@danami,
Do you have a bad day then?
OVH is quite expensive and the tools you are referring to (i.e. DDoS protection) are nothing else that hardware and/or software based solutions. Nothing new there.
It is not a "good or outstanding" feature, all or most (large) hosting providers have the same tools, but they do not boast about it: it is simply "on" automatically, as part of the network infrastructure and the implementation of "common and good practice".
Again, never mind.
The firehol project is interesting, but a little bit strange and a re-invention of the wheel: for instance, cisco based lists are better and more elaborate, just other commercial lists (note: there are various very interesting paid-for solutions, with huge potential. I will not bother to mention them, they are really costly).
The advantage of this project is the sharing of knowledge and information, the disadvantage is that the list is as good as the "people contributing".
To compare, the "OVH solution" is associated with a lot of false positives (almost any IP passes) and the "Firehol solution" (or any other IP blacklist solution) is associated with a lot of false negatives (too much IPs are banned, including the genuine IPs).
By the way, a rare type of attack (usually used to perform an attack on huge companies) is the following: start a simple attack (in order to learn about the "defense policies" of a set of servers), create a DDoS (to weaken the system and often monitor admin traffic, since they have to intervene) AND add the most important IPs (that are crucial to maintain a set of servers) to a blacklist. The blacklist addition often results in the sysadmins not being able to access the system remotely, limiting access to server and rack spaces in the datacenter. That takes time and/or there is always the weak link in the infrastructure that can be attacked and entered (when the system is almost fully down). And there it is, the backport to the system, but it does not end there. The hackers will often bring the system online again, as if nothing has happened. There you have it, an accesspoint to have a peek.
So, in short, blacklists are not always your best friend.
Another reason for that is that most blacklist do allow traffic from the contributor´s servers: a type of whitelisting, also used by hackers.
And there are the couple of blacklists that are actually used to whitelist bad IPs.
Note that I do not write this for you, but for the general forum member, interested in the concept of blacklists and the advantages/disadvantages thereof.
Personally, I find firewalls, fail2ban, blacklists and similar tools to be overrated for 2 reasons:
1) just use a proxy as a first line of defense, with huge capacity and possibilities,
2) just spend time to write scripts (to be run at the proxy end) that actually check for BAD CODE (and not bad IPs)
and that actually is what large providers (microsoft, amazon, google) do.
With respect to:
1. I contribute Plesk related patches patches and donate money to the CSF project on a regular basis. You can install and run CSF with no Juggernaut interface if you want. It's completely free. I've also given away all my Firehol work to CSF which you can use for free.
I can only say: nice to hear.
Again, CSF does not work nicely with Plesk (and CSF has some bug and vulnerability issues).
With respect to:
2. I've also reported Plesk security vulnerabilities privately to the Plesk team making Plesk more secure.
I can mention that I have seen some of them and I must admit that they are sometimes actually adding value.
Problem is that not everything is patched according to your recommendations, the same applies if I make a recommendation or request.
Just accept that Plesk is just as safe or just as vulnerable as any other standard package on the market.
Most security fixes are added to the package itself, by the package author and contributors, after which Plesk uses the latest release of the fixed package.
That is the way it works in the linux world: it can take weeks, months and even years before
known security issues are fixed.
You know what, I have to say the following: in the more than ten years of running a lot of servers (note the understatement), we have never had issues with security.
If you ask me, the reason for that is that we have never used any fancy stuff/tools AND we never make a fuss about the hot topic of security.
Really, the basic rule is: do not increase the attack surface (and more tools means more attack surface, also applies to tools that are intended to increase security).
Anyway, thanks for the (implicit) tip that Juggernaut is essentially a version of CSF, which can be obtained for free or a small donation.
I certainly value and appreciate your honesty, this type of sharing information is valuable for forum members.
If someone wants to use something like CSF, one can first test for free with CSF and, afterwards, try the (more expensive) Juggernaut (that is more user friendly).
Regards....
Facebook
Twitter
