Security

Any server on a public network can become the target for hackers. Thus, knowing how to ensure a system’s security is an important responsibility for anyone working with a server.

Security subscription active
You will receive email notifications for new publications on Security.
777 Results
  • Question

    How can I add a new SSH to my server?

    I'm new to this, when I created my DigitalOcean "project" it allowed me to enter an SSH key, it works great! Now I want to add an SSH key for another computer, but I don't see an option anywhere for that :(
    Accepted Answer: Hello, @jouo You can follow out tutorial in order to generate a new ssh-key locally on your computer or any other PC and then upload it to your droplet: https://www.digitalocean.com/community/tutorials/how-to-set-up-...
    1 By jouo Security
  • Question

    How to add an Lets encrypt certificate dynamically using CNAME verification?

    I have been working on a web app where users can create custom profiles of them and see it on their custom domain by adding an A record and CNAME record. If they have their profile on https://webapp.com/profile they c...
    Accepted Answer: Hello, If I understand this correctly, it sounds like that you need some kind of automation to create a new Nginx server block for each website, and then install the Let's Encrypt SSL certificate for the new domain. T...
    1 By Cybil Apache PHP MySQL Ubuntu 18.04 Security
  • Question

    Non root user unable to login with ssh key

    I have had several droplets in the past and not had this problem before. I have copied an existing ssh key to a new droplet (Fedora 31) and am able to login via ssh key without issue with root. When I copy another key...
    Accepted Answer: Hi @pashioz, Let's first being with the usual stuff, I know you mentioned you've actually checked the permissions and other stuff like that but let me post how they should be just in case: Your home directory ~, your...
    1 By pashioz Security Fedora
  • Question

    Root Access With SSH - PermitRootLogin or PasswordAuthentication

    Hi, I just did a one click install of MongoDB. I'm SSH into the machine and its all ok. Now, I want to disable password to the machine to prevent brute force, however two different articles are stating two different ...
    Accepted Answer: @Woet From a security standpoint, disabling root login and creating a sudo user is recommended -- it's what many would refer to as a best practice. Please don't say it's not important as that's a misconception. When ...
    3 By psmod2 Security
  • Question

    How to reset the root user password for droplet connection

    I have used DigitalOcean and created a droplet. I also set a new password for root user. However, I haven't used that account for two to three weeks and I have forgotten the password. How to reset that password?
    Accepted Answer: Hello, @vpp612 You can reset the root password for your droplet from the control panel. Once you're logged in go to Droplets --> Click on the Droplet name --> Click on the access tab/menu --> Click the "Reset root pa...
    1 By vpp612 Security
  • Question

    Trying to setup a SFTP user with limited access.

    What I want to do I want to add a second user, but restrict what the user can do: Only access a single folder called newsletters, it will be in the public folder. The user needs to be able to upload, delete and rename...
    Accepted Answer: Hi @jtittle Thank you so much for taking the time to read and reply to my post! After following your great instructions, the user user-sftp-only is restricted to just the newsletters folder. user-sftp-only can upload...
    5 By smeehan Security Linux Basics Getting Started Ubuntu 16.04
  • Question

    How long SSL certificates need to be activated?

    Just added a new "Let’s Encrypt" certificate on my domain, the domain with "http" works but "https" doesn't yet. Is there additional steps I need to make?
    Accepted Answer: Request you to refer to below link, which explains the detailed steps: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04#step-3-%E2%80%94-allowing-https-through-t...
    2 By salamwaddah Security
  • Question

    Entire DO subnet was marked as blacklisted!!

    Hello Support Team, everyone, Recently, I've noticed that my ip address got rejected by a couple of websites, and therefore performed a sanity check on several 'ip blacklist' services. Turns out that my IP appeared in...
    Accepted Answer: Hello, As a bit of caution, this is our Community portal that typical gathers responses from everyone who comprises that community. Issues particular to an IP address or potential connectivity troubles might be best d...
    2 By awara Security
  • Question

    How to cleanup SSH keys?

    I restored my droplet to downgrade from 16.04 to 14.04. Ever since, my SSH keys are not working. I tried removing and recreating without success. I manually added the same new key on my local machine, my droplet, a...
    Accepted Answer: Hi! I would first check SSH config, it could be that somehow is wrong there and it's ignoring keys. Open config file with you favorite editor: command sudo nano /etc/ssh/sshd_config Now verify that following settings...
    1 By a30bac6d83e8852 Security Ubuntu
  • Question

    Difference between ssh and sshd

    I'm trying to secure my environment to possible intruders and i'm wondering what is the difference between ssh and sshd. I've already disabled clear text passwords and i'd like to know if i can turn off sshd? Or will ...
    Accepted Answer: @ariziragoran The client is ssh, the daemon is sshd. If you disable sshd, you won't be able to login remotely, so you'd effectively be locked out of the server. You're only means of logging in at that point would be ...
    1 By ariziragoran Security Ubuntu 16.04
  • Question

    Droplet "native" storage: is it encrypted similarly to Block Storage Volumes?

    Droplet "native" storage: is it encrypted similarly to Block Storage Volumes? Excerpt from https://www.digitalocean.com/docs/volumes/overview/ : "Encryption: Volumes are encrypted using the LUKS (Linux Unified Key Set...
    Accepted Answer: Hi there @johnnyutahh / @johnnyutahh1, We do not encrypt Droplet disks in the same way as Block Storage volumes as you described. However, you could employ LUKS encryption or other forms of encryption on your Droplet'...
    2 By johnnyutahh1 DigitalOcean Block Storage Security
  • Question

    Cannot login with SSH USERNAME@IPADDRESS, receive "Permission denied (publickey)" despite root user working

    So the issue is that I can login to my server just fine using: ssh root@SERVER_IP_ADRESS But when I try to login with a user I created from root: ssh USERNAME@SERVER_IP_ADRESS I get: Permission denied (publickey)...
    Accepted Answer: So I found a working answer to my problem. Based off of this thread (https://www.digitalocean.com/community/questions/secure-ubuntu-server-for-non-root-user-using-only-ssh-keys?answer=22286) If I want to add a user wi...
    4 By klufkin Getting Started Initial Server Setup Security Linux Basics Ubuntu 16.04
  • Question

    Does my 1-click OpenVPN droplet need SSL to be secure?

    I have a 1-click OpenVPN droplet, but when I go to the admin panel (https://[my-ip]/admin) it's not using SSL. Does it need SSL to be secure, like if I connect to it from my phone is the traffic encrypted and/or secur...
    Accepted Answer: Hi, This connection, https://[my-ip]/admin, will be encrypted - note the "https" at the beginning. The OpenVPN 1-Click option ships with what is known as a "self-signed" SSL certificate which most browsers do not trus...
    1 By Buscedv VPN Security Ubuntu 18.04
  • Question

    How to enable CENT OS SMTP ports

    Hello Guys, how i can enable SMTP mail server on my WHM / cpanel. i want to use cpanel web mail to send mails. regards,
    Accepted Answer: Hello, Here's a step by step guide on how to do that: https://my.kualo.com/knowledgebase/?kbcat=0&article=1072 Hope that this helps! Bobby (https://bobbyiliev.com)
    2 By jnasser DigitalOcean Email Security CentOS
  • Question

    Best way to secure your MongoDB Droplet

    I've found similar answers to this question, but all the questions were 2 years or older. I'm curious if there are new Digital Ocean products or technologies I can use to secure my MongoDB droplet. So apart from the M...
    Accepted Answer: Hi there @Snics, We have a 1-Click App for setting up a MongoDB instance: https://marketplace.digitalocean.com/apps/mongodb This is a great starting point for a new, secure MongoDB server as this will automatically ge...
    1 By Snics MongoDB Security Ubuntu
  • Question

    How to best load balance a WordPress/WooCommerce e-commerce site?

    I have been running my WordPress/WooCommerce e-commerce and membership site happily for a couple of years now all on one server. But my traffic and membership is such that I want to transition to a more fault tolerant...
    Accepted Answer: Well, in case anyone was interested, here is what I ended up doing: After reading up on GlusterFS, I had a ton of reservations about performance issues for my needs. In short, it is apparently horrible for the multipl...
    2 By digitalocean679985 WordPress Load Balancing Security Ubuntu 16.04
  • Question

    Hacker installed certificate on my Ubuntu install

    Someone has installed a certificate on my Ubuntu server. How do I remove that? More importantly, how in the heck did this happen? I've had the server about 24 hours. Not feeling really confident here. Thanks!
    Accepted Answer: To clarify, I'm getting the error message: SSLERRORBADCERTDOMAIN UPDATE: Turns out it's not a hacker, just a hack... me. I forgot to change the IP in my DNS record to the new server. Oops. Thank you
    1 By enjoypb Security Ubuntu 18.04
  • Question

    ERR_TOO_MANY_REDIRECTS after setting up SSL

    So I followed this guide https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04 to secure apache so I could have https enabled. When I got to the step that asked "Plea...
    Accepted Answer: Greetings! It looks like https://www.unleashedmc.net is loading without a redirect. Were you able to solve the issue? In any case, when this happens there can be a few causes, but one stands out as the most common. So...
    1 By jgatfuze Apache Let's Encrypt Security Ubuntu 18.04
  • Question

    Is the password on my SSH keys really secure?

    Is the password I add to my SSH keys really secure? I heard that the password encryption might be out of date.
    Accepted Answer: tl;dr if you didn't use the ed25519 SSH key type or didn't use the "-o" option to ssh-keygen, your SSH keys are insecure If you never set a password on your ssh keys, you can ignore all of this. But if you did set a p...
    1 By peterwwillis Security Networking
  • Question

    SSH key not working

    I need assistance setting up my SSH key. I have done extensive research on how to get the key working to no avail. I also may have broken something on the initial attempt due to trying to create the key on the server ...
    Accepted Answer: This case has been resolved and is now closed.
    2 By Kreistan Initial Server Setup Security Ubuntu 18.04