Stay away from AMD EPYC based VPS Providers

Some german researches have found a flaw in the AMD EPYC CPU architecture and were able to read all data of VPS hosted with AMD EPYC based CPU, and it seems currently there is no patch for it so it’s best to stay away from it for now, more information is available at:

https://www.techrepublic.com/article/encryption-of-amd-epyc-vms-can-be-broken-researchers-prove/

 

AMD responds to security flaws in its EPYC virtual machine encryption

 

We at Hosteons are not using AMD EPYC CPU, we are using Dual XEONS for VPS Hosting

How to enable iptables in CentOS 7

Just use the following commands to disable firewalld and enable the good old iptables in any CentOS 7 based VPS or server:

[root@test2 ~]# systemctl stop firewalld

[root@test2 ~]# systemctl mask firewalld
Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

[root@test2 ~]# yum install -y iptables iptables-services
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.centos.org
* extras: mirror.centos.org
* updates: mirror.centos.org
base | 3.6 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Package iptables-1.4.21-24.1.el7_5.x86_64 already installed and latest version
Resolving Dependencies
–> Running transaction check
—> Package iptables-services.x86_64 0:1.4.21-24.1.el7_5 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================================================================
Package Arch Version Repository Size
=========================================================================================================================================
Installing:
iptables-services x86_64 1.4.21-24.1.el7_5 updates 51 k

Transaction Summary
=========================================================================================================================================
Install 1 Package

Total download size: 51 k
Installed size: 25 k
Downloading packages:
iptables-services-1.4.21-24.1.el7_5.x86_64.rpm | 51 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : iptables-services-1.4.21-24.1.el7_5.x86_64 1/1
Verifying : iptables-services-1.4.21-24.1.el7_5.x86_64 1/1

Installed:
iptables-services.x86_64 0:1.4.21-24.1.el7_5

Complete!
[root@test2 ~]#

[root@test2 ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@test2 ~]#
[root@test2 ~]# systemctl start iptables

How to update SSH Port in CentOS 7

Update SSH Port in CentOS 7

Here are few simple steps on how to update SSH Port in CentOS 7 VPS or Dedicated Server

Edit the SSHD configuration file :

nano -w /etc/ssh/sshd_config

(if nano is not installed use any other text editor or install it with yum -y install nano)

and change the Port number from 22 to any custom port you choose :

e.g. Port 18989

Make sure to even remove the # mark before Port

Save the config file

SELinux is enabled by default in CentOS 7 so you need to even inform SELinux to change the SSH Port else it won’t allow you to restart SSHD with new Port.

To run semanage for updating SSHD Port you nee to first install policycoreutils, install it with :

yum -y install policycoreutils-python

now update SeLinux policy to allow new port for SSH service. to do this, run below :

semanage port -a -t ssh_port_t -p tcp 18989

now you need to update Firewall policy to allow new SSH Port, to do this run below :

firewall-cmd –permanent –zone=public –add-port=18989/tcp
firewall-cmd –reload
systemctl restart sshd.service

SSHD Port is now updated, you can now connect to your new SSH Port: 18989

Free upgrade to Gigabit port for all VPS (Beta)

We have temporarily removed the 100Mbps cap from all VPS, if you think your VPS is still capped at 100Mbps, please just reboot it once from your VPS control panel and it should switch to full unmetered Gigabit Port, but please note we are just testing with Gigabit port, if we find that giving uncapped Gigabit port is affecting overall performance of our VPS services then we may again cap it to 100Mbps unmetered but for now all VPS should work on Gigabit Port

Setup OpenVPN on a KVM Based VPS like hosteons

install openvpn on lvm based vps

Just run following command as root on a CentOS / Ubuntu / Debian based VPS or Dedicated Server and follow the prompts to install OpenVPN:

wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh

Once it ends, you can run it again to add more users, remove some of them or even completely uninstall OpenVPN.

It works even on the cheapest VPS Package provided by hosteons.com

 

Quick setup of L2TP or IPsec VPN on CentOS, Ubuntu or Debian

One line setup:

First get a fresh install of Ubuntu LTS, Debian or CentOS on your hosteons VPS or Dedicated Server (VPS should be KVM based not OpenVZ, if you are using hosteons.com VPS then need not worry as it’s KVM based VPS)

Use following command to set up an IPsec VPN server on Ubuntu or Debian:

wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh

If you are on CentOS then use following command:

wget https://git.io/vpnsetup-centos -O vpnsetup.sh && sh vpnsetup.sh

Your VPN login details will be randomly generated, and displayed on screen when finished.

Also it’s best to run these commands in a screen session to avoid any interruptions due to any reasons.

Custom Setup of VPN:

Ubuntu and Debian:

Make sure your VPS/Dedicated server is upto date, you can do it with following commands:

apt-get update && apt-get dist-upgrade

and reboot.

Now Edit the script and provide your own VPN credentials:

wget https://git.io/vpnsetup -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]

sudo sh vpnsetup.sh

CentOS:

Make sure your VPS/Dedicated server is upto date, you can do it with following commands:

yum -y update

(if you are using hosteons.com vps then need not worry, our templates update everything when the VPS is setup)

Now Edit the script and provide your own VPN credentials:

wget https://git.io/vpnsetup-centos -O vpnsetup.sh
nano -w vpnsetup.sh
[Replace with your own values: YOUR_IPSEC_PSK, YOUR_USERNAME and YOUR_PASSWORD]

sh vpnsetup.sh

 

Your VPN server is now ready, just connect using the Shared Key, username and password you provided during setup or displayed on script, depending upon how you setup your VPN.

Benefits of KVM VPS over other virtualisation technology

1. Dedicated Resources: KVM VPS are not like shared servers or other types of virtualisation e.g. OpenVZ where resources are shared among users, with KVM VPS you get dedicated resources as it’s not possible to oversell resources with KVM Virtualisation. If you have a KVM VPS from hostEONS.com you can be sure that you are getting the exact same amount of resources as you ordered. With OpenVZ it’s very easy to oversell all resources on the server but not with KVM.

2. Free from neighbourhood troubles: If you are using KVM VPS from hosteons.com you need not worry about bad scripts or softwares being run by other users on the same server because with KVM since all VPS runs on their own dedicated resources, any abusive activity by another VPS user won’t affect your VPS. Since you have full control over your VPS you can keep your VPS updated and secure and need not worry even if your neighbourhood VPS users are updated/secure or not.

3. Dedicated IP for mail and other activities: Hosteons VPS comes with dedicated IP with full RDNS control hence you need not worry about other VPS users spoiling IP reputation, and since you get RDNS control you can be sure that your mail will be delivered to the inbox of the recipient and won’t get bounced or going to junk mail.

4. Quick Reboot and Reinstalls: Hosteons KVM VPS comes with SolusVM control panel which gives complete control for Reboot, Reinstalls as well as VNC access

Upgrade to Kernel 4.x on CentOS 6/CentOS 7/ RHEL 7

Upgrade Linux Kernel to 4.x

Kernel 4.x is highly optimised and gives a lot of boost in performance to all Linux servers, here are few simple commands to upgrade your Kernel to 4.x on your CentOS 6 / CentOS 7 / RHEL 7 VPS (It will work with any KVM Based VPS like the ones provided by hosteons.com) or Dedicated server :

CentOS 6 / RHEL 6:

rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

rpm -Uvh http://www.elrepo.org/elrepo-release-6-8.el6.elrepo.noarch.rpm

yum install yum-plugin-fastestmirror

yum –enablerepo=elrepo-kernel install kernel-ml

Now update /etc/grub.conf and make sure the new kernel 4.x is selected as default kernel and just reboot your VPS/Dedicated Server to use the new kernel.

CentOS 7/RHEL 7:

rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

yum install yum-plugin-fastestmirror

yum –enablerepo=elrepo-kernel install kernel-ml

Now update /etc/grub.conf and make sure the new kernel 4.x is selected as default kernel and just reboot your VPS/Dedicated Server to use the new kernel.