Securing my Win VPS

rich

Guppy
Im running PLesk on my VPS and notice that the Firewall is disabled and im not able to enable the firewall.

Q1. How do I enable the firewall

Q2. Should I be running an AV on the server? If so, what do you recommend?

Thanks
Rich
 
the Firewall works just fine, we run it be default on every new VPS now, I will make some notes in this about it later today for reference.

you can't run a VPS installed AV scanner, with VPS services there is a mail scanner for drWeb.

If you need a AV scan done on your VPS you can mail(send ticket to) us to request.

I also will be mailing you regarding some IPs later today, as I just last night got in to Miami.
 
here is a script you can put on your VPS, name it firewall.bat, or firewall.cmd

then run the file and it will enable AND configure a base firewall(without being configured you will lock youself out)

netsh firewall set opmode enable
netsh firewall set portopening protocol=TCP port=3389
netsh firewall set portopening protocol=TCP port=20 name="FTP-Data"
netsh firewall set portopening protocol=TCP port=21 name="FTP"
netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP"
netsh firewall set portopening protocol=TCP port=8880 name="Plesk-VZPP-PP"
netsh firewall set portopening protocol=TCP port=80 scope=all profile=all
netsh firewall set portopening protocol=TCP port=443 name="IIS-Secure"
netsh firewall set portopening protocol=TCP port=110 name="POP3"
netsh firewall set portopening protocol=TCP port=25 name="SMTP"
netsh firewall set portopening protocol=TCP port=53 name="DNS"
netsh firewall set portopening protocol=UDP port=53 name="DNS-UDP"
pause 10

now this will block passive FTP, there are some tips to making the firewall and IIS work together and I will post them later today.
 
I forgot to update this with the Passive FTP information.

in order to run passive FTP you need to configure a larger port range and firewall rules matching that range in order for it to work.

Make the following a batch or cmd file and run it, it will do the task.
Code:
Echo OFF
ECHO ADDING PORT RANGE TO IIS
C:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5550"

ECHO OPENING FIREWALL PORTS
FOR /L %%I IN (5500,1,5550) DO NETSH FIREWALL ADD PORTOPENING TCP %%I FTPPort%%I
iisreset
ECHO FINISHED
Pause
 
Hi Stephen

My question not directly related to firewall but to some extent to security of VPS. I know a lot of softwares that scap the complete websites. I am planning to host a B2B directory. So if someone try to scrap it, I'll lose a lot of by bandwidth on such nonsense users.

Can you suggest a better way to handle/block such scapers?

Cheers
Yogesh
 
Forgot to mention. I did a lot of googling for this issue but could not find perfect answers.

Cheers
Yogesh
 
It is hard to prevent screen scrapes, it seems to be that every means to stop it someone comes to get around it. SWsoft has a built in system for protecting against hotlinking that can help some as well.
 
Back
Top