VPS compromised? Configured wrong?

ssh ubuntu webserver exploit

Solution 1:

Run hiawatha webserver as a reverse proxy in front of your webserver. It will block exploits such as this (they will be blocked as "garbage") in the logs:

91.196.50.33|Sat 19 Mar 2016 21:12:15 +0000|GET http://testp3.pospr.waw.pl/testproxy.php HTTP/1.1
Host: testp3.pospr.waw.pl
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/31.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate

Run the webserver & proxy inside separate lxc containers to further isolate the processes.

Use the chroot feature built into php-fpm.

Do NOT make a shell available inside the chroot

Stealth your ssh port.

Mount your /var/www/public_html as noexec nosuid nodev.

Related

Make rsync show progress on checksum comparison, even if no difference is being found
Keyboard shortcuts for “Find Next” and “Find Previous” in LibreOffice
Macbook: reduce usable screen area
ASP.NET Core 6 how to access Configuration during startup
What do you call it when you make a baby laugh? [closed]
What is an idiom for better than "textbook case", "by the book" or "best practices" [closed]
What's a word like "wander" that implies destiny?
What is the word to describe someone whom you are a fan of?
Word (Verb?) for when a criminal (or soon to be criminal) escalates their behavior
A person who repeatedly switches his stance on a topic
Is the word "App" evolving? [closed]
Science and Philosophy are two types of ______