General discussion : VPS hacked

A place to discuss anything.
User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Thu Jul 30, 2020 3:04 pm

Am thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).

If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.

Parking money on a dormant market might also help, as they wouldn't know how to find the account.

Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.

User avatar
ShaunWhite
Posts: 5969
Joined: Sat Sep 03, 2016 3:42 am

Thu Jul 30, 2020 3:17 pm

megarain wrote:
Thu Jul 30, 2020 3:04 pm
Am thinking how to limit the damage a hacker could do if they got into your VPS and it was logged into Bet Angel (running overnight Bots etc).

If u turn on confirm bets or limit exposure, it would help but might affect how bots would run.

Parking money on a dormant market might also help, as they wouldn't know how to find the account.

Mabe its over-stressing, but have had 3 VPS accounts hacked in 2 yrs.
Losing the Admin account will help cos they have to guess the userID and the password, not just a brute force attack on the password. And setting the #invalid attempts to 5 before it locks out for 30mins is a massive help too. Really slows down any attack.

But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Thu Jul 30, 2020 3:27 pm

But as an extra layer of security maybe BA should have a locked mode when you leave it doing it's thing?....with a password to unlock it....with optional 2 stage authentication as belt and braces.
That would be v useful.

firlandsfarm
Posts: 1018
Joined: Sat May 03, 2014 8:20 am

Fri Jul 31, 2020 7:58 am

It's good practice even with your PC to only use the Admin account when you want to make administrative changes then log out and log back in as a Standard user.

Vovsen
Posts: 56
Joined: Sat Nov 03, 2018 4:50 pm

Fri Jul 31, 2020 5:07 pm

ShaunWhite wrote:
Wed Jul 29, 2020 10:45 pm
megarain wrote:
Wed Jul 29, 2020 8:40 pm
I also created a new user name, but it says its not authorized for remote login.

How do u fix that ?

Thx
I've not looked at this for a year or more but this is/was my checklist. I think #6 might point to the place you'd enable/disable it?

Screenshot_4.png
Managed to lock myself out doing this, should have tested the user first before rebooting like you said in the previous post :D

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Fri Jul 31, 2020 5:34 pm

Yeah .. its tough.

A lot of forum members have computer skills at a v high level, and assume others can follow instructions.

I am waiting for the post Euler promised, or will also resort to trying myself, and no doubt stuffing it up.

You have my sympathies.

User avatar
Euler
Posts: 19448
Joined: Wed Nov 10, 2010 1:39 pm
Location: Bet Angel HQ
Contact:

Fri Jul 31, 2020 7:37 pm

I'll get it up shortly, just have a lot on my plate.

User avatar
Dublin_Flyer
Posts: 450
Joined: Sat Feb 11, 2012 10:39 am

Fri Jul 31, 2020 7:55 pm

ShaunWhite wrote:
Thu Jul 30, 2020 2:08 pm
That would work. Although I always set up a 2nd user and then disable Admin. That's incase I have a problem and want to look at what the default settings were.

The defaults have to be set to something and Admin is just what it is. All VPSs are the same. It's like phone passwords being 0000.
Ah man I remember way before the whole News of The World voicemail hacking was public, we'd sit in the pub on a sunday, pick someone we didn't like and call their voicemail directly, enter the 0000 and change their voicemail greeting.

"Hi it's Helen, I can't answer right now, I'm busy with 3 guys and a llama behind the bike sheds at the community centre. You can join in too if you bring a bag of chips for me, see ya soon!"

Early 20's = easily entertained!

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Sat Aug 01, 2020 4:54 am

Ok, I got this : ( I think - I am just guessing, but had to do something)

Here are a mass of photos : I will add text as we go.

At every step, I recommend u take pictures of what u are changing. And write down in a secure place, everything u change.

So, when u get a VPS from Bet Angel, it comes with a default setting as Administrator.

This is apparently pretty unsecure, so we are gonna create a new account name, with Admin privaledges, and rename the existing Administrator to something esle, in this case Freddy the Fox

DONT delete the administrator account, or you will lose all your settings and probably cause a mountain of grief.

In Pic 1, u can see 2 accounts : PokerStars which I created as a test, and the Administrator.

Click User Accounts
user accounts 1.jpg

To create a new account, u click add a user account.
Add a user 2.jpg
I will name the new account 'Secure Username' and enter your password, which windows requires u to be pretty secure
Add a user 3.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by megarain on Sat Aug 01, 2020 6:54 am, edited 9 times in total.

User avatar
megarain
Posts: 1322
Joined: Thu May 16, 2013 1:26 pm
Location: skype : megarain.co.uk@gmail.com
Contact:

Sat Aug 01, 2020 4:55 am

secure user name 4.jpg
change user name privaledges 5.jpg
So now we have a new user account, called 'Secure Username' but it has local privaledges. We need to change them to Admin privaledges.

So we click on the account, and select change account type.
make changes to username privaledges 6.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by megarain on Sat Aug 01, 2020 5:15 am, edited 4 times in total.

Post Reply

Return to “General discussion”

  • Information
  • Who is online

    Users browsing this forum: No registered users and 1 guest