Why You Should Use a VPN While Traveling or Using Public Networks

In today’s interconnected world, the convenience of accessing the internet from virtually anywhere is a double-edged sword. Public networks—whether in airports, cafes, hotels, or malls—offer easy internet access but come with significant security risks. One of the most effective ways to protect your data and privacy in such situations is by using a Virtual Private Network (VPN). This article explores why you should use a VPN while traveling or on public networks and why setting up your own private VPN on a small VPS is a better choice than relying on commercial VPN services.

The Risks of Public Networks

When you connect to public Wi-Fi networks, you expose your data to several threats, including:

  1. Man-in-the-Middle (MITM) Attacks: Cybercriminals can intercept data transmitted between your device and the network, gaining access to sensitive information such as passwords, emails, and financial details.
  2. Data Snooping: Without encryption, your browsing activities, login credentials, and other data are visible to anyone with the right tools on the same network.
  3. Fake Wi-Fi Hotspots: Hackers can set up rogue hotspots designed to steal data from unsuspecting users who connect to them.
  4. Malware Distribution: Public networks can be used to inject malware into devices, compromising your security further.

Why Use a VPN?

A VPN creates a secure, encrypted tunnel between your device and the internet, protecting your data from prying eyes. Here’s how a VPN can safeguard your online activities:

  1. Encryption: VPNs encrypt your internet traffic, ensuring that even if it’s intercepted, the data is unreadable.
  2. Anonymity: By masking your IP address, VPNs make it harder for third parties to track your online activities.
  3. Access to Restricted Content: VPNs can bypass geo-restrictions, allowing you to access websites or services that may be unavailable in certain regions.
  4. Protection on Public Networks: VPNs shield your data from the inherent vulnerabilities of public Wi-Fi.

The Problem with Commercial VPNs

While commercial VPNs offer convenience, they come with their own set of issues:

  1. Trust Issues: You’re placing your trust in a third-party company to handle your data. Many commercial VPN providers have been caught logging user data despite claims of “no-logs” policies.
  2. Performance: Shared infrastructure can result in slower speeds and inconsistent performance, especially during peak usage hours.
  3. Cost: Subscription fees for commercial VPNs can add up over time.
  4. Security Concerns: Some providers may use weak encryption protocols or lack transparency about their practices.

Why Set Up Your Own Private VPN on a VPS

A better alternative to using commercial VPNs is to set up your own private VPN on a small VPS. Here’s why this approach stands out:

  1. Complete Control: By setting up your own VPN, you control how your data is handled and stored.
  2. Enhanced Privacy: No third-party provider can log your data, as you manage the entire setup.
  3. Cost-Effective: Many VPS providers, like Hosteons, offer affordable plans that make it economical to run your private VPN.
  4. Customizability: You can configure your VPN to meet your specific needs, including advanced encryption settings and protocols.
  5. Performance: Since the VPN is exclusively yours, you avoid the performance issues common with shared commercial VPNs.

Setting Up a Private VPN on a VPS

Setting up a private VPN on a VPS might sound technical, but it’s more straightforward than you think. Popular software like OpenVPN or WireGuard can be installed and configured on your VPS with the help of readily available tutorials. Once set up, your private VPN provides the same level of security as commercial options—without the downsides.

Conclusion

Using a VPN while traveling or connecting to public networks is essential for safeguarding your data and privacy. However, instead of relying on commercial VPN services, setting up your own private VPN on a small VPS offers better privacy, control, and performance at a lower cost. With providers like Hosteons offering affordable VPS solutions, there’s never been a better time to take charge of your online security.

Automating SMTP Port Management Across VPS Nodes: A Step-by-Step Guide for Virtualizor based KVM VPS Nodes

If you manage multiple VPS nodes and offer SMTP services selectively to clients, automating the management of IP sets can save significant effort. In this guide, we’ll walk through how we automated the synchronization of SMTP-enabled IPs across over 100 VPS nodes.

This tutorial has been tested and is fully operational on Virtualizor-based KVM VPS nodes. The script is configured to run at 1-hour intervals by default, but you can adjust the interval depending on your requirements and available resources. It can be set up on a separate server, on the same server as WHMCS, or another VPS. If using the WHMCS server, ensure it is properly secured, as this script has access to all your servers.


Prerequisites

  1. Python 3.x installed on your system.
  2. Required Python libraries:
   pip install paramiko pandas
  1. WHMCS with VPS product configurations.
  2. SSH access to all VPS nodes and the WHMCS server.
  3. ipset installed and configured on each VPS node.
  4. Proper iptables rules set up on all VPS nodes (detailed below).

Required iptables and ipset Configuration on VPS Nodes

To manage SMTP access effectively, you need the following iptables and ipset rules configured on all VPS nodes. These rules must also persist across reboots:

modprobe br_netfilter
ipset create allowed_ips hash:ip
iptables -F
iptables -P FORWARD DROP
iptables -I FORWARD -m set --match-set allowed_ips src -o viifbr0 -p tcp --dport 25 -j ACCEPT
iptables -I FORWARD -m set --match-set allowed_ips dst -o viifbr0 -p tcp --dport 25 -j ACCEPT

iptables -A FORWARD -o viifbr0 -p tcp --dport 25 -j REJECT
iptables -A FORWARD -o viifbr0 -j ACCEPT
service iptables save 

These rules ensure that SMTP traffic is blocked by default unless explicitly allowed via ipset. Ensure the rules are applied on every reboot of the VPS nodes.


Overview of the Solution

  1. Fetch VPS Configuration from WHMCS: Retrieve a JSON file listing VPS configurations, including SMTP-enabled status and associated IPs.
  2. Process Data: Parse the JSON file to extract primary and additional IPs for SMTP-enabled VPSs.
  3. Sync IP Sets Across Nodes: Use ipset to update allowed IPs for SMTP on each node. This includes adding or removing IPs as needed.
  4. Parallel Execution: Speed up the process by handling multiple nodes concurrently with Python threading.

Implementation

1. Create the Excel File for Node Information

The Python script uses an Excel file to identify the SSH IPs and ports of all VPS nodes. Create an Excel file in the following format:

IP AddressSSH Port
192.168.1.10022
192.168.1.1012222

Save this file as securecrt_servers.xlsx and ensure it is accessible to the script.

2. Fetch VPS Data from WHMCS

Add a hook in WHMCS to export VPS data:

File: /path/to/whmcs/includes/hooks/export_vps_data.php

<?php

use Illuminate\Database\Capsule\Manager as Capsule;

add_hook('AfterCronJob', 100, function($vars) {
    $logFile = __DIR__ . '/export_hook_debug.log';
    $filePath = __DIR__ . '/vps_data.json';

    try {
        $vpsData = Capsule::table('tblhosting')
            ->join('tblproducts', 'tblhosting.packageid', '=', 'tblproducts.id')
            ->join('tblclients', 'tblhosting.userid', '=', 'tblclients.id')
            ->leftJoin('tblhostingconfigoptions', 'tblhosting.id', '=', 'tblhostingconfigoptions.relid')
            ->leftJoin('tblproductconfigoptions', 'tblhostingconfigoptions.configid', '=', 'tblproductconfigoptions.id')
            ->select(
                'tblclients.firstname',
                'tblclients.lastname',
                'tblhosting.dedicatedip',
                'tblhosting.assignedips',
                'tblhosting.domain',
                'tblproducts.name as productname',
                'tblproductconfigoptions.optionname',
                'tblhostingconfigoptions.optionid'
            )
            ->where('tblproducts.type', 'server')
            ->where('tblhosting.domainstatus', 'Active')
            ->get();

        $formattedData = [];
        foreach ($vpsData as $vps) {
            $smtp_enabled = false;
            if (stripos($vps->optionname ?? '', 'SMTP Access') !== false && $vps->optionid > 0) {
                $smtp_enabled = true;
            }

            $formattedData[] = [
                'client_name' => $vps->firstname . ' ' . $vps->lastname,
                'primary_ip' => $vps->dedicatedip,
                'additional_ips' => $vps->assignedips,
                'domain' => $vps->domain,
                'product_name' => $vps->productname,
                'smtp_enabled' => $smtp_enabled,
            ];
        }

        file_put_contents($filePath, json_encode($formattedData, JSON_PRETTY_PRINT));
    } catch (Exception $e) {
        file_put_contents($logFile, "Error: " . $e->getMessage() . PHP_EOL, FILE_APPEND);
    }
});

3. Configure SMTP Access Using WHMCS Configurable Options

To enable or disable SMTP for a VPS:

  1. Set Up a Configurable Option:
  • Go to WHMCS Admin > Products/Services > Configurable Options.
  • Create an option named SMTP Access with values such as Enabled and Disabled.
  1. Client Self-Management (Optional):
  • If you want clients to manage this option while ordering or upgrading, associate the configurable option with the product.
  1. Manual Control:
  • To keep SMTP access manual, hide the configurable option from clients and enable or disable it directly in the admin panel.

Note: Changes to SMTP access will take effect within the interval configured for the sync script (default: 1 hour).

4. Automate Syncing with Python

File: /path/to/script/smtp_sync.py

import requests
import subprocess
import paramiko
import ipaddress
import os
import pandas as pd
import re
import json
from concurrent.futures import ThreadPoolExecutor

DEBUG = True

NODES_FILE_PATH = '/path/to/securecrt_servers.xlsx'
nodes_df = pd.read_excel(NODES_FILE_PATH)
NODES = [
    {"host": row["IP Address"], "port": row["SSH Port"]}
    for _, row in nodes_df.iterrows()
]

IPSET_NAME = "allowed_ips"
ERROR_LOG_FILE = "node_errors.log"
WHMCS_SERVER = {
    "host": "whmcs-server-ip",
    "user": "your-whmcs-user",
    "port": 22,
    "key_path": os.path.expanduser("~/.ssh/id_rsa")
}
REMOTE_VPS_FILE = "/path/to/whmcs/hooks/vps_data.json"
LOCAL_VPS_FILE = "/tmp/vps_data.json"

# Define functions for fetching, processing, and syncing IPs
# See the complete script in the provided implementation.

Cron Job Setup

Run the Python script every hour by adding it to your crontab:

crontab -e

Add the following line:

0 * * * * /usr/bin/python3 /path/to/script/smtp_sync.py >> /var/log/smtp_sync.log 2>&1

Benefits of the Solution

  1. Automated Management: No manual updates to IP sets are required.
  2. Scalability: Handles hundreds of nodes efficiently using multithreading.
  3. Reliability: Synchronization ensures consistent SMTP access control across all nodes.

How to Secure Your WhatsApp Account: A Comprehensive Guide

whatsapp security

In an era where digital communication is a lifeline, securing your WhatsApp account is more important than ever. With over 2 billion users globally, WhatsApp is a popular target for hackers and cybercriminals. Protecting your account ensures your personal chats, media, and private information remain safe from prying eyes. At Hosteons, we understand the importance of security in the digital age. Here’s a guide to help you secure your WhatsApp account effectively.


1. Enable Two-Step Verification

Two-step verification adds an extra layer of security to your WhatsApp account by requiring a PIN in addition to your phone number.

  • How to enable:
    1. Open WhatsApp and go to Settings.
    2. Navigate to Account > Two-Step Verification.
    3. Tap Enable, set a six-digit PIN, and add a recovery email address.

This ensures that even if someone gets access to your SIM card, they cannot access your WhatsApp account without the PIN.


2. Protect Your SIM Card

Your WhatsApp account is tied to your phone number, so securing your SIM card is crucial.

  • Use a SIM lock to prevent unauthorized access.
  • Avoid sharing your mobile number publicly or on untrusted platforms.

Consider enabling a SIM PIN from your phone’s settings to add another layer of protection.


3. Avoid Clicking on Suspicious Links

Phishing scams are a common tactic used by hackers to steal WhatsApp accounts.

  • Never click on links from unknown sources, especially if they promise rewards, gifts, or lottery winnings.
  • Verify the sender’s identity before engaging with any link.

4. Regularly Check Active Sessions

WhatsApp Web is a convenient feature, but it can also be a security risk if left open on shared devices.

  • How to check:
    1. Go to Settings > Linked Devices.
    2. Review all active sessions and log out of any device you don’t recognize.

This ensures no one is secretly accessing your account from another device.


5. Be Cautious with Verification Codes

Verification codes are key to accessing your WhatsApp account.

  • Never share your verification code with anyone, even if they claim to be from WhatsApp support.
  • WhatsApp will never ask for your verification code via messages or calls.

6. Keep Your App Updated

Regular updates ensure your app is protected from the latest vulnerabilities and threats.

  • Enable automatic updates on your device to ensure you’re always running the latest version of WhatsApp.

7. Use End-to-End Encryption

WhatsApp provides end-to-end encryption by default, ensuring that your messages and calls remain private.

  • To verify encryption for specific chats, open the chat, tap the contact’s name, and check the Encryption section.

Avoid third-party apps that claim to enhance WhatsApp functionality, as they can compromise your data.


8. Educate Yourself About Common Scams

Be aware of common WhatsApp scams, such as:

  • Impersonation scams where hackers pretend to be someone you know.
  • “Friend in distress” scams, where hackers claim your friend is in trouble and ask for money.
  • Fake technical support calls claiming to be from WhatsApp.

Always verify any unusual request or message before responding.


9. Backup Wisely

While backups are essential, they can also be a vulnerability if not secured.

  • Use encrypted backups when storing your chats on Google Drive or iCloud.
  • Avoid storing backups on shared or untrusted devices.

10. Monitor for Suspicious Activity

If you notice any unusual activity on your WhatsApp account, such as missing chats or unfamiliar messages, act immediately:

  • Log out of all devices from Linked Devices.
  • Re-enable two-step verification and update your PIN.
  • Contact WhatsApp support if you suspect your account has been compromised.

Conclusion

Securing your WhatsApp account is not just about protecting your conversations; it’s about safeguarding your privacy and digital identity. By implementing these measures, you can enjoy the convenience of WhatsApp without compromising your security.

At Hosteons, we prioritize your digital safety, whether you’re managing your hosting account or your personal apps. For more tips on staying secure in the digital world, stay tuned to our blog.


Stay Secure, Stay Safe!
For more cybersecurity tips or hosting solutions, visit Hosteons.