Category: Tutorials

šŸ›”ļø How to Check If Your VPS Is Compromised or Infected

Leave a Comment on šŸ›”ļø How to Check If Your VPS Is Compromised or Infected

If your VPS is behaving strangely, running slow, or using more resources than expected, it could be compromised. Hereā€™s a simple step-by-step guide for Hosteons clients to help detect common signs of infection or unauthorized access.

āœ… Step 1: Check for Unusual CPU or Memory Usage

Start by checking if any process is consuming excessive resources:

top

or use:

htop

Look for unfamiliar processes, especially those using a high percentage of CPU or memory.

šŸ§  Step 2: Check for Unknown Network Connections

You can inspect open ports and active connections with:

ss -tulnp

Also try:

netstat -antup

Check for unknown IP addresses or ports your VPS shouldnā€™t be using (e.g., cryptomining pools, spam servers, etc.).

šŸ” Step 3: Scan Running Processes

List all processes with their command line details:

ps auxf

Watch for suspicious scripts, base64-encoded strings, or unfamiliar binaries.

šŸ” Step 4: Check for New or Unauthorized Users

List all users:

cat /etc/passwd

Check recent logins:

last

Or failed login attempts:

grep "Failed password" /var/log/auth.log

Watch for users or login attempts you donā€™t recognize.

šŸ•µļø Step 5: Inspect Cron Jobs & Scheduled Tasks

Malware often installs cron jobs to maintain persistence:

crontab -l
ls -la /etc/cron*

Look for unusual scripts or scheduled commands.

šŸš Step 6: Scan for Malware

Install and run a malware scanner like Chkrootkit or ClamAV:

Chkrootkit:

apt install chkrootkit   # Debian/Ubuntu
chkrootkit

ClamAV:

apt install clamav
freshclam
clamscan -r /

These tools help detect rootkits, backdoors, and trojans.

šŸ“ Step 7: Check for Suspicious Files

Search for recently modified or hidden files:

find / -type f -mtime -2
find / -name ".*" -type f

Look especially in /tmp, /var/tmp, or /dev/shm ā€” common hiding places for malicious scripts.

šŸ“œ Step 8: Check System Logs

Scan through /var/log/syslog, /var/log/auth.log, and /var/log/messages for any strange activity.

Example:

less /var/log/auth.log

Use grep to search for specific keywords like root, sudo, fail, etc.

šŸšØ What to Do If You Suspect a Compromise

If you suspect your VPS has been compromised:

1. Disconnect from the internet (disable the network interface).

2. Back up important data (be cautious with infected files).

3. Open a support ticket with Hosteons: https://my.hosteons.com

4. Consider wiping and reinstalling the OS for full peace of mind.

5. Change all relevant passwords and SSH keys.

šŸ§Æ Prevention Tips

ā€¢ Use strong passwords and SSH keys

ā€¢ Keep your software and OS updated

ā€¢ Disable root login and use a non-root user with sudo

ā€¢ Set up a firewall like ufw

ā€¢ Regularly monitor your server

Stay secure,

The Hosteons Team

How to Set Up V2RaySSR on Your VPS ā€“ A Complete Guide

Leave a Comment on How to Set Up V2RaySSR on Your VPS ā€“ A Complete Guide

If youā€™re looking for a powerful, secure, and flexible proxy solution, V2RaySSR might be just what you need. Itā€™s a custom fork of V2Ray that includes support for ShadowsocksR (SSR), allowing for more advanced configurations and better censorship resistance.

In this post, weā€™ll walk you through how to set up V2RaySSR on your Hosteons VPS step by step.

šŸ” What is V2RaySSR?

V2RaySSR combines the flexibility of V2Ray with the popular ShadowsocksR protocol, offering:

ā€¢ Support for multiple protocols (VMess, VLESS, SSR, SOCKS, etc.)

ā€¢ Strong encryption

ā€¢ Obfuscation methods like WebSocket, TLS, mKCP, and more

ā€¢ Reliable bypassing of network restrictions

Itā€™s a go-to tool for developers, privacy-conscious users, and tech enthusiasts who want full control over their internet traffic.

āœ… What Youā€™ll Need

Before getting started, make sure you have:

ā€¢ A Hosteons VPS (Ubuntu/Debian/CentOS preferred)

ā€¢ Root SSH access

ā€¢ A domain name (optional but recommended for TLS/HTTPS)

ā€¢ Basic familiarity with SSH

šŸ”§ Step 1: Connect to Your VPS

Open your terminal or SSH client and log in to your VPS:

ssh root@your_vps_ip

Replace your_vps_ip with the actual IP of your server.

šŸ“¦ Step 2: Download & Run the V2RaySSR Script

Use the following command to install V2RaySSR via a trusted script:

wget -N --no-check-certificate https://raw.githubusercontent.com/FunctionClub/V2raySSRR/master/v2ray.sh && bash v2ray.sh

This script will guide you through setup options like:

ā€¢ Choosing the protocol (VMess, VLESS, SSR, etc.)

ā€¢ Selecting ports

ā€¢ Enabling TLS (for secure encrypted connections)

ā€¢ WebSocket and fallback options

Take note of the configuration it generates ā€” youā€™ll need it later for your client app.

šŸ§± Step 3: Open Required Ports

Depending on your serverā€™s OS and firewall settings, you might need to manually open the necessary ports.

For Ubuntu/Debian with UFW:

ufw allow 443/tcp
ufw allow 443/udp

For CentOS with firewalld:

firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --permanent --add-port=443/udp
firewall-cmd --reload

šŸ“² Step 4: Set Up Your V2RaySSR Client

Once the server is running, install a client on your device:

ā€¢ WindowsV2RayN

ā€¢ Androidv2rayNG

ā€¢ iOS: Shadowrocket (App Store)

Input the configuration details (UUID, address, port, path, protocol, TLS settings, etc.) provided by the script.

šŸš€ Step 5: Test Your Setup

After everything is configured:

ā€¢ Open your V2Ray client and connect

ā€¢ Visit https://ipinfo.io or https://whatismyipaddress.com to confirm your traffic is routing through the VPS

ā€¢ Check logs in the client app for errors or connection status

šŸ›”ļø Pro Tips

ā€¢ Use a custom domain with Letā€™s Encrypt TLS for added security

ā€¢ Change your UUID regularly to maintain privacy

ā€¢ Keep your script and configuration up to date

ā€¢ Monitor usage to ensure smooth operation and avoid abuse

Start building your own secure proxy with V2RaySSR ā€” all powered by a Hosteons VPS.

How to Configure Your Hybrid Server for Optimal Performance

Leave a Comment on How to Configure Your Hybrid Server for Optimal Performance

Hybrid servers, also known as Virtual Dedicated Servers (VDS), combine the power of dedicated servers with the flexibility of virtual environments. To ensure optimal performance for your hybrid server hosted on Hosteonā€™s cutting-edge Ryzen 7950x infrastructure, follow these key configuration steps:

1. Choose the Right Operating System (OS)

  • Linux vs. Windows: Select an OS based on your application needs. Linux distributions like Ubuntu, CentOS, or Debian are ideal for web servers, while Windows is better for applications requiring .NET frameworks or MSSQL.
  • Ensure your OS is updated with the latest security patches and updates.

2. Allocate Resources Efficiently

  • CPU and RAM: Monitor usage and allocate resources based on application demands. Use tools like htop on Linux or Task Manager on Windows to check resource utilization.
  • Disk Space: Keep at least 20% of your disk space free for optimal performance. Regularly clean up temporary files and unused data.

3. Secure Your Server

  • Firewall Configuration: Set up a firewall using tools like iptables (Linux) or Windows Defender Firewall. Only open necessary ports to reduce vulnerabilities.
  • SSH/Remote Desktop: Use secure SSH keys for Linux and strong passwords or RDP security settings for Windows.
  • Regular Updates: Regularly update your software, plugins, and operating system to patch vulnerabilities.

4. Optimize Network Settings

  • Bandwidth Utilization: Monitor your serverā€™s bandwidth usage to prevent throttling or slowdowns. Tools like iftop can help you visualize usage.
  • DNS Settings: Configure a fast DNS provider to reduce latency.
  • Compression: Enable gzip compression on web servers like Apache or Nginx to improve load times.

5. Configure Web Server for Performance

  • Caching: Implement caching mechanisms like Memcached, Redis, or built-in caching options in Apache and Nginx.
  • HTTP/2 or HTTP/3: Upgrade your web server to use HTTP/2 or HTTP/3 for better performance and reduced latency.
  • Load Balancing: Use load balancers if hosting high-traffic applications.

6. Monitor Server Health

  • Install monitoring tools like Nagios, Zabbix, or Cloud-based monitoring solutions to keep an eye on uptime, resource utilization, and application performance.
  • Set up alerts for CPU, memory, or disk usage thresholds.

7. Database Optimization

  • Indexing: Ensure your databases are properly indexed to speed up queries.
  • Connection Pooling: Use connection pooling to manage multiple database connections efficiently.
  • Backups: Regularly back up your databases and test restoration processes.

8. Backups and Disaster Recovery

  • Utilize Hosteonsā€™ free backup or snapshot feature to create regular backups.
  • Test your recovery processes periodically to ensure minimal downtime in case of failure.

9. Performance Tuning

  • Web Server Settings: Adjust configurations like worker processes in Nginx or MaxClients in Apache to match your traffic needs.
  • Database Settings: Tune MySQL/MariaDB configurations like innodb_buffer_pool_size for better performance.
  • Content Delivery Network (CDN): Integrate a CDN for faster content delivery to users across different geographical locations.

10. Regular Maintenance

  • Perform periodic maintenance like updating software, clearing logs, and defragmenting disks (if using non-SSD storage).
  • Review server logs for unusual activity or errors.

Conclusion

Configuring your hybrid server for optimal performance is an ongoing process. By following these steps and leveraging Hosteonā€™s high-performance Ryzen 7950x servers, you can ensure a seamless and efficient experience for your applications. Donā€™t forget to reach out to Hosteonā€™s 24/7 support team if you need assistance or have any questions about your server configuration.

Start optimizing today and unlock the full potential of your hybrid server!

Mastering DNS Settings for Seamless Hosting

Leave a Comment on Mastering DNS Settings for Seamless Hosting

When it comes to hosting your website, DNS (Domain Name System) settings play a crucial role in ensuring that your site is accessible, reliable, and performs optimally. Misconfigurations in DNS can lead to downtime, slow loading speeds, and even security vulnerabilities. In this guide, we will walk you through the essentials of mastering DNS settings for seamless hosting, helping you deliver a flawless online experience for your users.

What is DNS?

DNS is like the phonebook of the internet. It translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 192.168.1.1) that computers use to locate servers. When users type your domain name into a browser, DNS ensures they are directed to the correct server hosting your website.

Key DNS Records You Need to Know

  1. A Record (Address Record):
  • Maps your domain name to an IPv4 address.
  • Example: example.com -> 192.0.2.1
  1. AAAA Record:
  • Similar to A records but maps to IPv6 addresses.
  • Example: example.com -> 2001:db8::1
  1. CNAME Record (Canonical Name):
  • Used to alias one domain name to another.
  • Example: www.example.com -> example.com
  1. MX Record (Mail Exchange):
  • Directs email to the correct mail server for your domain.
  • Example: mail.example.com -> 10 mailserver.example.com
  1. TXT Record:
  • Allows you to store text information for various purposes like domain verification or SPF (Sender Policy Framework) records.
  • Example: v=spf1 include:_spf.example.com ~all
  1. NS Record (Name Server):
  • Specifies the authoritative name servers for your domain.
  • Example: ns1.example.com, ns2.example.com
  1. PTR Record (Pointer Record):
  • Used for reverse DNS lookups, mapping IP addresses back to domain names.

Setting Up Your DNS for Hosting

  1. Choose Reliable DNS Hosting:
    Opt for a trusted DNS hosting provider with features like global redundancy, fast propagation, and easy-to-use management interfaces.
  2. Point Your Domain to Hosting Servers:
  • Update the A record to point to your hosting serverā€™s IP address.
  • Configure the CNAME record for subdomains like www or blog.
  1. Set Up Email:
  • Use MX records to direct email traffic to your email server.
  • Add SPF, DKIM, and DMARC records to enhance email security.
  1. Enable CDN (Content Delivery Network):
    Use a CNAME record to point your domain or subdomain to your CDN providerā€™s URL for faster content delivery.
  2. Add Security Features:
  • Implement DNSSEC (DNS Security Extensions) to prevent DNS spoofing.
  • Configure TXT records for SPF, DKIM, and DMARC to protect against email fraud.
  1. Monitor and Test DNS Configuration:
    Use tools like dig, nslookup, or online DNS checkers to verify your records and resolve any errors.

Common DNS Pitfalls and How to Avoid Them

  1. Propagation Delays:
  • DNS changes can take up to 48 hours to propagate. Plan ahead to avoid downtime.
  1. Incorrect TTL (Time-to-Live) Settings:
  • Setting TTL too low can lead to frequent lookups, increasing latency. Set an optimal TTL based on your requirements.
  1. Misconfigured Records:
  • Double-check your records to ensure they point to the correct servers.
  1. Ignoring Backup DNS Servers:
  • Always configure secondary (backup) name servers for redundancy.

Advanced Tips for DNS Optimization

  1. Use GeoDNS:
  • Route traffic based on usersā€™ geographical locations for better performance.
  1. Leverage DNS Load Balancing:
  • Distribute traffic across multiple servers to ensure reliability and scalability.
  1. Automate DNS Management:
  • Use APIs or automation tools to update DNS settings quickly, especially for dynamic environments.

Conclusion

Mastering DNS settings is a vital skill for website owners and hosting professionals alike. By understanding the fundamental DNS records, avoiding common pitfalls, and optimizing configurations, you can ensure your website remains accessible, secure, and performs efficiently. At Hosteons, we provide robust hosting solutions that integrate seamlessly with DNS management, helping you focus on growing your online presence without worrying about technical roadblocks.

Need assistance with DNS or hosting? Our support team is available 24/7 to guide you every step of the way. Visit Hosteons to explore our hosting solutions today!

How to Install and Set Up V2Ray or ShadowsocksR (SSR) on Your VPS

Leave a Comment on How to Install and Set Up V2Ray or ShadowsocksR (SSR) on Your VPS

V2Ray and ShadowsocksR (SSR) are popular tools for bypassing internet restrictions and enhancing online privacy. With Hosteons’ VPS, you can easily set up your own private proxy server using V2Ray or SSR. This tutorial will guide you through the installation and configuration process step by step.

Prerequisites

Before you begin, ensure you have:

  1. A VPS: Hosteons provides reliable VPS solutions with root access.
  2. Linux OS: Ubuntu 20.04 or Debian 11 are recommended.
  3. Root Access: Administrative privileges on your VPS.

Step 1: Update Your VPS

Start by updating your system to ensure all packages are up to date:

sudo apt update && sudo apt upgrade -y

Step 2: Install V2Ray

  1. Download the official V2Ray installation script:
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
  1. Start and enable V2Ray:
sudo systemctl start v2ray
sudo systemctl enable v2ray
  1. Confirm that V2Ray is running:
sudo systemctl status v2ray

Step 3: Configure V2Ray

  1. Open the V2Ray configuration file:
sudo nano /usr/local/etc/v2ray/config.json
  1. Add the following basic configuration:
{
  "inbounds": [
    {
      "port": 1080,
      "protocol": "vmess",
      "settings": {
        "clients": [
          {
            "id": "YOUR_UUID",
            "alterId": 64
          }
        ]
      }
    }
  ],
  "outbounds": [
    {
      "protocol": "freedom",
      "settings": {}
    }
  ]
}
  • Replace YOUR_UUID with a unique UUID. Generate one using:
uuidgen
  1. Save and exit the file.
  2. Restart V2Ray to apply the changes:
sudo systemctl restart v2ray

Step 4: Install ShadowsocksR (SSR)

If you prefer SSR over V2Ray, follow these steps:

  1. Clone the SSR repository:
git clone https://github.com/shadowsocksrr/shadowsocksr.git
  1. Navigate to the SSR directory:
cd shadowsocksr
  1. Run the setup script:
bash setup_cymysql.sh
  1. Configure SSR by editing the configuration file:
nano user-config.json

Add the following settings:

{
  "server": "0.0.0.0",
  "server_port": 8388,
  "password": "YOUR_PASSWORD",
  "method": "aes-256-cfb",
  "protocol": "auth_sha1_v4",
  "obfs": "tls1.2_ticket_auth",
  "timeout": 300
}
  • Replace YOUR_PASSWORD with a strong password.
  1. Start the SSR server:
bash run.sh

Step 5: Open Firewall Ports

Allow traffic on the necessary ports for your proxy server:

sudo ufw allow 1080/tcp
sudo ufw allow 8388/tcp
sudo ufw enable

Step 6: Test Your Proxy Server

  1. Download and install a V2Ray or SSR client on your device.
  2. Configure the client with the server details, including IP address, port, and UUID or password.
  3. Connect to the proxy server and verify your connection.

Conclusion

Setting up V2Ray or ShadowsocksR on a VPS from Hosteons enhances your online privacy and allows you to bypass internet restrictions. With this guide, you can deploy your own secure and private proxy server in minutes. If you encounter any issues, Hosteons’ support team is available to assist you.

How to Set Up OpenLiteSpeed, PHP, and MySQL on Your VPS

Leave a Comment on How to Set Up OpenLiteSpeed, PHP, and MySQL on Your VPS
OpenLitespeed Tutorial

OpenLiteSpeed is a high-performance, lightweight web server thatā€™s perfect for hosting websites or applications. Combined with PHP and MySQL, it provides an efficient and reliable stack for serving dynamic content. This guide will walk you through setting up OpenLiteSpeed, PHP, and MySQL on your VPS.

Prerequisites

Before starting, ensure you have:

  1. A VPS: A reliable VPS provider like Hosteons.
  2. Linux OS: Ubuntu 20.04 or Debian 11 (minor adjustments may be needed for other distributions).
  3. Root Access: Administrative privileges on your VPS.

Step 1: Update Your Server

Begin by updating your system to ensure all software is up-to-date:

sudo apt update && sudo apt upgrade -y

Step 2: Install OpenLiteSpeed

  1. Add the OpenLiteSpeed repository:
sudo wget -O - https://repo.litespeed.sh | sudo bash
  1. Install OpenLiteSpeed:
sudo apt install openlitespeed -y
  1. Start OpenLiteSpeed and enable it to run at boot:
sudo systemctl start lsws
sudo systemctl enable lsws
  1. Access the OpenLiteSpeed WebAdmin interface at http://your_server_ip:7080. The default username is admin, and the password can be set with:
sudo /usr/local/lsws/admin/misc/admpass.sh

Step 3: Install MySQL

MySQL is required for managing databases. Install it with:

sudo apt install mysql-server -y

Secure the installation:

sudo mysql_secure_installation

Follow the prompts to set a root password and enhance security settings.

Step 4: Install PHP

OpenLiteSpeed works seamlessly with PHP. To install and configure PHP:

  1. Install PHP and necessary extensions:
sudo apt install lsphp81 lsphp81-mysql -y
  1. Configure OpenLiteSpeed to use PHP:
  • Log in to the WebAdmin panel (http://your_server_ip:7080).
  • Navigate to Server Configuration > External App.
  • Click Add to create a new external application with the following settings:
    • Name: lsphp81
    • Address: uds://tmp/lshttpd/lsphp81.sock
    • Max Connections: 35
    • Environment: PHP_LSAPI_CHILDREN=35
    • Command: /usr/local/lsws/lsphp81/bin/lsphp
  • Save the changes.
  1. Map the external application to your virtual host:
  • Go to Virtual Hosts > Context.
  • Add a new context:
    • Type: CGI
    • URI: /*
    • Handler Name: lsphp81
  • Save and restart OpenLiteSpeed.

Step 5: Test PHP

To confirm PHP is correctly configured:

  1. Create a test PHP file:
echo '<?php phpinfo(); ?>' | sudo tee /usr/local/lsws/Example/html/info.php
  1. Visit http://your_server_ip/info.php in a web browser. You should see the PHP information page.

Step 6: Secure Your Server

  1. Remove the PHP Info File: After testing, delete the PHP info file:
sudo rm /usr/local/lsws/Example/html/info.php
  1. Set Up a Firewall: Allow only necessary ports (HTTP, HTTPS, and OpenLiteSpeed WebAdmin):
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 7080
sudo ufw enable
  1. Enable SSL: Secure your site with Letā€™s Encrypt:
sudo apt install certbot
sudo certbot certonly --webroot -w /usr/local/lsws/Example/html -d your_domain

Configure SSL in the WebAdmin panel under Listeners > SSL.

Conclusion

You now have a fully functional OpenLiteSpeed, PHP, and MySQL stack set up on your VPS. This setup provides a fast and efficient environment for hosting websites or applications. Hosteonsā€™ reliable VPS solutions are perfect for deploying this powerful combination, ensuring optimal performance and support for your hosting needs.

How to Set Up Nginx, PHP, and MySQL on a VPS

Leave a Comment on How to Set Up Nginx, PHP, and MySQL on a VPS

If youā€™re looking to host a website or web application, setting up a reliable server stack is essential. Nginx, PHP, and MySQL provide a powerful combination for serving dynamic content efficiently. This guide will walk you through setting up Nginx, PHP, and MySQL on a Linux VPS from scratch.

Prerequisites

Before starting, ensure you have:

  1. A VPS: A reliable VPS provider like Hosteons.
  2. Linux OS: Ubuntu 20.04 or Debian 11 (other distributions may require slight adjustments).
  3. Root Access: Administrative privileges on your server.

Step 1: Update Your Server

To ensure you have the latest packages and security patches, update your system:

sudo apt update && sudo apt upgrade -y

Step 2: Install Nginx

Nginx is a lightweight, high-performance web server. Install it with the following command:

sudo apt install nginx -y

After installation, start and enable Nginx to run at boot:

sudo systemctl start nginx
sudo systemctl enable nginx

You can check if Nginx is running by visiting your serverā€™s IP address in a web browser. You should see the default Nginx welcome page.

Step 3: Install MySQL

MySQL is a popular relational database management system used for storing application data. Install it using:

sudo apt install mysql-server -y

Once installed, secure the MySQL installation by running:

sudo mysql_secure_installation

Follow the prompts to set a root password, remove test databases, and disallow remote root logins for added security.

Step 4: Install PHP

PHP is a server-side scripting language used for dynamic web content. To install PHP along with necessary extensions, run:

sudo apt install php-fpm php-mysql -y

Step 5: Configure Nginx to Use PHP

By default, Nginx does not process PHP files. You need to configure Nginx to pass PHP requests to the PHP processor.

  1. Open the default Nginx server block configuration:
sudo nano /etc/nginx/sites-available/default
  1. Modify the file to include the following settings:
server {
    listen 80;
    server_name your_domain_or_IP;
    root /var/www/html;

    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}
  1. Save and exit the file, then test the Nginx configuration:
sudo nginx -t
  1. Reload Nginx to apply the changes:
sudo systemctl reload nginx

Step 6: Test PHP

Create a test PHP file to ensure everything is working:

sudo nano /var/www/html/info.php

Add the following content:

<?php
phpinfo();
?>

Save and exit the file. Visit http://your_server_ip/info.php in your web browser. If PHP is correctly configured, you will see a PHP information page.

Step 7: Secure Your Setup

  1. Remove the PHP Info File: Once you confirm PHP is working, delete the info.php file to prevent unauthorized access:
sudo rm /var/www/html/info.php
  1. Set Up a Firewall: Allow HTTP and HTTPS traffic while blocking unused ports:
sudo ufw allow 'Nginx Full'
sudo ufw enable
  1. Enable SSL: Secure your site with HTTPS using a tool like Letā€™s Encrypt:
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d your_domain

Follow the prompts to set up SSL certificates.

Conclusion

You now have a fully functional server running Nginx, PHP, and MySQL, ready to host your website or application. This stack provides a robust, secure, and efficient foundation for your web hosting needs. If youā€™re using Hosteonsā€™ VPS, you can take advantage of their reliable performance and support to ensure your setup runs smoothly.

How to Set Up WireGuard VPN on a VPS: A Step-by-Step Tutorial

Leave a Comment on How to Set Up WireGuard VPN on a VPS: A Step-by-Step Tutorial

WireGuard is a modern, lightweight VPN protocol that provides a high level of security and performance. Its simplicity, speed, and efficiency make it an excellent choice for setting up a private VPN on a VPS. This guide will walk you through the steps to set up WireGuard on your VPS, ensuring you have a secure and private connection.

Prerequisites

Before starting, ensure you have the following:

  1. A VPS: Choose a reliable VPS provider like Hosteons with a Linux operating system (e.g., Ubuntu or Debian).
  2. Basic Linux Knowledge: Familiarity with command-line operations.
  3. Root Access: Administrative privileges on your VPS.

Step 1: Update Your VPS

Start by updating your VPS to ensure all packages are up-to-date.

sudo apt update && sudo apt upgrade -y

Step 2: Install WireGuard

WireGuard is included in most modern Linux distributions. To install it, use the following commands:

sudo apt install wireguard -y

If youā€™re using a different distribution, check the WireGuard documentation for specific installation instructions.

Step 3: Generate Keys

WireGuard uses public and private key pairs for encryption. Generate these keys as follows:

wg genkey | tee privatekey | wg pubkey > publickey
  • privatekey: Your private key (keep this secure and never share it).
  • publickey: Your public key (used to configure the client).

Step 4: Configure WireGuard

Create a configuration file for WireGuard on your VPS:

sudo nano /etc/wireguard/wg0.conf

Add the following content to the file:

[Interface]
PrivateKey = YOUR_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
SaveConfig = true

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32

Replace:

  • YOUR_PRIVATE_KEY with the private key generated earlier.
  • CLIENT_PUBLIC_KEY with the public key from your client device.

Step 5: Enable IP Forwarding

Enable IP forwarding to allow traffic to pass through your VPS:

sudo sysctl -w net.ipv4.ip_forward=1

To make this change permanent, edit the sysctl configuration file:

sudo nano /etc/sysctl.conf

Uncomment or add the following line:

net.ipv4.ip_forward=1

Step 6: Start and Enable WireGuard

Start the WireGuard service and enable it to run at boot:

sudo systemctl start [email&nbsp;protected]
sudo systemctl enable [email&nbsp;protected]

Step 7: Configure the Client

On your client device (e.g., laptop or smartphone), install WireGuard and create a configuration file. For example:

[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/24

[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = YOUR_VPS_IP:51820
AllowedIPs = 0.0.0.0/0

Replace:

  • CLIENT_PRIVATE_KEY with the clientā€™s private key.
  • SERVER_PUBLIC_KEY with your VPSā€™s public key.
  • YOUR_VPS_IP with the public IP address of your VPS.

Step 8: Test the Connection

Activate the VPN on your client and test the connection:

  1. Start the VPN:
   sudo wg-quick up wg0
  1. Verify the connection on the server:
   sudo wg

You should see details of the connected peer.

Optional: Add a Firewall Rule

To enhance security, configure your firewall to only allow WireGuard traffic:

sudo ufw allow 51820/udp
sudo ufw enable

Conclusion

Setting up WireGuard on a VPS is a straightforward process that provides a secure, high-performance VPN solution. With your own private VPN, you gain control over your data and privacy without relying on third-party commercial VPN services. Hosteons offers affordable and reliable VPS solutions to get you started with your WireGuard VPN today!

Automating SMTP Port Management Across VPS Nodes: A Step-by-Step Guide for Virtualizor based KVM VPS Nodes

Leave a Comment on Automating SMTP Port Management Across VPS Nodes: A Step-by-Step Guide for Virtualizor based KVM VPS Nodes

If you manage multiple VPS nodes and offer SMTP services selectively to clients, automating the management of IP sets can save significant effort. In this guide, we’ll walk through how we automated the synchronization of SMTP-enabled IPs across over 100 VPS nodes.

This tutorial has been tested and is fully operational on Virtualizor-based KVM VPS nodes. The script is configured to run at 1-hour intervals by default, but you can adjust the interval depending on your requirements and available resources. It can be set up on a separate server, on the same server as WHMCS, or another VPS. If using the WHMCS server, ensure it is properly secured, as this script has access to all your servers.

Prerequisites

  1. Python 3.x installed on your system.
  2. Required Python libraries:
   pip install paramiko pandas
  1. WHMCS with VPS product configurations.
  2. SSH access to all VPS nodes and the WHMCS server.
  3. ipset installed and configured on each VPS node.
  4. Proper iptables rules set up on all VPS nodes (detailed below).

Required iptables and ipset Configuration on VPS Nodes

To manage SMTP access effectively, you need the following iptables and ipset rules configured on all VPS nodes. These rules must also persist across reboots:

modprobe br_netfilter
ipset create allowed_ips hash:ip
iptables -F
iptables -P FORWARD DROP
iptables -I FORWARD -m set --match-set allowed_ips src -o viifbr0 -p tcp --dport 25 -j ACCEPT
iptables -I FORWARD -m set --match-set allowed_ips dst -o viifbr0 -p tcp --dport 25 -j ACCEPT

iptables -A FORWARD -o viifbr0 -p tcp --dport 25 -j REJECT
iptables -A FORWARD -o viifbr0 -j ACCEPT
service iptables save

These rules ensure that SMTP traffic is blocked by default unless explicitly allowed via ipset. Ensure the rules are applied on every reboot of the VPS nodes.

Overview of the Solution

  1. Fetch VPS Configuration from WHMCS: Retrieve a JSON file listing VPS configurations, including SMTP-enabled status and associated IPs.
  2. Process Data: Parse the JSON file to extract primary and additional IPs for SMTP-enabled VPSs.
  3. Sync IP Sets Across Nodes: Use ipset to update allowed IPs for SMTP on each node. This includes adding or removing IPs as needed.
  4. Parallel Execution: Speed up the process by handling multiple nodes concurrently with Python threading.

Implementation

1. Create the Excel File for Node Information

The Python script uses an Excel file to identify the SSH IPs and ports of all VPS nodes. Create an Excel file in the following format:

IP AddressSSH Port
192.168.1.10022
192.168.1.1012222

Save this file as securecrt_servers.xlsx and ensure it is accessible to the script.

2. Fetch VPS Data from WHMCS

Add a hook in WHMCS to export VPS data:

File: /path/to/whmcs/includes/hooks/export_vps_data.php

<?php

use Illuminate\Database\Capsule\Manager as Capsule;

add_hook('AfterCronJob', 100, function($vars) {
    $logFile = __DIR__ . '/export_hook_debug.log';
    $filePath = __DIR__ . '/vps_data.json';

    try {
        $vpsData = Capsule::table('tblhosting')
            ->join('tblproducts', 'tblhosting.packageid', '=', 'tblproducts.id')
            ->join('tblclients', 'tblhosting.userid', '=', 'tblclients.id')
            ->leftJoin('tblhostingconfigoptions', 'tblhosting.id', '=', 'tblhostingconfigoptions.relid')
            ->leftJoin('tblproductconfigoptions', 'tblhostingconfigoptions.configid', '=', 'tblproductconfigoptions.id')
            ->select(
                'tblclients.firstname',
                'tblclients.lastname',
                'tblhosting.dedicatedip',
                'tblhosting.assignedips',
                'tblhosting.domain',
                'tblproducts.name as productname',
                'tblproductconfigoptions.optionname',
                'tblhostingconfigoptions.optionid'
            )
            ->where('tblproducts.type', 'server')
            ->where('tblhosting.domainstatus', 'Active')
            ->get();

        $formattedData = [];
        foreach ($vpsData as $vps) {
            $smtp_enabled = false;
            if (stripos($vps->optionname ?? '', 'SMTP Access') !== false && $vps->optionid > 0) {
                $smtp_enabled = true;
            }

            $formattedData[] = [
                'client_name' => $vps->firstname . ' ' . $vps->lastname,
                'primary_ip' => $vps->dedicatedip,
                'additional_ips' => $vps->assignedips,
                'domain' => $vps->domain,
                'product_name' => $vps->productname,
                'smtp_enabled' => $smtp_enabled,
            ];
        }

        file_put_contents($filePath, json_encode($formattedData, JSON_PRETTY_PRINT));
    } catch (Exception $e) {
        file_put_contents($logFile, "Error: " . $e->getMessage() . PHP_EOL, FILE_APPEND);
    }
});

3. Configure SMTP Access Using WHMCS Configurable Options

To enable or disable SMTP for a VPS:

  1. Set Up a Configurable Option:
  • Go to WHMCS Admin > Products/Services > Configurable Options.
  • Create an option named SMTP Access with values such as Enabled and Disabled.
  1. Client Self-Management (Optional):
  • If you want clients to manage this option while ordering or upgrading, associate the configurable option with the product.
  1. Manual Control:
  • To keep SMTP access manual, hide the configurable option from clients and enable or disable it directly in the admin panel.

Note: Changes to SMTP access will take effect within the interval configured for the sync script (default: 1 hour).

4. Automate Syncing with Python

File: /path/to/script/smtp_sync.py

import requests
import subprocess
import paramiko
import ipaddress
import os
import pandas as pd
import re
import json
from concurrent.futures import ThreadPoolExecutor

DEBUG = True

NODES_FILE_PATH = '/path/to/securecrt_servers.xlsx'
nodes_df = pd.read_excel(NODES_FILE_PATH)
NODES = [
    {"host": row["IP Address"], "port": row["SSH Port"]}
    for _, row in nodes_df.iterrows()
]

IPSET_NAME = "allowed_ips"
ERROR_LOG_FILE = "node_errors.log"
WHMCS_SERVER = {
    "host": "whmcs-server-ip",
    "user": "your-whmcs-user",
    "port": 22,
    "key_path": os.path.expanduser("~/.ssh/id_rsa")
}
REMOTE_VPS_FILE = "/path/to/whmcs/hooks/vps_data.json"
LOCAL_VPS_FILE = "/tmp/vps_data.json"

# Define functions for fetching, processing, and syncing IPs
# See the complete script in the provided implementation.

Cron Job Setup

Run the Python script every hour by adding it to your crontab:

crontab -e

Add the following line:

0 * * * * /usr/bin/python3 /path/to/script/smtp_sync.py >> /var/log/smtp_sync.log 2>&1

Benefits of the Solution

  1. Automated Management: No manual updates to IP sets are required.
  2. Scalability: Handles hundreds of nodes efficiently using multithreading.
  3. Reliability: Synchronization ensures consistent SMTP access control across all nodes.

Troubleshooting Common VPS Issues: A Beginner’s Guide

Leave a Comment on Troubleshooting Common VPS Issues: A Beginner’s Guide

Virtual Private Servers (VPS) are essential for hosting websites, running applications, and managing online businesses. However, even the best VPS environments can face occasional issues. This beginner’s guide covers the most common VPS problems and how to troubleshoot them effectively.

1. VPS Not Responding or Inaccessible

Symptoms:

  • Website or application is down.
  • Unable to connect via SSH or control panel.

Troubleshooting Steps:

  • Check Server Status: Use your hosting provider’s control panel to check if the VPS is running.
  • Ping Test: Use ping <server_ip> from your local terminal to test connectivity.
  • Restart VPS: Reboot the VPS from the control panel.

Possible Causes:

  • High resource usage (CPU, RAM).
  • Misconfigured firewall settings.
  • Network issues at the provider’s end.

2. Slow Website or Application Performance

Symptoms:

  • Slow page loads.
  • Delayed responses from hosted applications.

Troubleshooting Steps:

  • Check Resource Usage: Use top or htop commands via SSH.
  • Check Disk Space: Run df -h to ensure your VPS isnā€™t running out of space.
  • Optimize Web Server: Use caching, compression (Gzip), and database optimization.

Possible Causes:

  • Insufficient server resources.
  • Outdated software or scripts.
  • Malware or malicious traffic.

3. Website Not Loading (But Server Is Running)

Symptoms:

  • Website shows a 500, 403, or 404 error.
  • Connection errors in the browser.

Troubleshooting Steps:

  • Check Web Server Logs: Use tail -f /var/log/nginx/access.log or apache2/access.log.
  • Verify DNS Settings: Ensure DNS records point correctly to your VPS IP.
  • Check File Permissions: Ensure correct file ownership and permissions.

Possible Causes:

  • Web server misconfiguration.
  • Incorrect DNS or expired domain.
  • Recent changes in the applicationā€™s code or settings.

4. Unable to Send or Receive Emails

Symptoms:

  • Emails are not sent or received.
  • Emails are marked as spam.

Troubleshooting Steps:

  • Check Mail Server Logs: tail -f /var/log/mail.log (Postfix/Exim).
  • Verify Port Blocking: Ensure SMTP ports (25, 465, 587) are not blocked by firewalls.
  • SPF/DKIM Records: Verify DNS records like SPF, DKIM, and DMARC.

Possible Causes:

  • Incorrect mail server configuration.
  • Blocked email ports.
  • IP blacklisting due to spam activity.

5. Security Breaches or Unauthorized Access

Symptoms:

  • Suspicious logins or processes.
  • Unfamiliar files in the system.

Troubleshooting Steps:

  • Check Login History: Use last and who commands.
  • Inspect Running Processes: Use ps aux to find suspicious processes.
  • Check Firewall Rules: Review iptables or any installed security plugins.
  • Change Passwords: Reset SSH and application passwords immediately.

Possible Causes:

  • Weak passwords or outdated software.
  • Lack of firewall or security tools.
  • Vulnerabilities in hosted applications.

6. VPS Boot Failure

Symptoms:

  • VPS doesnā€™t boot after a restart.
  • Kernel panic or boot-related error messages.

Troubleshooting Steps:

  • Check Console Logs: Use the VPS providerā€™s control panel console for boot logs.
  • Boot in Rescue Mode: Use rescue mode for troubleshooting.
  • Reinstall OS (If Needed): As a last resort, reinstall the operating system.

Possible Causes:

  • Corrupted OS files.
  • Misconfigured bootloader or kernel.
  • Hardware issues on the providerā€™s side.

Conclusion

Managing a VPS doesnā€™t have to be overwhelming. With these troubleshooting tips, beginners can resolve most common VPS issues quickly and efficiently. If you still face problems, Hosteons’ 24×7 support team is here to help you with reliable and expert assistance.

Need VPS Hosting? Check out Hosteons.com for powerful and budget-friendly VPS solutions with free backups, multiple global locations, and top-tier server performance!