Protection takes a very important role in the development of sites. People have experience of being exposed to external threats from intruders who are ready to steal personal data, important information and other resources from your site. Content, business, customers are all important factors, but the protection of the site is above all the confidence in security and integrity.

An SSL certificate is a special protocol that guarantees a secure and reliable connection to your site. This protocol provides reliability, security, and is guaranteed a successful and non-dangerous communication through the elements of authentication and encryption. This fact adds your site status with the suffix “S” (that is, no longer http, but httpS)

Order free certificate Let’s Encrypt

Let’s Encrypt ”is a certificate authority from which you can get a free SSL certificate for the site. They are great for small sites where users can leave some personal information: email, passwords, phone number, address. Certificate Authority Let’s Encrypt is ready to issue you a certificate absolutely FREE!

When installing a security certificate on any control panel, when ordering a certificate, you receive the following files:

• certificate.crt – the basis of the certificate for your domain name.
• private.key – the key that was generated when creating the CSR
• ca_bundle.crt – root certificate provided by your certificate authority

This is very useful for you if you own a small website and cannot afford a paid SSL certificate. We give you a free Let Encrypt security certificate for 90 days. Install the free version of Let Encrypt by clicking on the link:

https://hostry.com/solutions/ssl-for-free/

Today there are many web services that are vulnerable to this Logiam attack. We will try to understand how it can be done to secure your server. We will be talking about servers with the operating system CentOS, version 6 and 7.

Specific actions

First, check to see if your server is actually vulnerable by checking Qualys SSL. If your server is vulnerable, there will be a message at the top of the page. After you confirm that the server is vulnerable, enter the NGINX installation directory

cd /etc/nginx/
mkdir keygroup
cd keygroup

Next, you need to run the following command to create a key group

openssl dhparam -out dhsecure.pem 2048

The next step is to add a new key group to your NGINX configuration

cd /etc/nginx/
vi .conf

Next, add ssl_dhparam ... a line of code that is visible below inside each SSL server block and then update all server blocks. Update all blocks of your SSL server accordingly

server {
listen 443 ssl;
...
location / {
...
ssl_dhparam /etc/nginx/keygroup/dhsecure.pem
...
}

Then a reboot of the NGINX web server should follow

service nginx reload

Finally, test the server again with SSL certificate verification

The topic of security has always been relevant in the IT industry. In this article we will give some tips on how to secure your server and try to help to ensure that your server is not subjected to threats and attacks.

Last failed login: Mon Apr 15 13:52:45 MSK 2017 from 1.1.1.1 on ssh:notty
There were 4395 failed login attempts since the last successful login.

If you found approximately such a message during your authorization to the server, it means that unsuccessful authorization attempts were made by someone else. Malicious users pick up SSH passwords purposefully (automatically, or using programmed infected computers).

Configure authorization from specific IP

Configure authorization from specific IP If you plan to connect to the server and conduct work only strictly from one device and / or only from certain IP addresses, you can enter the following lines:

/etc/hosts.deny
sshd: ALL

In this file:

/etc/hosts.allow
Sshd: Your IP address

Thus, SSH access for all subnets except the specified one will be denied. After that, you need to restart the service using the service:

service sshd restart

Change SSH port

To change the SSH port you need to uncomment this file /etc/ssh/sshd_config and change Port 22 to a free one, it can be any number up to 65536

After that, you need to start the server with the command:

service sshd restart

Use SSH keys

The advantage and advantage of this method is that you can be authorized on the server without regularly having to send your password through the network.

Even if someone listens on your connection, he will not have the opportunity to intercept and crack your password, since in fact it is never transmitted. Also, using SSH to identify keys eliminates the risk associated with brute-force attacks, by significantly reducing the attacker’s chance to guess the correct credentials.
The key pair is created using the command

ssh-keygen

The private key (file without extension) is copied to the PC, and the public key (keyname.pub) is copied to the file on the server. .ssh / authorized_keys

In order to disable password authorization, in the same SSH configuration, you need to change the PasswordAuthentication yes directive to PasswordAuthentication no and restart the service – authorization will remain only with the SSH key.