Have you ever experience bandwidth usage spike alert? monthly bandwidth usage exceeded?
On of the reason is maybe your node is under DDOS or hacker attack.
You can check login attempts by command: journalctl -u ssh
. If you see a long list, then you may want to consider to increase your node security.
Although there is basically nothing to be stole from your node, it is always a good practice to make your node more secure. This will save your monthly bandwidth as well so you do not need to pay more for your VPS.
I would like to share my practices in making my nodes more secure. This may sound over-protected, but, why not.
-
Login with SSH key only
-
Prohibit root login with password
sed --in-place 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
-
Change default SSH Port to other numbers (default = 22)
sshport="<your new sshport>" sed --in-place "s/#Port 22.*/Port "$sshport"/g" /etc/ssh/sshd_config
-
Activate Firewall
This action is included if you use installation tool ALLinONE-nknode from no112358
However you need to change firewall to allow your new SSH port and disable the default one.ufw allow "$sshport" ufw delete allow 22 ufw reload
-
Install Fail2ban
#Install fail2ban apt-get update && apt-get upgrade apt install fail2ban -y
-
Install unattended-upgrades (auto-upgrade) for security packages. I choose weekly because I dont want to interrupt mining too often.
#Install unattended-upgrades apt install unattended-upgrades #Change upgrade schedule to weekly cat > /etc/apt/apt.conf.d/20auto-upgrades <<EOF APT::Periodic::Update-Package-Lists "7"; APT::Periodic::Unattended-Upgrade "7"; APT::Periodic::Download-Upgradeable-Package "7"; APT::Periodic::AutocleanInterval "7"; EOF #Test unattended-upgrades --dry-run --debug
If you want to try these out, please make sure you don’t lock yourself out!!
Always try to login before you close your working terminal after you change the setting.
Please share with me if you have suggestion to increase security.
Here is my NKN-commercial installation script if you want to have a look.
Good luck and Happy Mining.