How to Install Tiny Tiny RSS Reader on a CentOS 7 LAMP VPS
Using a Different System? Tiny Tiny RSS Reader is a free and open source self-hosted web-based news feed (RSS/Atom) reader and aggregator, designed to allo
Security is crucial when you run your own server. You want to make sure that only authorized users can access your server, configuration, and services.
In Ubuntu, there is a firewall that comes preloaded. It's called UFW (Uncomplicated Firewall). Although UFW is a pretty basic firewall, it is user friendly, excels at filtering traffic, and has good documentation. Some basic Linux knowledge should be enough to configure this firewall on your own.
Notice that UFW is typically installed by default in Ubuntu. But if anything, you can install it yourself. To install UFW, run the following command.
sudo apt-get install ufw
If you are running a web server, you obviously want the world to be able to access your website(s). Therefore, you need to make sure that the default TCP port for web is open.
sudo ufw allow 80/tcp
In general, you can allow any port you need by using the following format:
sudo ufw allow <port>/<optional: protocol>
If you need to deny access to a certain port, use this:
sudo ufw deny <port>/<optional: protocol>
For example, let's deny access to our default MySQL port.
sudo ufw deny 3306
UFW also supports a simplified syntax for the most common service ports.
root@127:~$ sudo ufw deny mysql
Rule updated
Rule updated (v6)
It is highly recommended to restrict access to your SSH port (by default it's port 22) from anywhere except your trusted IP addresses (example: office or home).
Typically, you would need to allow access only to publicly open ports such as port 80. Access to all other ports need to be restricted or limited. You can whitelist your home/office IP address (preferably, it is supposed to be a static IP) to be able to access your server through SSH or FTP.
sudo ufw allow from 192.168.0.1 to any port 22
Let's also allow access to the MySQL port.
sudo ufw allow from 192.168.0.1 to any port 3306
Looks better now. Let's move on.
Before enabling (or restating) UFW, you need to make sure that the SSH port is allowed to receive connections from your IP address. To start/enable your UFW firewall, use the following command:
sudo ufw enable
You will see this:
root@127:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)?
Type Y, then press Enter to enable the firewall.
Firewall is active and enabled on system startup
Take a look at all of your rules.
sudo ufw status
You will see output similar to the following.
sudo ufw status
Firewall loaded
To Action From
-- ------ ----
22:tcp ALLOW 192.168.0.1
22:tcp DENY ANYWHERE
Use the "verbose" parameter to see a more detailed status report.
sudo ufw status verbose
To disable (stop) UFW, run this command.
sudo ufw disable
If you need to reload UFW (reload rules), run the following.
sudo ufw reload
In order to restart UFW, you will need to disable it first, and then enable it again.
sudo ufw disable
sudo ufw enable
Again, before enabling UFW, make sure that the SSH port is allowed for your IP address.
To manage your UFW rules, you need to list them. You can do that by checking UFW status with the parameter "numbered". You will see output similar to the following.
root@127:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN 192.168.0.1
[ 2] 80 ALLOW IN Anywhere
[ 3] 3306 ALLOW IN 192.168.0.1
[ 4] 22 DENY IN Anywhere
Noticed the numbers in square brackets? Now, to remove any of these rules, you will need to use these numbers.
sudo ufw delete [number]
If you use IPv6 on your VPS, you need to ensure that IPv6 support is enabled in UFW. To do so, open the config file in a text editor.
sudo nano /etc/default/ufw
Once opened, make sure that IPV6
is set to "yes":
IPV6=yes
After making this change, save the file. Then, restart UFW by disabling and re-enabling it.
sudo ufw disable
sudo ufw enable
If you need to go back to default settings, simply type in the following command. This will revert any of your changes.
sudo ufw reset
Overall, UFW is able to protect your VPS against the most common hacking attempts. Of course, your security measures should be more detailed than just using UFW. However, it is a good (and necessary) start.
If you need more examples of using UFW, you can refer to UFW - Community Help Wiki.
Using a Different System? Tiny Tiny RSS Reader is a free and open source self-hosted web-based news feed (RSS/Atom) reader and aggregator, designed to allo
Introducció vsftpd significa Very Secure FTP Daemon. És un servidor FTP lleuger. Aquest breu tutorial explica com instal·lar vsftpd a Debian o Ubuntu
Introduction MySQL has a great feature known as views . Views are stored queries. Think of them as an alias for an otherwise long query. In this guide,
Using a Different System? Apache OpenMeetings is an open source web conferencing application. It is written in Java and supports multiple database servers. I
Using a Different System? RainLoop is a simple, modern and fast web-based email client. RainLoop source code is hosted on GitHub. This guide will show you ho
Using a Different System? Selfoss RSS Reader is a free and open source self-hosted web-based multipurpose, live stream, mashup, news feed (RSS/Atom) reade
Security is crucial when you run your own server. You want to make sure that only authorized users can access your server, configuration, and services. I
Introducció Si executeu un lloc web crític, és una bona pràctica reflectir els vostres fitxers en un servidor secundari. En el cas que el vostre servidor principal tingui una xarxa
Using a Different System? LimeSurvey is an open source survey software written in PHP. LimeSurvey source code is hosted on GitHub. This guide will show yo
Using a Different System? LimeSurvey is an open source survey software written in PHP. LimeSurvey source code is hosted on GitHub. This guide will show yo
Nginx és un servidor web lleuger que s'ha demostrat que serveix fitxers estàtics més ràpid que Apache. Aquest tutorial us guiarà com instal·lar Nginx a la inversa
Instal·leu els paquets necessaris Anem a executar SVN sota xinetd per a un ús baix de recursos. apt-get install xinetd subversion Crea usuari svn adduser --syste
Aquí a Vultr, tenim l'opció d'habilitar IPv6 a tots els VPS desplegables. Però amb això, alguns programes i ordres poden preferir un enginy o un altre
This article explains how to integrate a Teamspeak 3 server with the popular hosting panel, Webmin. I assume that youve already set up Teamspeak on eithe
La Intel·ligència Artificial no està en el futur, és aquí mateix en el present. En aquest bloc Llegiu com les aplicacions d'Intel·ligència Artificial han afectat diversos sectors.
També ets víctima d'atacs DDOS i estàs confós sobre els mètodes de prevenció? Llegiu aquest article per resoldre les vostres consultes.
Potser haureu sentit que els pirates informàtics guanyen molts diners, però us heu preguntat mai com guanyen aquest tipus de diners? anem a discutir.
Vols veure els invents revolucionaris de Google i com aquests invents van canviar la vida de tots els éssers humans actuals? A continuació, llegiu al bloc per veure els invents de Google.
El concepte de cotxes autònoms per sortir a les carreteres amb l'ajuda de la intel·ligència artificial és un somni que tenim des de fa temps. Però malgrat les diverses promeses, no es veuen enlloc. Llegeix aquest blog per saber-ne més...
A mesura que la ciència evoluciona a un ritme ràpid, fent-se càrrec de molts dels nostres esforços, també augmenten els riscos de sotmetre'ns a una singularitat inexplicable. Llegeix, què pot significar per a nosaltres la singularitat.
Els mètodes d'emmagatzematge de les dades que han anat evolucionant poden ser des del naixement de les dades. Aquest bloc tracta l'evolució de l'emmagatzematge de dades a partir d'una infografia.
Llegeix el blog per conèixer de la manera més senzilla les diferents capes de l'Arquitectura Big Data i les seves funcionalitats.
En aquest món digital, els dispositius domèstics intel·ligents s'han convertit en una part crucial de les vides. A continuació, es mostren alguns avantatges sorprenents dels dispositius domèstics intel·ligents sobre com fan que la nostra vida valgui la pena i sigui més senzilla.
Recentment, Apple va llançar macOS Catalina 10.15.4, una actualització de suplements per solucionar problemes, però sembla que l'actualització està causant més problemes que provoquen el bloqueig de les màquines Mac. Llegiu aquest article per obtenir més informació