I will be moving to a dedicated server sometime in the future. I have been shopping for a host. They become expensive very quickly when support and maintenance are included.

One alternative is a virtual private server. In a VPS, each "user" is completely isolated from the other users via a software package such as User Mode Linux.

Does anyone have any experience with such a setup? I have looked at offerings from iPower and LiquidWeb. Comments? Alternative suggestions?

fos....

Same thing here. Looking at a dedicated server or VPS. But I prefer to run NetBSD or FreeBSD on it. So, I guess that I am limited to a Xen-based VPS, dropping a server at a local colocator, or spend $99 per month.

Why BSD over CentOS?

fos...

I know CentOS well, but I know (Net)BSD better. It has many nice security technologies, and I know the code well enough to be able to fix various kernel/userland bugs and add functionality. Besides that, pkgsrc is really handy, because it has things like web frameworks out of the box, and makes it easy to maintain different versions of various languages.

Simply said, it is plain UNIX, simple and stupid. Always works for me.

Out of pure curiosity, why not openbsd?

In my experience NetBSD and FreeBSD have better performance, and equal or better security features (e.g. I really like having cgd around). But YMMV.

I don't know how good or bad they are but I happened to bump into this site:
http://www.star-hosting.de/

Looks very affordable.

Hmmm


ThiS site is h4Ck


sorry admin please check for Vulnerabilities
*** i did not delete any file *** *

by :: Freedom H4ck3r Team ::


http://www.star-hosting.de/phplive/web/

Jikes: http://www.heise.de/newsticker/meldung/59523

While searching webhosttalk yesterday, I found a tiny virtual private server from www.vpslink.com. vpslink is a subsidary of Spry.com a pretty large and respected outfit. It costs $7.95 per month and was discounted 33% for whatever you paid for up front. I bought three months worth. You have complete control of this virtual private server. I only includes 2 GB of disk space, 1 IP address, and 1000 GB of bandwidth per month. That is hardly enough to put much on. They have higher levels with additional resources, but I just wanted this thing long enough to experiment with. You have SSH command line access. You can install any of the major Linux distributions, and then change your mind and install a different one at the click of a button on a small control panel. I started with CentOS but it took up 14% of my available disk space. I switched to Debian and it only used 6% leaving more space for applications such as Apache. Apache, php, and mysql are too much for such a limited amount of resources but the more expensive plans would be fine. They are bare bones systems with very little support other than a wiki page and small user forum.

This is a great way to play with an internet connected server. I can experiment with DNS setup, mail servers, and security issues without having to worry about it.

fos....

Take a look at this provider. http://netmar.com/ IMHO they are excellent.

I was with Netmar from 1995 until I moved my site to another less paranoid country in 2002.

I also subscribed to VPS1 for three months to tinker and see how well it works. I installed CentOS, the default install is a bit large, but it is easy to remove some stuff. I have installed apt-get rather than yum, because it takes far less memory. I used APT pinning (yay) to give the CentOS repositories the highest priorities, added RPMForge, and installed lighttpd (cuts away the memory use for Apache). postfix is still on the to-do list.

I tried the CentOS install also. I have since switched to the Slackware install. It is very small using less than 4% of the available storage space. When I get time, I'm going to try some form of LAMPS install combination that will work.

I found a company near my home that will colocate a server for $49 per month. I'm going to look at their facilities. That may be my best option for real world experimentation. Since Intels recent release, dual core system prices have really come down in price. I may build a decent box and give it a shot.

fos.....

I just logged into my economy VPS at vpslink. It is only a barebones install of slackware. I access the server via ssh. It is only an ip address that no one knows anything about. I don't have a domain name or anything linked to the IP address.

It has been running for almost 10 day. I just logged in and checked the log files. The log shows hundreds of login attempts for root users and unknown "users".

Someone will eventually guess the two passwords that are set on the server. At that point I will have to reinstall the system via the small control panel provided by vpslink.

Security is a very big issue on the internet.

fos....

They will only try some standard passwords. So, if you use a long semi-random password, there is virtually no chance that someone will get in. Besides that you can:

- Limit the allowed login attempts via sshd_config.
- Use RSA keys, and disallow password logins.
- Use some other manner to block repeated login attemts, e.g. through netfilter.

Oh, and of course, you should disable remote root logins, and only allow one user to su to root.

Thanks for the sage advice, Daniel. That is the reason I rented the vps. It is a cheap way to learn how to deal with real world security issues.

fos....

I have been playing with these security settings all evening.

I have the RSA public & private keys generated and placed in the .ssh directory.
I have tried chaning the settings in: /etc/ssh/ssh_config & /etc/ssh/sshd_config.

$64 question - How do you disallow password login on an ssh server?

and

How do you use a netfilter(?) to restrict the number of login tries?

Thanks, fos....

PS. I have two Linux security texts on the way from Amazon.