Configure SFTP access to your Ubuntu server through SSH

Sometimes you have to give your users a way to manage files on your server. A typical scenario is a web server where your users manage their websites by themselves.

The classical approach in this scenario was to use FTP to give file management capabilities to your users, but it has many drawbacks:

  1. You have to provision and maintain a new service on your server;
  2. FTP is an annoying protocol from a firewall configuration point of view;
  3. FTP is not encrypted by default, and you have to put some effort to configure an FTP server which is protected from sniffing.

If you are a lazy sysadmin like me you’ll prefer to use a service you already have, which is encrypted by default and do not require a special firewall configuration other than the port 22 you are already using.

ssh to the rescue!Read More »

How to protect your Joomla instance from brute force attacks with Fail2ban

If you administer at least one Joomla instance you’ll be subject to brute force attacks before or after. Fail2ban is a very nice service written in Python which periodically scans your log files looking for signs of brute force attacks and perform some actions when an attack is discovered. The most common actions is to ban the attacker IP at firewall level and send an email to the server administrator.

Fail2ban comes bundled with filters for many common services (ssh, apache authentication, etc.), but it lacks a built-in Joomla integration. Anyway it’s easy to add a Joomla filter to Fail2ban, here I explain how to do it.

Read More »