Results 1 to 7 of 7

Thread: How to solve getting repeatedly “hacked” on basic 18.04 VPS setup

Threaded View

  1. #1
    Join Date
    Mar 2021
    Beans
    2

    How to solve getting repeatedly “hacked” on basic 18.04 VPS setup

    I have VPS with clean installation of Ubuntu 18.04 (provided by hosting) to host my private testing website. I set it up (Apache, MySQL...) three times, but I always get shut down by host provider because of complaints from other places.


    They give me logs of attempted connections from my server to other servers:

    Code:
    6 connection attempts from xxx.xxx.xxx.xxx
    xxx.xxx.xxx.xxx 32928 -> xxx.xxx.xxx.xxx 7001
    xxx.xxx.xxx.xxx 54944 -> xxx.xxx.xxx.xxx 8983
    xxx.xxx.xxx.xxx 34258 -> xxx.xxx.xxx.xxx 9001

    I'm not sure if problem is server OS getting compromised or it is web application itself (Laravel 7).

    To set up server I basically do:

    Code:
    ufw app list
    ufw allow OpenSSH
    ufw enable
    ufw status
    
    
    sudo apt update
    sudo apt install apache2
    
    
    sudo ufw app list
    sudo ufw app info "Apache Full"
    sudo ufw allow in "Apache Full"
    
    
    sudo apt install mysql-server
    sudo mysql_secure_installation
    mysql
    SELECT user,authentication_string,plugin,host FROM mysql.user;
    ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password'; //I change this...
    FLUSH PRIVILEGES;
    exit
    
    
    sudo apt-get install software-properties-common
    sudo add-apt-repository ppa:ondrej/php
    sudo apt-get update
    
    
    sudo apt-get install php7.3 libapache2-mod-php7.3 php7.3-cli php7.3-mysql php7.3-gd php7.3-imagick php7.3-recode php7.3-tidy php7.3-xmlrpc php7.3-common php7.3-curl php7.3-mbstring php7.3-xml php7.3-bcmath php7.3-bz2 php7.3-intl php7.3-json php7.3-readline php7.3-zip
    
    
    sudo apt-get update
    sudo apt-get install git composer -y
    
    
    
    
    sudo nano /etc/apache2/apache2.conf
    <Directory /var/www/> Options Indexes FollowSymLinks //delete "Indexes"
    sudo systemctl restart apache2
    
    
    sudo a2enmod rewrite
    sudo systemctl restart apache2
    sudo nano /etc/apache2/apache2.conf
    <Directory /var/www/> 
        Options Indexes FollowSymLinks
        AllowOverride None // change None to All
        Require all granted
    </Directory>
    sudo systemctl restart apache2

    Then I pretty much create database, upload website files to /html/ and get shut down few days later.


    Am I'm doing something obviously wrong? How can I troubleshoot this?
    Last edited by andy3777; March 31st, 2021 at 05:14 AM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •