One place for hosting & domains

      Droplet

      How To Set Up an Ubuntu 20.04 Server on a DigitalOcean Droplet


      Introduction

      In this guide, you will create an Ubuntu 20.04 server through DigitalOcean’s administrative panel and configure it to work with your SSH keys. Once you have your server set up, you can use it to deploy apps and websites.

      This tutorial is part of the Introduction to the Cloud Curriculum, which guides users through all the steps of securely deploying an application to the cloud. If you are searching for general documentation on DigitalOcean Droplets, please visit our product documentation How to Create a Droplet from the DigitalOcean Control Panel.

      Prerequisites

      Before you begin this guide, you’ll need the following:

      • Some familiarity with the command line. If you’d like an introduction or refresher to the command line, you can visit our Linux Command Line Primer (coming soon).
      • SSH keys to enable a secure connection with your server. To set up SSH keys via the command line, you can follow our guide How to Set Up SSH Keys on Ubuntu 20.04.
      • A credit card or PayPal account to set up a DigitalOcean Droplet. Note that the smallest Droplet offering can be used for this tutorial, whose monthly subscription fee is available on our Pricing page. Users can cancel their Droplet service at any time.

      Note: Eligible students can sign up to receive $50 in free credits for Digital Ocean through the GitHub Student Developer Pack.

      Step 1 — Creating a DigitalOcean account

      To access the DigitalOcean Control Panel and create a Droplet, you need a DigitalOcean account. To create a new account, navigate to the DigitalOcean new account registration page. You can choose to register through email, Google, or GitHub.

      After you’ve confirmed your account, you will need to enter your credit card or Paypal information. This information is collected to verify identity and keep spammers out. You will not be charged until you choose a plan and confirm your subscription, which we will cover in Step 4. You may see a temporary pre-authorization charge to verify the card, which will be reversed within a week.

      Once your information has been accepted, you will be taken to a window that says “Registration Complete”. You are now ready to proceed to the next step.

      Step 2 — Setting Up Your Droplet

      In the previous step, you should have been taken to a window that says “Registration Complete” with a “Let’s make something” button. Click on the “Let’s make something” button. The next window will display buttons for different Droplet options. Click on the “Go to Control Panel” link at the bottom:

      Webpage displaying Droplet options

      Once you click on the “Go to Control Panel” link, you will be taken to the control panel:

      Digital Ocean Cloud Control Panel

      Navigate to the “Create” menu in the upper right corner and click “Droplets” to open the Droplet create page. If you don’t have any Droplets, the Resources tab displays a large, blue “Get Started with a Droplet” button, which takes you to the same Droplet create page.

      The Droplet create page is where you choose your Droplet’s configuration, like its operating system, how much memory it has, and which features (like backups or monitoring) to enable.

      In the next step, you will choose an image of the operating system to be installed on your Droplet.

      Step 3 — Choosing an Image

      An image is a copy of an operating system. To create a Droplet, users need to pick an image of an operating system to run their server. DigitalOcean offers five different Linux operating system distributions. As this tutorial is for setting up an Ubuntu 20.04, click on the option for Ubuntu 20.04 (LTS) x 64:

      Options of images for Droplets

      After selecting your operating system, you are ready to proceed to the next step.

      Step 4 — Choosing a Plan

      In the Choose a plan section, you can choose the amount of RAM, storage space, and CPU cores your Droplet will have. If you are following this tutorial for the Introduction to the Cloud Curriculum, the Basic $5 per month plan will work for the Curriculum’s hands-on tutorials and exercises.

      Click on the option for the Basic $5/mo plan:

      Choose a plan secton

      After selecting a plan, you are ready to proceed to the next step.

      Step 5 — Adding Block Storage (Optional)

      This option allows users to add block storage as independent volumes that can be moved from one Droplet to another within the same region. Block storage is useful when you need additional file storage space for your Droplet. If you are following this tutorial for the Introduction to the Cloud Curriculum, you do not need to add block storage. Leave this option unselected unless you want to add block storage.

      You are now ready to proceed to the next step.

      Step 6 — Choosing a Datacenter Region

      In the Choose a datacenter region section, select the region where you want to create your Droplet.

      A good default will be preselected for you, but for the best performance and minimal latency, choose the datacenter nearest to you and your users.

      Datacenter region selections

      Once you have selected your datacenter, you are ready to proceed to the next step.

      Step 7 — Selecting Additional Options

      In the Select additional options section, you can enable several optional services that add functionality to your Droplet:

      Select additional options

      The three features available in this section are free, so enabling them does not increase the Droplet’s monthly cost. They can be understood as follows:

      IPv6 enables IPv6 access for your Droplet. IPv6 is the most recent version of the Internet Protocol, which identifies computers on networks and routes traffic across the Internet. IPv6 addresses provide more address space than their IPv4 counterparts, and are part of an effort to sustain the growth and deployment of Internet-ready devices.

      User data is arbitrary data that you specify which is written to the user-data field of the DigitalOcean metadata service. To learn more about the purpose of user data, you can visit the User Data product documentation.

      Monitoring adds the DigitalOcean agent to collect extended metrics and create alert policies. To learn more about monitoring, you can visit the Monitoring product documentation.

      You can leave these options blank unless you’d like to enable them. Once you’ve selected your desired options, you are ready to proceed to the next step.

      Step 8 — Setting Up SSH Authentication

      In this section, you will set up SSH authentication for your Droplet, using the pair of SSH keys you created as one of the prerequisites for this tutorial. If you did not already create SSH keys, there will be an opportunity to create them in just a few moments.

      Click on the option to use SSH keys for authentication, which is more secure than a password. Then click on the “New SSH Key” button:

      Authentication section of Droplet set up

      A pop up window will appear prompting you to copy your public SSH key and paste it in the provided space:

      Pop-up window for SSH key

      Note: If you have not created SSH keys, follow the directions on the right side of the pop-up window to create the keys or follow our guide How to Set Up SSH Keys on Ubuntu 20.04.

      To copy your public key, run the following command in your terminal:

      Copy the output from your terminal and paste it into the space provided by the cloud panel pop-up window. Then give your key a name so you can select it later on. When you have finished, click “Add new SSH key”. You will then return to the cloud panel where you can make sure your new key is selected.

      When you have selected your new key, you are ready to proceed to the next step.

      Step 9 — Finalizing and Creating Droplet

      In this final section of the Droplet creation process, you have the option to:

      • Select the number of Droplets you wish to create. If you are following this tutorial as part of the Introduction to the Cloud Curriculum, you need to only create one Droplet. Otherwise, select your desired amount of Droplets.
      • Name the Droplet. You can use the automatically-generated name or create your own name.
      • Add tags to help organize your Droplets. You can leave this option blank if you wish.
      • Assign your Droplet to a project to help with organization. A default folder will be created and selected here. You can create new folders later if you wish.
      • Add backups. This option enables a system-level backup of your Droplet to help prevent data loss. Note that choosing this option adds $1 to your cost per month. Choose this option if you wish.

      Finalizing and Creating Droplet <br>
section

      When you are finished making your choices, click “Create Droplet.” You will then be taken to a page showing a progress bar for the Droplet creation process. When the Droplet is ready, its IP address will be displayed:

      Droplet page

      You will use this IP address to securely connect with the Droplet through your terminal. Copy the IP address and then run the following command in your terminal to securely connect with your Droplet via SSH as a root user.

      The terminal will then display a message like this:

      Output

      The authenticity of host '167.172.146.33 (167.172.146.33)' can't be established. ECDSA key fingerprint is SHA256:+Mx4ID5k4N8H7R24y+APZAoTe69hmAh9qMawyf/Lq9U. Are you sure you want to continue connecting (yes/no/[fingerprint])?

      Type yes. If you chose a passphrase when setting up SSH, you will be prompted to enter it here. If everything is working, you will then be logged into your Droplet as a root user. Note that it is strongly recommended to create a new user with lesser privileges for day-to-day use of your Droplet to avoid making irreparable changes. To create a new user, you can follow our Initial Server Setup guide, which is the next tutorial in the Introduction to the Cloud Curriculum.

      Conclusion

      In this tutorial, you have set up an Ubuntu 20.04 server on a Droplet and enabled SSH access. To learn more about what you can do with this Droplet, you can visit our Introduction to the Cloud Curriculum.

      If you wish to delete your Droplet, you can visit our product documentation on How To Destroy a Droplet. To cancel your account, please follow the instructions on our Account Cancellation page.



      Source link

      How a DigitalOcean Droplet is Made – the Journey From UI to Bare Metal


      Video

      About the Talk

      Are you curious about what happens when you decide to create a Droplet? From our external interfaces, through our product stack, into the datacenter, and eventually down to the bare metal, you’ll learn exactly what happens to take that API request to a Droplet you can reach via SSH. If you have an interest in microservices, networking, systems, and navigating a rapidly growing technological stack, you’ll get insight of what it’s like to operate infrastructure at scale.

      What You’ll Learn

      • How DigitalOcean efficiently and reliably places workloads to address scaling, resilience, reliability, and efficiency concerns.

      Resources

      About the Presenter

      Neal Shrader is a Staff Engineer and Network Software Architect at DigitalOcean. He has been with the company since its formation in 2011, and has helped support its growth from a few folks in Brooklyn to a 500+ distributed global company. Primarily focused on the network, he’s brought numerous initiatives to release such as VPC, Cloud Firewall, and Floating IP. He’s also an avid runner, and a father to a seven-year-old son, Lucas.



      Source link

      How to Troubleshoot and Fix a Brute-Force Attack in WordPress on a DigitalOcean Droplet


      Introduction

      While running a WordPress installation through a hosting service can be a convenient way to start a website, it’s not without security vulnerabilities that may sometimes be hard to troubleshoot. Brute-force attacks, cyberattacks that rapidly work to guess and access personal information like logins or passwords, happen when these vulnerabilities are exploited, and can sometimes originate from your website.

      When facing brute-force attacks from your Droplets on DigitalOcean, it’s imperative to remove the threat quickly. While there are a number of ways to identify and remove compromised files vulnerable to attack, this tutorial aims to provide you with some steps to help you detect, resolve, and secure your WordPress installation(s) across DigitalOcean Droplets from vulnerabilities in the future.

      Step 1: Identify the Source of the Brute-Force Attack

      The first step in troubleshooting an issue with a brute-force attack initiated from your Droplet is to identify the malware responsible for the malicious traffic. There are numerous tools and options available, but ClamAV ( http://www.clamav.net/ ) is a good tool to initially attempt to identify and remove the malware.

      Most Linux distributions have ClamAV in their package management system, and typically you’ll need to install ClamAV and then run it.

      • For Ubuntu, Debian, and most Debian-based distributions, you can run:
      • sudo apt-get install clamav clamav-daemon
      • For CentOS 8 you need to enable the EPEL ( https://fedoraproject.org/wiki/EPEL ) repo, which is an official repository of packages supported by the Fedora project, and then install ClamAV.

      You can do so with a single command:

      • dnf --enablerepo=epel -y install clamav clamav-update

      Once ClamAV is installed, you can scan your system with:

      • clamscan --infected --recursive /path/to/wordpress/sites

      Replace the highlighted path with the correct path for your WordPress site. The --recursive parameter will make sure that the command is configured to recurse through subdirectories, and the path we used in this example points to the root folder where all WordPress installations are located. This way, with a single command you can scan all your WordPress sites. ClamAV will then return a list of all files it finds suspicious, but will not take any action yet. After investigating which files ClamAV detected as suspicious and confirming they can be safely removed without causing further damage to your system, you might want to re-run the command with the --remove option to remove the infected files.

      Note:
      --remove will delete any files it finds suspicious with no input from you, so it is NOT RECOMMENDED to run with --remove as your first scan until you can confirm the results.

      In cases where ClamAV does not find any malware, you will need to manually investigate and find the malware. While there are several ways to do this, a good starting point is to find and identify any recently uploaded files, based on the file’s timestamp information.

      To do this, use the ‘find’ command:

      • find /path/to/wordpress/site -mtime -DAYS

      To use this command, replace the /path/to/wordpress/site with the file path to your WordPress site, and -DAYS with how many days to go back. For example, if you wanted to look back 1 day, it would be -1; to look back 10 days, it would be -10.

      Take time to investigate any files that were uploaded or modified that you’re unaware of.

      Step 2: Update your WordPress Installation

      After identifying the malware, the next step to preventing malicious attacks from reoccurring is to update your WordPress installation. It’s wise to patch WordPress and any themes or plugins installed, to ensure that, if the compromise was in a plugin or theme’s install directory, you have removed and reinstalled that plugin or theme. You may be able to remove all malicious files, but in most cases, a clean installation of a compromised component is preferred.

      You can perform these updates from within WordPress’ administration UI in most cases, which doesn’t require the use of any additional tools. WordPress also offers an automatic update option that you’re encouraged to enable in order to reduce the time your websites might be vulnerable to newly discovered security issues.

      Another helpful piece of advice in preventing malicious attacks is to update all components, even the ones that are marked as inactive. In some situations, even disabled plugins and themes may be accessible and able to be compromised if not kept updated. If you’re sure you don’t need a theme or plugin, the best course of action would be to remove it in its entirety.

      In some cases, a theme or plugin may be abandoned by the author, and while you have the most recent version installed, the plugin or theme may have an issue that has not been fixed. In this case, you may need to consider other options for substituting the abandoned component that is currently updated, but was still the source of a compromise.

      Step 3: Secure Your WordPress Installation Against Malicious Attacks

      Once you have both removed any malicious files and ensured all components are updated, it’s time to secure your WordPress installation. The next step we recommend is to change all passwords for users that have access to the administration UI, especially those that have full admin rights, or the ability to upload or modify file contents.

      Checking your filesystem permissions if you’re not aware of the current configuration is also an important step in securing your WordPress installation, as the wrong permissions can allow file read and write access you didn’t intend. WordPress provides a good outline of what the settings should be and how to update them here.

      As a step in securing your Droplet’s installation, you can also install a plugin to limit the amount of failed login attempts, which dramatically reduces the risk of brute force attacks. The wp-limit-login-attempts plugin is a popular option to use.

      Finally, consider using a WordPress security plugin like Jetpack or Wordfence. These plugins help actively combat intrusion attempts and provide a final layer of security to ensure that your site is only used for what you intend.

      An alternative to using a server-side plugin like Jetpack or Wordfence would be to investigate if Cloudflare’s caching and Web Application Firewall (WAF) service might be a good fit for your specific use case. To learn more about this option, check out CloudFlare’s documentation.

      Conclusion

      Navigating troubleshooting options when brute-force attacks originate from your Droplets can be cumbersome, but in this tutorial, we shared some steps to help you detect, resolve, and secure your WordPress installation(s) across Droplets. For more security-related information to help manage Droplets, check out our Recommended Security Measures article.



      Source link