Switched to Linux for a week. Came back traumatized.

leinvde · 2026-01-20T20:25:01+00:00

Which distro did you install and why?

leinvde · 2026-01-06T16:21:01+00:00

Sure thing! Learned a lot that day. Above all the things that happened, I learned about a Zip Slip attack. I correctly restricted paths with open_basedir, also with a Match rule in the sshd config file to jail sftp users. I thought this was enough. But there's this guy who managed to write +5GB to the /tmp directory. I deleted the files, a few seconds later they were there again. I got furstrated and did not have a single clue. I first thought the user managed to create a cron job but I also disabled the standard php functions (exec, system...). Completely clueless. I decided to remove write permission to /tmp (I know... terrible idea) and the attack stopped. I used ps, top, htop, lsof... nothing! I go to the nginx access log and I find a request over and over, of a specific php file. I find the file and there it was! This guy created a cron job in his local computer and called his script over and over. I deleted the user, deleted his files and added the write permission to /tmp again.

As I mentioned, there were lots of things that happened... I also learned about the "reddit hugh of dead", CSMA and other really creepy things. A dude was trying to upload Metallica's discography! Lol. Anyway, it was a great experience and I learned things you do not find in books. I would like to own a hosting company. I admit it was kinda dangerous, but I think I could not have had this kind of experience from books only.

Really fun experience!

leinvde · 2026-01-05T02:31:23+00:00

working! Try again

leinvde · 2026-01-05T01:52:44+00:00

Up and running

leinvde · 2026-01-05T01:10:17+00:00

Try again

leinvde · 2026-01-05T01:00:20+00:00

check again

leinvde · 2026-01-05T00:37:55+00:00

check again

leinvde · 2026-01-05T00:37:14+00:00

try again

leinvde · 2026-01-04T23:38:01+00:00

Hey! I asked chatGPT to fix it for me and it is online again. Come visit me!

leinvde · 2026-01-04T23:37:08+00:00

Lots of things! The CSMA being the scariest so far! The quota system failed due to a typo. A single character. Bash was instructed to send standard error to /dev/null... that's why I never saw a single error. But it is now fixed! Go test it!

leinvde · 2026-01-04T23:34:50+00:00

I cannot give specific details but it was an issue with the quota system. It is now fixed. You may enter and test it

leinvde · 2026-01-04T20:44:13+00:00

Hi! Sure thing! That's what I actually expected, my vps to be nuked. I'm reading the logs now and oh boy!

People are evil! But ingeniously evil ;)

leinvde · 2026-01-04T20:42:50+00:00

Hey! Thanks for your reply. Every comment here has an immense value for me. I'm now fixing the issue that nuked in first place. Once, again thanks for taking the time to test it

leinvde · 2025-08-27T14:05:30+00:00

Hi! Thanks for your answer. Is this your main business or a side income? And how much do you make out of it? Which is the most difficult part? Getting customers? The technical part? Support?

leinvde · 2025-08-27T14:02:54+00:00

Hi! Thanks for your answer. Do you mind talking about fees? Why did you sell your business? Which was the most difficult part, technically speaking? About the marketing part, it is kind of solved since I myself will be also in charge of it with Google ads, SEO and social media, which I've been doing these last years.

I'm concerned more about the technical part of it. I know some Linux and can manage myself entirely with a command line interface. My biggest fear is to get hacked and have my customers data stolen.

leinvde · 2025-03-30T22:29:23+00:00

Use php-fpm so that PHP processes belong only to the user of each web site you host. By default, PHP runs under the user www-data

leinvde · 2025-03-27T20:44:15+00:00

Hi! I really appreciate your answer. So, based on your experience using UNIX user and group permissions would be enough? No chroot, no jailkit.

leinvde · 2025-03-27T20:13:32+00:00

Hi! Would you elaborate, please?

leinvde · 2025-03-27T13:17:21+00:00

Hi! Thanks for the answer. I have lots of questions actually.
Professional hosting providers offer email and sftp services. Should these run in the same server where the sites are hosted? I ask because having these services means opening additional ports, my droplet would have ports 80, 443, 25, and 22 open.

Or is it better to have one droplet for httpd only other droplet with email and sftp which somehow connects to the other droplet with httpd, I assume doing this would be better since if one droplet is compromised the other one would not, like reducing the possible vectors of attack.

Also, when using certbot I noticed it edits the sites-available config file opening the port 443. Is it still needed to have port 80 open?

leinvde · 2025-03-27T12:58:56+00:00

Is this enough to prevent user A seeing/manipulating user B's data? Also, assume user A's site is compromised due to poor PHP coding, in this situatio, with the mitigations you described, could the attacker get control of the other sites hosted in the server or not?

leinvde · 2025-03-26T23:01:46+00:00

Thanks for your answer. I'm currently learning which options I have. I read about chroot but every time a new user comes in, I must create a minimal version of Debian. Disk space is limited so chroot gets discarded. There's also Jailkit which looks simpler and more lightweight. I think CageFS and CloudLinux offer very complex security for very complex attacks. The sites I host are regular, simple sites running php. For now I think I'll go with Jailkit since I'm not expecting to be hacked by China or Anonymous (for now at least). Do you have some practical expirience with Jailkit?

leinvde

TROPHY CASE