I highly recommend fail2ban. And definitely use SSH key only auth (PasswordAuthentication no).
I've had a box with a 32 char random password get brute forced. Took three years to do, but it happened. On Oct 30, 2012 4:08 PM, "Nikolas Stevenson-Molnar" <nik.mol...@consbio.org> wrote: > > > First, is this a good idea? Do you think I can do this securely using > > the django, apache, and lighttpd docs? or am I asking for trouble? > > What are the major security issues I need to be aware of when > > administering a server? > This depends on your specific security requirements. If you're mainly > concerned with protecting your server and website from unwanted > tampering, then the important things are 1) only allow connections to > ports you're using (HTTP) and restrict access via SSH to your IP or a > local network; 2) make sure the software you're using is secure (the > ones you mention are good; though I think Apache is vulnerable to a type > of DDOS attack: http://en.wikipedia.org/wiki/Slowloris); 3) check your > own code; Django is good about security but that doesn't mean you can't > build an insecure application with it; 4) choose good passwords, etc. > and if you're particularly concerned, consider using keys for your SSH > connection. > > > Also, if I go this route, I'll need to choose an OS. I'm running a > > production server (just Apache + mod_wsgi) using my Arch Linux box, > > but I don't think arch is the best idea. I'm sorta trying to decide > > between CentOS and Ubuntu. Leaning toward CentOS, but just a little > > worried it might be missing some of the packages I need. I've never > > used CentOS before. Any advice? > I've used both and haven't noticed much difference for the things I do. > I would recommend nginx in place of lighttpd (better maintained), and if > you're using either of those, Apache isn't necessary (though you will > need a WSGI server, such as Gunicorn). > > _Nik > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To post to this group, send email to django-users@googlegroups.com. > To unsubscribe from this group, send email to > django-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/django-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
