if your scripts misbehave, you may be forced to physically login to the machine to correct it. Even best-case, your ban lists may grow enormous and unwieldy.
To know every possible way they could get into your machine, would be to call internet security a completely solved problem, which obviously it is not. We don't have total knowledge of your configuration, and we cannot tell the future.
Keep in mind that they do not have to crack your box to use it. Even if they just abuse your CGI scripts to copy a few files into /tmp/ then run them, they may have accomplished enough for their purposes -- using your box as a springboard to crack other boxes, running suspect services on nonstandard >1024 ports, etc.
Not allowing your webserver write-access to anywhere that allows files to be executed can be helpful in preventing this. (see 'noexec' flag for mounting filesystems). A firewall that's paranoid about outgoing and incoming connections can also limit what they're able to do with whatever they manage to exploit.
May be a root kit been hidden inside any file which you have copied from any source, you can just run a rootkit scan on the over all file system to look any thing interesting poped up .
Thieves always love open doors open windows and open roof. in servers if you install many applications/service it will also OPENS a lots of PORTS(which hackers love). although your server is secure in terms of patches, security tweaks, best security practice, the open ports / application /service will give way to hackers messing your server.
close the services you dont need and only open the thing you need.
