LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Igor Seletskiy Steps Down from AlmaLinux Foundation Board

Tags: , , , , , , Date/Time: October 13, 2021 @ 12:00 am, by raindog308

Alma Linux LogoCloudLinux CEO Igor Seletskiy announced Tuesday that he was stepping down from the AlmaLinux OS Foundation Board.  While he cited multiple reasons, he highlighted the main cause as his desire to emphasize that CloudLinux does not have control over the AlmaLinux foundation.

AlmaLinux was created in December 2020 after IBM announced a rushed EOL for CentOS 8 and a radical change in the product’s focus and future, moving it from a RHEL clone to an experimental playground.  Along with RockyLinux, Alma has emerged as a leading “CentOS Classic” distro.  Alma Linux 8.3 and 8.4 have subsequently been released, and the project has gone beyond what CentOS offered, opening up their build infrastructure.

Benny Vasquez has been voted to become the new chair of the board.

Locking Down Access to Your VPS

Tags: , , , Date/Time: October 12, 2021 @ 12:00 am, by raindog308

Locked DoorThere are a number of ways you can restrict access to your VPS. Passwords (specifically, good passwords) is the most basic method. Restricting access to ssh keys only is better. You can use Google Authenticator to require a short-lived number as a second factor of authentication. You could also setup a VPN so that only connections from that network are allowed.

One alternative method I’ve sometimes used is to allow connections only from a specific IP or set of IPs. There are a couple different ways to achieve this.

Restricting in sshd_config

In the sshd_config file, you can add rules to match users and match addresses. Consider the following directives

PermitRootLogin no
PermitEmptyPasswords no
PasswordAuthentication no
PubkeyAuthentication no
Match Address 1.2.3.4/32
PermitRootLogin prohibit-password
PubkeyAuthentication yes

The first four lines turn off all forms of authentication and restrict root logins. Then from the IP address 1.2.3.4, we permit root login (by SSH key only) and allow sshd key authentication for other users. This combination of “default deny, then permit from a specific IP” effectively limits connections from one IP.

sshd_config supports a number of “Match” rules, including “Match User” and “Match Host”. Most of the major configuration options can be overridden using Match directives. Consult the sshd_config man page for full details.

Restricting via Firewall

If you are connecting to things besides ssh, you can restrict the entire box’s access to an IP via a firewall. One wrinkle is if you want to limit access to your home IP, but you have a DHCP’d IP from your ISP.

One way around this is to sign up with a Dynamic DNS provider. For example, you can sign up with afraid.org and they will grant you (for free) a DNS name in one of their domains you pick. So if you pick example.com (not a real afraid.org domain, just an example), you then choose what subdomain you have. In this tutorial, we’ll assume I’ve chosen lowend.example.com.

If your router (Netgear, etc.) has a Dynamic DNS client for afraid.org, just configure it in the router’s panel and you’re done. If not, you can use this little script to update afraid.org:

#!/bin/bash 
#FreeDNS updater script

UPDATEURL="http://freedns.afraid.org/dynamic/update.php?YOUR-AFRAID-ORG-KEY-HERE"
DOMAIN="lowend.example.com"

registered=$(nslookup $DOMAIN|tail -n2|grep A|sed s/[^0-9.]//g)
current=$(wget -q -O - http://checkip.dyndns.org|sed s/[^0-9.]//g)
if [ "$current" != "$registered" ] ; then
  wget -q -O /dev/null $UPDATEURL 
  MSG="FYI, DNS updated for ${DOMAIN}, now $current"
  echo "${MSG}" | mailx -s "${MSG}" someone@example.com
fi

Put that in any user’s crontab on a home Linux box to run (perhaps every 12 hours, or more frequently if you need constant access). Every time it runs, it checks what the IP address is at afraid.org, then checks what the Internet IP is for your home. If they’re different, it updates afraid.org.

Now, on the server you want to lock down, all you need is a script to query afraid.org and update your iptables rules. Here is an example:

#!/bin/bash

# fix the PATH since we run from cron
PATH=/usr/bin:/sbin:/bin:usr/sbin:/usr/local/bin
export PATH

# CONFIG

ssh_port=5555
dns="lowend.example.com"
LOG="/root/iptables_update.log"

# MAIN

nslookup $dns > /tmp/nslookup.out 2>&1
home_ip=$(grep Address: /tmp/nslookup.out | tail -1 | awk -F: '{ print $2 }' | sed 's/ //')

echo "----------------------------------------------------------" > ${LOG}
echo "`date` updating iptables using home IP ${home_ip}" >> ${LOG}

# make sure we can stay connected
iptables -P INPUT ACCEPT >> $LOG 2>&1

# flush existing rules
iptables -F >> $LOG 2>&1

# anything on loopback is OK
iptables -A INPUT -i lo -j ACCEPT >> $LOG 2>&1

# anything for established/related connections is OK
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >> $LOG 2>&1

# open SSH
iptables -A INPUT -s ${home_ip} -p tcp --dport ${ssh_port} -j ACCEPT >> $LOG 2>&1

# open web
iptables -A INPUT -s ${home_ip} -p tcp --dport 80 -j ACCEPT >> $LOG 2>&1
iptables -A INPUT -s ${home_ip} -p tcp --dport 443 -j ACCEPT >> $LOG 2>&1

# otherwise drop
iptables -P INPUT DROP >> $LOG 2>&1

# drop all forwards - we're not a router
iptables -P FORWARD DROP >> $LOG 2>&1

# anything outgoing is OK
iptables -P OUTPUT ACCEPT >> $LOG 2>&1

# list at end
iptables -L -v >> $LOG 2>&1

What this script does is:

(More…)

ProximCloud: Shared Hosting Starting at $1.13/mo in London, UK!

Tags: , , , , , Date/Time: October 11, 2021 @ 12:00 am, by raindog308

ProximCloud Logo

ProximCloud has returned! We last featured them back on July 1, 2021 and now they’re back with a great cheap shared hosting offer:

  • With the discount code below, you can get shared hosting for as cheap as $1.13/mo in London!

Their WHOIS is public. Their Terms of Service is available on their web site. They accept Stripe.

Here’s a little about ProximCloud in their own words:

“ProximCloud is a small website hosting business, which has been in operation for over three years (since 28th Feb 2018), which has striven based on the reliability and low-cost factors of our services. ProximCloud always puts the customer first, and has ensured to provide our customers with many support-methods to ensure they can reach us when they need it, and when it suits them.”

Have you been a ProximCloud customer? Please share your experience in the comments below.

Now read more to see the offers!

(More…)

Does Your Provider Offer Snapshots?

SnapshotsFor a long time, VPS snapshots were only available in high-end hosting companies, but over the last few years they’ve become increasingly common in the marketplace.  This neat feature can be a real time-saver if your provider offers it.

What is a Snapshot?

Imagine if you could clone your VPS exactly as it is – byte for byte.  That’s what a snapshot is.  What you’re actually snapshotting is the storage (your disk), not any processes that are currently running.

Does My VPS Need to be Powered Down for a Snapshot?

This depends on the provider.  Some providers offer offer snapshots for running VMs.  If the VM is not powered down, then you’re getting an inconsistent state on the filesystem.  Most of the time this is not an issue – it’s similar to how the VM would recover if you powered it off (a non-graceful power-off).  However, if you’re running database systems (MySQL, PostgreSQL, etc.) you probably want to either do a DB dump first or power the VM down before snapshotting.

Why Would I Want a Snapshot?

You can:

  • Restore the VM back to a snapshot.  It’s like a point-in-time restore point.  If you’re about to do something dangerous (e.g., upgrading the OS), a snapshot may be an excellent way to protect yourself.
  • Use the snapshot to create a new VM.  Note that you’ll need to reconfigure the network (unless you’re using DHCP), hostname, etc.
  • Use the snapshot as a backup.  In fact, snapshots and backups are very similar.  Backups typically involve copying files off to another medium and then restoring them.  Snapshots operate at the physical storage layer, copying the entire VM image.

Are Snapshots Free?

All depends on your provider.  Most providers charge for the disk you consume on a per-GB basis.

Which Providers Offer Snapshots?

Here’s a list of providers that offer snapshots (thanks to the LET community for commenting in this thread).  If you know of others, please comment below!

  • Amazon LightSail
  • Amazon AWS
  • BandwagonVPS
  • BinaryLane
  • BuyVM
  • Cloudcone
  • Contabo
  • DigitalOcean
  • Google Public Cloud
  • Hetzner Cloud
  • Linode
  • Lunanode
  • Microsoft Azure
  • OVH Cloud
  • Scaleway
  • Vultr

Friendhosting Wants to Be Your Friend…and Has Cheap VPS Offers to Prove It!

Friend Hosting Logo

Welcome, Friendhosting!

This is their first offer on LowEndBox and they’re bringing you some great deals on cheap VPS systems:

  • Get a 512MB KVM VPS with 1TB bandwidth and IPv4 starting at $15/year (or $1.60/mo)!
  • Or 1 GB starting at $22/year ($2.40/mo)!
  • These systems are available in nine datacenters around the world: Bulgaria, Czech, Latvia, Poland, Switzerland, Ukraine, Netherlands, Los Angeles (USA), Miami (USA)

Friendhosting has been around since 2009 and is based in Bulgaria.  They say the name of their country truly means something – hosting for friends.  They have a nice loyalty program and offer a 7-day “promised payment” plan if you need a couple extra days on an invoice.

Their WHOIS is public.  Their Terms of Service is available on their web site. They accept VISA / MasterCard, PayPal, AliPay, WebMoney, BTC and other cryptocurrencies, and PaySera.

Here’s a little about Friend Hosting in their own words:

“We are Friendhosting LTD, a European company that’s been operating in the international IT services industry since 2009. Our mission is always the same – to provide every client of ours with the high-quality hosting services at a reasonable price.

Over the years of our diligent work, we’ve heard one thing from our grateful clients countless times: they wish they had found us earlier. We’re thrilled that you’ve found your “hosting for friends” and that you’d like to find out more about the services we offer.

We founded Friendhosting LTD on April 20, 2009. Since then, we’ve been working in the IT industry, and we’ve turned from a small organization into a large European company that serves clients from all over the world.

We are called Friendhosting, or ‘hosting for friends’, and we’ve chosen this name for a reason. It’s not an empty promise for us – we strive not only to provide high-quality services and become your reliable partner but also to be your friend and support at difficult times.

Why Choose Friendhosting

  • Expert technical support: Our technical support team is the heart and soul of our company. It consists of highly qualified specialists with years of experience in IT. We are always here for you, ready to help you out at any moment, 24/7/365.
  • High server uptime: As we strive to provide top-notch services, we use only professional equipment which we place in reliable and time-tested data centers.
  • A variety of locations: We keep extending the list of countries where our equipment is located. We do this to make sure each and every one of our clients can choose the most suitable location according to their needs.
  • Favorable pricing: Our tariff plans were developed based on our years of experience and are designed to fit any type of clients.
  • Pleasing bonuses and discounts: Our company has developed a one-of-a-kind loyalty program. The longer you use our services and the more services you order, the less you pay. You can save as much as 25% of the initial price.
  • Promised payment: Have you encountered financial hardship and you can’t pay for the services in time? Friendhosting will help you out. Use our ‘promised payment’ and get a 7-day deferment.
  • Affiliate program: Recommend us to your friends and acquaintances and get as much as 20% of their payments. Our rewards are among the most generous on the hosting market!”

If you decide to give Friendhosting a try, please tell others how it goes in the comments below.

Now read more to see the offers!

(More…)

Enjoy a 50% Off SSL Certificate Sale from HostingB2B

Tags: , , , Date/Time: October 8, 2021 @ 12:00 am, by raindog308

HostingB2B Logo

HostingB2B last gave us an offer back on July 12, 2021.  Now they’ve returned with a deal on SSL certificates.

  • HostingB2B announces the upgrade of the partnership with GoGetSSL to Platinum Partners and offers 50% discount on all SSL packages along with free installation assistance. 

Now, you might say to yourself “Pay for SSL certificates?   Just use Let’s Encrypt!”  Indeed, LE meets most user’s needs.  But for some use case, particularly non-web uses, LE isn’t a workable solution.  Also, not everyone likes the automated paradigm LE uses and its short expiration period.   You might find this discussion on the pros and cons of Let’s Encrypt interesting.

If you need to purchase an SSL certificate, check out HostingB2B‘s offer below.

Their Terms of Service is available on their web site (Privacy Policy). They accept JCC SMART, VISA, Mastecard, PayPal, and BitPay.

Here’s a little about HostingB2B in their own words:

“We are a company that has been operating in the Web Hosting industry for at least a decade, with High-Level Products and Services, which are specifically targeted at B2B (Business to Business). With DataCenter Presence in Cyprus – Malta – UK – Amsterdam – and with our own Network and Infrastructure, we provide fully integrated.

The industries we serve (iGaming – Betting – Forex – Crypto) require 100% uptime and the UK Datacenters have the right certifications and awards to honor those strict SLAs for our clients.”

Have you been a HostingB2B customer? Please share your experience in the comments below.

Now read more to see the offers!

(More…)

How to Audit Every Command Run on Your Linux System

Tags: , , , , Date/Time: October 7, 2021 @ 12:00 am, by raindog308

auditPeriodically I’ve had auditors come to me and say “can you tell me what this user on this system did between such-and-such dates/times” and my answer is usually no. By default, Linux systems don’t log this info. But they can.

In this tutorial, I’ll show you how to use auditd, which is a daemon you can enable to capture every command entered.

There is one big disclaimer: a user with root can always hide his tracks. There are a couple techniques you can use to minimize this, such as using chattr (or *BSD’s securelevel) to set logs to append-only and echoing your logs to a different server. But in general, root access allows a cunning attacker to hide his tracks.

To setup auditing, you’ll need the auditd package. On Debian, to install this package, type

apt-get install auditd

Next, turn on auditing. There are many ways to filter what you want to audit but we’ll keep it simple here and audit all commands:

# auditctl -a exit,always -F arch=b32 -S execve -k allcmds
# auditctl -a exit,always -F arch=b64 -S execve -k allcmds

These commands only differ in the arch= specification – one for 32-bit syscalls and one for 64-bit.

(More…)

A New Dimension of Connectivity Begins with PubConcierge’s Cutting Edge Network Infrastructure

Tags: , , , , Date/Time: October 6, 2021 @ 12:00 am, by raindog308

PubConciergeLowEndBox would like to welcome PubConcierge, a company that provides exclusive technical concierge services.  They are a global company that handles IP configuration and infrastructure setup for their clients, freeing them to focus on their strategic goals.  Here’s a little bit about this interesting company and their latest developments.


PubConcierge provides a complete overhaul of conventional network connections for bringing a transformative new infrastructure based around stability and performance. The company is taking digital connectivity to the next level with an across-the-board transformation from network switching to storage optimization.

PubConcierge is a global company that provides the most effective infrastructure for online publishers, from IPv4 & IPv6 space for lease with dedicated and virtual servers in more than 100 worldwide locations to RBL monitoring and huge range diversity. At PubConcierge our clients can collaborate with experts who will guide them through their entire journey.

The company mission is concentrating on being the go-to provider for tailored projects to match every proxy project in the market. From geolocation to ASN variety, from uncapped bandwidth to various type of IPs, PubConcierge will mold on every existing project.

With an express focus on improving stability and storage optimizing, the company has been focused on bringing forth bleeding-edge solutions to solve the most pressing customer issues.  The company has invested in introducing Cisco Nexus 10G Switches to support cluster mode and enable two switch compatibility servers. The inherent server nodes are upgraded to the brand-new Intel Processors to facilitate scalability as well. The new nodes come with 80 CPU vCore and 512G DDR4 RAM, optimized for minimal latency.

PubConcierge is committed to continually innovating its network infrastructure and providing industry-leading customer service to be the best network provider. The company’s focus on authenticity and digital innovation help push it a step beyond the competition for passionate users about a secure high-speed digital environment.

For further information about this transformative digital infrastructure, feel free to get in touch with one of the company’s agents at sales@pubconcierge.com

The Syniverse Hack: Why Using SMS for 2FA is a Bad Idea

Tags: , , , , , , , , Date/Time: October 5, 2021 @ 7:31 pm, by raindog308

SyniverseSecurity gurus have suggested for years that relying on SMS for two-factor authentication is a bad idea.   Reasons include

  • Your phone may be stolen
  • Many people allow SMS messages to be displayed on lock screens
  • Your phone can be SIM-cloned
  • People inside your phone carrier may have access to your text messages

But here’s a new issue.  A little-known company named Syniverse revealed something interesting in an SEC filing:

“Syniverse has experienced, and may in the future face, hackers, cybercriminals or others gaining unauthorized access to, or otherwise misusing, its systems to misappropriate its proprietary information and technology, interrupt its business, and/or gain unauthorized access to its or its customers’ confidential information.

For example, in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization (the “May 2021 Incident”). Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals. Syniverse has conducted a thorough investigation of the incident.”

Just who is Syniverse?  A company that routes billions of text messages annually for all major US cell phone carriers.

Ars Technica has more coverage.

 

Sullivan’s Hosting: Cheap VPS, Shared, and Dedicated Hosting in Kansas City, MO! (1GB VPS for $3/Month!)

Tags: , , , , , , Date/Time: October 5, 2021 @ 12:00 am, by raindog308

Sullivan's Hosting Logo

Welcome, Sullivan’s Hosting!

This is their first offer with us and they’re coming with some great pricing on cheap VPS and cheap shared hosting for our readers.

  • Get a 1GB KVM VPS with 1TB of bandwidth for $3.00/mo!
  • In fact, their pricing is $3/GB across the board, with bandwidth and CPU to scale with it!
  • And if you pay by the year, you can save an additional 15-20%!
  • They’ve also got a cheap dedicated server offer (an e3 with 32GB of RAM starting at $59/mo!) and shared hosting starting at at $3.74/mo.

These systems are located in North Kansas City, Missouri.

Their web site also features Minecraft servers and game servers and all their services are backed by a 99.99% uptime guarantee SLA and a 24-hour money back guarantee on virtual and shared services.

Sullivan’s Hosting‘s WHOIS is public. They are registered in Massachusetts, USA. Their Terms of Service is available on their web site (Privacy Policy). They accept PayPal, Credit/Debit by Stripe, and GoCardLess (ACH Payments).

Here’s a little about Sullivan’s Hosting in their own words:

“Hey there! My name is Tyler and I am the owner of Sullivan’s Hosting LLC. We are a registered LLC in Massachusetts, and we provide fast, reliable, and secure hosting services. We offer everything from web hosting to game servers. We provide a personal sales and support experience for our community! Our customers are our #1 priority, and we pride in our customer service. These sale prices are exclusive to LowEndBox, so be sure to check here before ordering on our website for the best possible deals!”

Remember that the LEB community would love to hear about your experience in the comments section below!

Now read more to see the offers!

(More…)

« Newer PostsOlder Posts »