Securing my Win VPS
- Thread starter rich
- Start date
the Firewall works just fine, we run it be default on every new VPS now, I will make some notes in this about it later today for reference.
you can't run a VPS installed AV scanner, with VPS services there is a mail scanner for drWeb.
If you need a AV scan done on your VPS you can mail(send ticket to) us to request.
I also will be mailing you regarding some IPs later today, as I just last night got in to Miami.
you can't run a VPS installed AV scanner, with VPS services there is a mail scanner for drWeb.
If you need a AV scan done on your VPS you can mail(send ticket to) us to request.
I also will be mailing you regarding some IPs later today, as I just last night got in to Miami.
here is a script you can put on your VPS, name it firewall.bat, or firewall.cmd
then run the file and it will enable AND configure a base firewall(without being configured you will lock youself out)
netsh firewall set opmode enable
netsh firewall set portopening protocol=TCP port=3389
netsh firewall set portopening protocol=TCP port=20 name="FTP-Data"
netsh firewall set portopening protocol=TCP port=21 name="FTP"
netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP"
netsh firewall set portopening protocol=TCP port=8880 name="Plesk-VZPP-PP"
netsh firewall set portopening protocol=TCP port=80 scope=all profile=all
netsh firewall set portopening protocol=TCP port=443 name="IIS-Secure"
netsh firewall set portopening protocol=TCP port=110 name="POP3"
netsh firewall set portopening protocol=TCP port=25 name="SMTP"
netsh firewall set portopening protocol=TCP port=53 name="DNS"
netsh firewall set portopening protocol=UDP port=53 name="DNS-UDP"
pause 10
now this will block passive FTP, there are some tips to making the firewall and IIS work together and I will post them later today.
then run the file and it will enable AND configure a base firewall(without being configured you will lock youself out)
netsh firewall set opmode enable
netsh firewall set portopening protocol=TCP port=3389
netsh firewall set portopening protocol=TCP port=20 name="FTP-Data"
netsh firewall set portopening protocol=TCP port=21 name="FTP"
netsh firewall set portopening protocol=TCP port=4643 name="VZCP"
netsh firewall set portopening protocol=TCP port=8443 name="Plesk-VZPP"
netsh firewall set portopening protocol=TCP port=8880 name="Plesk-VZPP-PP"
netsh firewall set portopening protocol=TCP port=80 scope=all profile=all
netsh firewall set portopening protocol=TCP port=443 name="IIS-Secure"
netsh firewall set portopening protocol=TCP port=110 name="POP3"
netsh firewall set portopening protocol=TCP port=25 name="SMTP"
netsh firewall set portopening protocol=TCP port=53 name="DNS"
netsh firewall set portopening protocol=UDP port=53 name="DNS-UDP"
pause 10
now this will block passive FTP, there are some tips to making the firewall and IIS work together and I will post them later today.
I forgot to update this with the Passive FTP information.
in order to run passive FTP you need to configure a larger port range and firewall rules matching that range in order for it to work.
Make the following a batch or cmd file and run it, it will do the task.
in order to run passive FTP you need to configure a larger port range and firewall rules matching that range in order for it to work.
Make the following a batch or cmd file and run it, it will do the task.
Code:
Echo OFF
ECHO ADDING PORT RANGE TO IIS
C:\Inetpub\AdminScripts\adsutil.vbs set /MSFTPSVC/PassivePortRange "5500-5550"
ECHO OPENING FIREWALL PORTS
FOR /L %%I IN (5500,1,5550) DO NETSH FIREWALL ADD PORTOPENING TCP %%I FTPPort%%I
iisreset
ECHO FINISHED
PauseHi Stephen
My question not directly related to firewall but to some extent to security of VPS. I know a lot of softwares that scap the complete websites. I am planning to host a B2B directory. So if someone try to scrap it, I'll lose a lot of by bandwidth on such nonsense users.
Can you suggest a better way to handle/block such scapers?
Cheers
Yogesh
My question not directly related to firewall but to some extent to security of VPS. I know a lot of softwares that scap the complete websites. I am planning to host a B2B directory. So if someone try to scrap it, I'll lose a lot of by bandwidth on such nonsense users.
Can you suggest a better way to handle/block such scapers?
Cheers
Yogesh