FlexHub Forum

Off Topic => Anything goes => Topic started by: Phoenix on May 15, 2015, 02:05:09

Title: Attackers on Vps put on you firewall
Post by: Phoenix on May 15, 2015, 02:05:09
Recently i have trubles with the hub, and its not the first time i installed verli, now i know why..

Now i know shure theres another party when i reed a warning mail from vps  to warn about attackers
specialy on ssh..


Security researchers have discovered a critical flaw that allows attackers to move freely across virtual machines.

Inside some data center miles away, a portion of your cloud-hosted network may be running on the same system as someone else’s.

Normally, this isn’t a problem. So-called virtual machines—basically, computers simulated within other computers—prevent networks on the same machine from impacting one another. They’re an efficient way to manage large amounts of computing resources while, presumably, keeping them isolated and secure.

That’s not the whole story though, say researchers at the Irvine, Calif.-based security firm CrowdStrike. It turns out that an attacker can burst out of certain virtual machines and manipulate whatever’s running adjacently, thus shattering the notion that these vessels have hard and fast, protective boundaries.

“This destroys the isolation myth that you can have something run a virtual machine and have it be isolated from everything else,” says Jason Geffner, the senior security researcher at CrowdStrike who uncovered the flaw. “This bug lets you escape a container and get into all other containers.”

So put on you firewall on the vps, there also evel people with big fake hubs and attackers everywere..

Iptables Firewall

export EDITOR=nano

In debian >> apt-get install iptables

# make executeble
chmod +x /etc/network/if-up.d/iptables

# Refuse forward accept output rules
iptables -P FORWARD DROP

# incoming traffic
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# localhost accept
iptables -A INPUT -i lo -j ACCEPT

For pc ...
iptables -A INPUT -p tcp --dport 22 -s pcip1xxxxxxxxxx -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s pcip2xxxxxxxxxx -j ACCEPT

# Port 80 For webserver
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Port 411 for the hub
iptables -A INPUT -p tcp --dport 411 -j ACCEPT

# Allow pingflood only for you own adress
iptables -A INPUT -p icmp -s xx.xxx.xxx.xxx -j ACCEPT (your own extern ipadres)

# Save rules for ip tables
mkdir /etc/iptables/ iptables-save > /etc/iptables/myrules

chmod 755 /etc/iptables/myrules

# The last step deny all other traffic Do This at the end!..
iptables -P INPUT DROP

For save iptables do  apt-get install iptables-persistent

# check the tables..
iptables -L

Happy hubbing .. Ger  ;D

Title: Re: Attackers on Vps put on you firewall
Post by: FlipFlop™ on May 15, 2015, 12:34:34
Interesting post, thanks for sharing a solution!!
Title: Re: Attackers on Vps put on you firewall
Post by: Phoenix on May 15, 2015, 19:52:00
Yw FlipFlop ;)