Hello,
I am on a managed VPS. I am alone on my VPS and hosting only my own websites. I sell nothing, so no need SSL.
My config:
CENTOS 5.10 i686 virtuozzo – 32 bits
WHM 11.40.1
Apache 2.2.26
php 5.3.28
CSF/LFD 6.39, Mod_security enabled via Easy_Apache v3.22.25.
- SSH disabled via WHM, I never use it.
- WHM/Pure FTPD disabled (I re-install it via WHM/FTP Server Selection only when I need it).
- WHM Host Access Control assigned to my home IP only.
- SSH 22 port renamed but removed in CSF Firewall Configuration/Incoming/outcoming TCP ports list
I don't want upgrade/update my server right now to keep the compatibility with my old scripts. Mod_security is installed only with the basics rules. In fact, these rules stop almost nothing. The elementary transversal path http://www.domain/ it not stopping.
I am not familiar with Mod_Security & rules. I don't know if my server is secure right now. But I think I need a set of effectives rules for Mod_Security.
My options are after much reading:
1) Buy the ASL Rules (only the rules package) at $99/year and install it by myself with no automatic update.
2) Buy the ASL + Rules at $199/year with an automatic install & update.
3) Buy the $125 Service Package at ConfigServer with the free ASL rules installed but if it require updated rules in the future, I will need to pay ASL for them.
4) Downgrade to Apache 1.4 & PHP 5.2.17 custom Cpanel product. Mod_securiy 1.95 work fine in this config with a lot of customs rules. Unfortunately, it is not possible to use ModSecurity 1.95 with PHP 5.3.28.
Correct me if I am wrong in my understanding. I need some guidance.
Another question:
If I buy a package and I secure my own VPS. Is this another VPS, non-secure without effective rules on the same host server may compromise my VPS?
The best solution in this case would be a dedicated server?
Other alternatives ?
Regards
I am on a managed VPS. I am alone on my VPS and hosting only my own websites. I sell nothing, so no need SSL.
My config:
CENTOS 5.10 i686 virtuozzo – 32 bits
WHM 11.40.1
Apache 2.2.26
php 5.3.28
CSF/LFD 6.39, Mod_security enabled via Easy_Apache v3.22.25.
- SSH disabled via WHM, I never use it.
- WHM/Pure FTPD disabled (I re-install it via WHM/FTP Server Selection only when I need it).
- WHM Host Access Control assigned to my home IP only.
- SSH 22 port renamed but removed in CSF Firewall Configuration/Incoming/outcoming TCP ports list
I don't want upgrade/update my server right now to keep the compatibility with my old scripts. Mod_security is installed only with the basics rules. In fact, these rules stop almost nothing. The elementary transversal path http://www.domain/ it not stopping.
I am not familiar with Mod_Security & rules. I don't know if my server is secure right now. But I think I need a set of effectives rules for Mod_Security.
My options are after much reading:
1) Buy the ASL Rules (only the rules package) at $99/year and install it by myself with no automatic update.
2) Buy the ASL + Rules at $199/year with an automatic install & update.
3) Buy the $125 Service Package at ConfigServer with the free ASL rules installed but if it require updated rules in the future, I will need to pay ASL for them.
4) Downgrade to Apache 1.4 & PHP 5.2.17 custom Cpanel product. Mod_securiy 1.95 work fine in this config with a lot of customs rules. Unfortunately, it is not possible to use ModSecurity 1.95 with PHP 5.3.28.
Correct me if I am wrong in my understanding. I need some guidance.
Another question:
If I buy a package and I secure my own VPS. Is this another VPS, non-secure without effective rules on the same host server may compromise my VPS?
The best solution in this case would be a dedicated server?
Other alternatives ?
Regards
Last edited:
