Get a VPS Provider Account!

There are a lot of VPS provider out there like Vultr, Digital Ocean, AWS and many others. But my personal favorite is DigitalOcean. DigitalOcean is a platform for developer by developer.

Now you have to go ahead to create an account on the digital ocean and I will provide you $10 credit for free which is enough for 2 months.

Just go to sagarbansal.com/vps this will redirect you to DigitalOcean with my referral link which will give you $10 joining bonus.

Now enter your details and click on create an account and it will ask you to confirm your email

Now confirm your email and then it will ask you for your billing information you can choose credit or debit card or PayPal. Your card will not be charged until you exhaust your referral credit.

Now after that enter your credit/debit card detail and click OK, after verifying your details it will redirect you to the dashboard.

 

Setup your VPS

After you landed on the dashboard click on create and then choose to create a droplet.

Now after clicking on create a droplet, it will ask you for some of the basic information like which OS you want for your droplet. Now there are a couple of OS from which you can choose from like Ubuntu, FreeBSD, Fedora, Debian, CentOS

Now, the control panel we are going supports CentOS, RHEL, Debian, Ubuntu

So we are going to use Ubuntu for our droplet, the version of Ubuntu will be 16.04.3 and with 64bit.

after that, it will ask you to choose the size for your droplet.
I will choose a 2GB RAM VPS which will cost me $10/p.m. and you can also choose a $5/pm version which will be enough for you if you have around 5K visitors per day.

Now after this it will ask you to choose the data center location. Now, this is the location where your server is going to exists. I will choose London here because most of my traffic comes from there.

There is some additional option as well like private networking backups, monitoring etc.

I will choose backup as it will backup my whole server every week, If you enable backups it will add 20% to monthly droplet cost.

there is an option of adding SSH key as well but being an ethical hacker, I will tell you the Reality. If your password is strong enough, it will take someone years or may be decades to crack the password.

Now it will ask you for the host name, I will suggest you add the same hostname as your domain name ( however it can be anything but still a correct hostname will help you to get emails in inbox easily )

To get a domain name you can go to any website like GoDaddy, Bigrock, and if you want a free domain name you can go to freenom.com which will give you free domain name for 1 year

Changing name server

Now we have to change the name server for our domain phmcsecurities.org to DigitalOcean now the name server you have to use are ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com

Actually you can do it in another way like – change the dns to ns1.yourdomain and ns2.yourdomain and create child name servers to point to your server IP, but i think this method is much better

After changing the name servers go to intodns.com/yourdomain to check whether the changes have been effective or not. It will take about 24 hours for the changes to be effective till then you can follow next lectures…

SSH in your Server

“There are many ways to SSH in your Server…”

  1. Digital Ocean Console : click on the server then go to access and then click on launch console.


It will open an interface or a pop up which will ask you to log in. Now check your email there may be an email from Digital Ocean which have the IP address, username, and the password. Enter all the information in the pop-up and then it will force you to change the password.

2. Linux/MAC: you can access your droplet from the terminal by typing
ssh root@ip and after this, it will ask you to enter your login information.  Now both MAC and Linux have the CLI interface which makes it easy to access the droplet on these

3. Windows: to access the droplet on windows you have to do some efforts like downloading the putty, you can download this software by going to putty.org

Now after downloading as soon as you open the putty, there will be a field which is asking for IP address

You can also change some of the appearance settings and behavior of putty by going to the appearance setting.

Now enter your server IP address in the IP address field and then choose the ssh from the radio buttons and click on open after that it will open a command line interface which will ask for the username and password, enter your username and password and press enter and you will be logged in. if you want to paste your password just copy the password, go to putty and press right click and it will be pasted

Installing Vesta CP

Now we will install Vesta CP on our droplet. There are a couple of reasons while we choose Vesta CP first of all it requires only 512Mb of RAM. So it will work fine on a $5 droplet.

Go to vestacp.com/install

Connect your server using SSH and run this curl command which is mentioned there.

The command is curl -O http://vestacp.com/pub/vst-install.sh  it will download bash script on your server. Now run the bash script by typing this command in the terminal.

bash vst-install.sh –force

Now it will start the process of installing the Vesta CP with couple of software’s. The software that are going to install are

  • Nginx Web Server
  • Apache Web Server (as backend)
  • Blind DNS Server
  • EXIM Mail Server + AntiVirus AntiSpam
  • Dovecot POP3/IMAP Server
  • MySQL Database Server
  • Vsftpd FTP Server
  • Softaculous Plugin
  • Iptables firewall + fail2ban

Press y it will ask some basic information like admin email address, enter the genuine email and then it will ask for the hostname, enter your hostname without entering www or HTTP

Now it will download packages and it will unpacks them to install, if you encounter any minor issue then it will fix it automatically, so sit back and relax and it will take about 5 to 10 minutes to install all the packages,

after the installation is completed it will show you the username and password and the place where you can login, copy the information and then go to http://your-ip:8083

It will throw an error of connection not secure. Just click on advance and click on add exception and you will be able to browse the website.

Now as soon as login change your login password and add name servers as ns1.yourdomain and ns2. yourdomain

Configuring Name Servers

Now, we will configure our domain name to point to our server, for this go to Digital Ocean and click on more which is on the right of the server or droplet. And click on add a domain.

Now, at the domain page type your domain name in the domain field and click on add domain, a domain will be added to your droplet and then it will ask you to configure the DNS records for the domain

Now you can browse your Vesta CP panel with the domain name, in my scenario my domain name is phmcsecurities.org just go to phmcsecurities.org:8083 and you can access your Vesta CP with the domain name.

First of all, we have to add A records in the DNS to create an A records click on the + button on the left.

Now in the record field enter ns1 and in the IP or value field enter the IP of your droplet. Configure another record with ns2 and * (asterisk) value by following the same procedure.

After that again list all DNS records and edit the nameservers and add the name servers as ns1.phmcsecurities.org and ns2.phmcsecurities.org after all this click on DNS again and this time we have to edit the SOA record, just click on edit

Enter the record and value of SOA as ns1.phmcsecurities.org

If you are using Digital Ocean Name Server’s in your Domain Name – then Follow these Additional Steps, otherwise Skip too next section

After creating the records in Vesta CP we have to create the same records in the droplet in which we have added the domain name. First of all, we have to configure the A records

Click on A record and in the hostname value enter the asterisk (*) and in the will direct to field, select your domain. Now create all the other A records like for ns1 or ns2 with the same procedure.

After that, we have to configure the TXT records, for this click on TXT record field and then copy the value from Vesta CP of the same record and paste it in the DigitalOcean. After that, we have to add another TXT record as well just follow the same procedure and add all other TXT record as well.

Now after that, we have to create a TXT record for DMARC follow the same procedure to add this as well.

After that, we have to add the MX records for our domain which are responsible for emails, click on the MX record in the DigitalOcean and then add the MX record with the priority value of 10. The value for the hostname will be ‘@’ and the value of mail provider will be mail.phmcsecurities.org, click on create records and the records will be created.

After that, we have to add some A records for IMAP and for POP as well. Click on A record in the DigitalOcean and then add them as well do the same procedures with SMTP, mail, FTP and www records as well.

Now let’s take a brief introduction that why these records are used

DNS record is a database record with maps the URL to an IP address. DNS records are stored in DNS servers and worked to help the user connect their websites to the outside world.

SPF: an SPF record is a sender policy framework record which is used to indicate the mail exchange with hosts is authorized to send email for a domain.

DMARC: DMARC is designed to fit into an organization existing inbound email authentication process. The way it works is to help email receivers determine if the purported message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the non-aligned messages.

SSL on your Domain Name

SSL: Secure Socket Layer is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and the browser remains encrypted.

An SSL certificate is necessary to create SSL connection. You would need to give all details about the identity of your website and your company as and when you choose to activate SSL on your web server. Two cryptographic keys are created – a private key and a public key.

To activate or enable SSL on domain name first you have to add a www record to the web server.

We have already defined how you can create records on the web server. Go ahead and add a www A record on the web server. Now there will be two A records which map to your servers IP address one for phmcsecurities.org and other is www.phmcsecurities.org

If you are following the Second Model – i.e. by using Child Name Servder’s then add this www record in the Vesta CP itself from the DNS tab

Now go to your Vesta CP control panel click on web and then click on edit

When you scroll down you will find a checkbox for SSL support, click on this. Now there are two options whether you can use, your own SSL certificate by pasting the private and public keys for the SSL certificate or you can use let’s Encrypt support for SSL certificate.

As soon as you click on let’s Encrypt support and click on save it will generate an SSL certificate for your domain, sometimes while saving you may encounter some errors, don’t panic just repeat the process again and then you will be successful in getting an SSL certificate for your domain.

Now visit https://yourdomain and you will see that the connection is on https.

but If you try to visit a login panel of Vesta CP you will see that it still throws an exception.

This Guide will be Completed Soon
Contributes are Invited at support@sagarbansal.com

SSL on your Login Panel

Now we will enable the https on the login panel. For this, we will connect to our server and then we will run some commands.

To enable SSL on login you have to connect through SSH to your server.

Open the terminal and then type ssh root@ip it will prompt you for the password, enter the correct password.

This is not the Official Way to SSH but I personally think it is the Best Way to do this!

After this we will run some commands in the terminal :

mv /usr/local/vesta/ssl/certificate.crt /usr/local/vesta/ssl/unusablecer.crt

In this command, we are renaming the certificate.crt file from the folders / usr/local/vesta/ssl/ with the name unusablecer.crt

After this we will run another command for the key file, the command is

mv /usr/local/vesta/ssl/certificate.key /usr/local/vesta/ssl/unusablecer.key

similarly we just renamed the key file as unusablecer.key

ln -s /home/admin/conf/web/ssl.yourdomain.com.crt /usr/local/vesta/ssl/certificate.crt

This command will create a hard link or a symbolic link (symlink) to an existing file which is basically the SSL Certificate of main domain which we got in previous section.

ln -s /home/admin/conf/web/ssl.yourdomain.com.key /usr/local/vesta/SSL/certificate.key

similarly we did it for the key file also

Now Change some Permissions and Ownership by Running these Commands :

chgrp mail /usr/local/vesta/ssl/certificate.crt

chmod 660 /usr/local/vesta/ssl/certificate.crt

chgrp mail /usr/local/vesta/ssl/certificate.key

chmod 660 /usr/local/vesta/ssl/certificate.key

service vesta restart

After that, if you try to visit https://yourdomain:8083 there will be no security exception and you will be redirected to a secure connection.

If you try to verify this remove the security exception you have added previously and then try to visit again, you will see that your connection is still SSL and there is no security exception.

This Guide will be Completed Soon
Contributes are Invited at support@sagarbansal.com

All about Databases

Database: A database is a collection of information that is organised so that it can be easily accessed, managed and updated.

Data is organised into rows, columns and tables, and it is indexed to make it easier to find relevant information. Data gets updated, expanded and deleted as new information is added. Databases process workloads to create and update themselves querying the data may contain and running application against it.

Computer databases typically contains aggregation of data records or file, such as sales transactions, product catalogues, inventories, and customer profiles.

Typically a database manger provides users with the ability to control read/write access, specify report generation and analyse usage. Some database offers atomicity, consistency, isolation, durability (ACID) compliance to guarantee that the data is consistent and the transactions are complete.

A database management system (DBMS) is a type of software that allows you to define, manipulate, retrieve and manage data stored within the database.

We will learn that how we can create databases and can access them

Go to your vesta control panel and then click on the DB.

Then it will ask you some of the basic information which is needed to create a database but in the dashboard, you can see that there is already a database with the name admin_default now click on the + icon to create another database

Do not try to delete the default database because it may create some causalities.

After clicking on the + icon some basic information is required to create a database like a database name, username, and the password. Since we are logged in with the admin account the prefix admin_ will be added automatically to the database name and username field values

I am creating a database with name main and the user will be sagar. Now you can see that after the fields it has automatically shown me the names with the prefix.

Now there is an option where I can select the type of database currently the database which is installed with this panel is mysql. You can also create some other databases like PostgreSQL as well. For this, you can read the documentation of vestacp on vestacp.com/docs

Now there is another field by which I can send the credential of this database on my email address. Just click on save and a new database will be created. Just head to the dashboard and see that the database admin_main is listed there.

If you want to access phpmyadmin, just go to yourdomain/phpmyadmin

you can login with the credential, you have created and you are ready to use the database

All about Emails

Vesta CP also provides you to create email addresses of your domain.
log in to your vestacp and then on the dashboard click on mail.

You can see there are no email accounts created for this domain.

Click on add account and you can create an email account by filling some basic information like username for the account.

I am choosing my username as sagar and an email will be created with sagar@phmcsecurities.org

you can choose a custom password or you can click on generate to generate a random password for your email account. Now, there is an option to send the login credential to an email address, you can see that some other information about IMAP hostname, IMAP port, IMAP security, SMTP hostname, SMTP port, SMTP security etc.

This information is valuable for those users who want to use their email address with the email applications which comes pre-installed on their Android devices.

There are some other options as well like how much quota you want to allocate for this particular email address.

you can also use aliases for this email ( they are like different names for a single email address ) for example, if I give an alias with admin then all the emails that will be directed to admin@phmcsecurities.org will be delivered to sagar@phmcsecurities.org

There is also an option by which you can enable email forwarding to other email address

As soon as you click on add, you will see that an email account has been created with the name sagar@phmcsecurities.org

After all, this if you want to access the email address you have created then you have to open yourdomain/webmail, this will open a page like this

Enter your email credential with the domain name as well and then you can access the email address you have created for testing purposes try to compose an email and send it to your email address and vice-versa. You will receive what the emails in your inbox.

make sure your server Time is correct otherwise Emails will go to Spam, you can correct that through Vesta CP > Server Tab

Forcing HTTPS on a Domain

If you visit phmcsecurities.org/webmail on HTTP then you can see that the website is not upgrading my connection to https. Now the webmail holds a lot of sensitive information like username and password.

To make sure that every time a user visits with an HTTP connection his connection should have to be upgraded to SSL or HTTPS we will install a nginx template on our server to force the https.

Go to vestacp.com and check the current version. Now click on docs and there you will find a resource which says how to force https/SSL on a domain

Now if you click on this you will see that it is saying to download and install a custom nginx template.

To install the template connect with SSH with your server. Open the terminal and type ssh root@yourip and it will ask for the password, enter the password of your server and press enter.

Now you have to run some commands on the server.

The first command is change directory.

cd /usr/local/vesta/data/templates/web

this will change your directory and now you will be doing all the work in the web directory.

Now we will use the wget command to download the template

wget http://c.vestacp.com/0.9.8/rhel/force-https/nginx.tar.gz

This will download a tar file of the nginx template in the folder web make sure the version of your vestacp is same as mentioned on vestacp.com

Now we have to unzip this file by using this command.

tar -xzvf nginx.tar.gz

This will extract some files in the web directory you can see these files in the image below:

Now optionally, we can delete the tar file from our server,  with this command.

rm -f nginx.tar.gz

After Doing all this work, there are two things which we have to do to force the SSL on our domain.

login to your vesta control panel > click on packages >  click on edit > and in the proxy template field choose the template force-https and click on save

After that we have to
click on web > choose your domain name >  click on editt > scroll down below > in the proxy support, you will find a proxy template > choose force-https > click on save.

Now open a private window and try to open http://yourdomain/webmail and you will see that your connection is automatically upgraded to SSL / https

FTP and SFTP

FTP: The file transfer protocol is a standard network protocol used to transfer computer files between a client and a server on a computer network.

FTP is built on a client-server model architecture and uses separate control and data connection between the client and the server. FTP user may authenticate themselves with a clear text sign-in the protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protests the username and password and encrypts the content FTP is often secured with SSL/TLS or replaced with SSH high transfer protocol.

FTP may run in an active or passive mode which determines how the data connection is established. In both cases, the client creates a TCP control connection from a random usually an unprivileged, port N to the FTP server command port 21.

In active mode, the client starts listening for an incoming connection from the server port M, it sends the FTP to command port M to inform the server on which port it is listening. The server then initiates a data channel to the client from its port 20, the FTP server data port.  

In situation the client is behind a firewall and unable to accept incoming TCP connection, passive mode may be used. In this mode, the client uses the control connection to send a PASV command to the server and then receives a server IP address and server port number from the server, which the client then uses to open a data connection from an arbitrary client port to the server IP address and server port received.

Now there are lots of FTP clients which we can use to communicate with our server but we will prefer FileZilla for this.

To download FileZilla go to https://filezilla-project.org/download.php it is available for Windows, MAC, and Linux.

After downloading login to your vestacp control panel to create an FTP account which we can use to communicate with our server.

On the dashboard click on web and then click on edit for which domain you want to add the FTP account, after that scroll down below and you will see a checkbox which says additional FTP, click on it and it will ask you for some information like username, password, and path. the admin_ prefix will be added to your username automatically.

I am choosing my username as sagar, so my actual username will be admin_sagar

Choose a password and then it will ask you to enter the path to which this user will have the access.

I am leaving the path blank

Now, you click on add more FTP account or just click on save changes and your changes will be saved. 

Now, you can open the FileZilla by just typing FileZilla in the terminal with root permissions.

There are four fields in the FileZilla

Hosts field requires you to enter the hostname for the domain name which have or on which you want to connect via FTP.

In the username field, it requires you to enter the username of your FTP account. In the password field, you have to enter the password and you can leave the port field blank and it automatically connects to port 21 if there is no port specified

As soon as the connection is successful it will retrieve the directory listing of the domain.

You can directly upload files to any of these directories which you have permission for. As I earlier said that the FTP protocol is not secure and your password will travel with clear text so it may be dangerous if anyone is doing MITM attack on our network he can intercept our passwords.

To encounter this there is another protocol which is known an SFTP

SFTP: it stands for SSH file transfer protocol or secure file transfer protocol is used to transfer the file over a secure channel.

After that terminate your previous connection by clicking on this X-sign

So we can connect to our server with STFP now remember you have to enable SFTP or SSH access in your control panel, after all this in the host field type the domain with sftp:// schema

So my domain will be sftp://phmcsecurities.org username will be root and the password will be the password for my SSH but in this case, we will define a port 22.

Sometimes you have to give your IP address instead of the domain with SFTP schema

As soon as you click on connect it will ask you to trust the key server is sending.

As soon as you click on yes, it will be added to your connection list and then the connection will be established

Now you are using SFTP!

This Guide will be Completed Soon
Contributes are Invited at support@sagarbansal.com

All About Clients

So, now we will learn that how we can use vestacp for other purposes like creating a client or selling hosting. You can also use vestacp to sell hosting and creating a client for this you have to create packages.

Packages: Packages are like plans let suppose you want to sell hosting and want to give different plans to the user like in one plan user can only add one domain but if they spend more they can add 3 to 5 domains with a higher price package.

To create packages for the client we have to click on the package menu in the top left corner.

After that, you will see that there is only one package with the name default, click on the + sign to create a new package

After that, you can see that it is asking for a bunch of information’s like package name, web template etc.

In the package name I will enter the package name client then it is asking for the web template, I will leave this as default.

In the proxy template, you can choose from many templates like force-https but I will leave this as default.

The DNS template will be default as well.

In the SSH access, you can choose to which directory you want to give the access to the client, I will choose nologin.

In the web domains, you have to enter how many domains you are allowing to add in this package you can also choose unlimited as well.

In the web aliases, you can choose how many aliases client can configure, I will enter 1.

In the DNS domain, I will choose 3.

In DNS records per domain, I will also choose unlimited.

In the mail domain, I will choose 3.

Now in mail accounts, the mail accounts are those accounts which client can use for sending emails from his domain, I will allow 9 mail accounts.

After that it will ask for databases, I will allow 6 databases.

Then it will ask for the cron jobs I will allow 10 cron jobs.

For backups, I will allow 3 backups.

And in the quota, the space for storing files I will allow 4gb or 4096mb In the bandwidth I will allow 10gb or 40960mb.

In the name servers, I will choose the name servers of our domain which is ns1.phmcsecurities.org and ns2. phmcsecurities.org and click on add.

now if you go to the dashboard again and click on user to add a user for this package it will ask you for the username and then he password, email and the package you want to assign to this client, choose your newly created package and then click on add, a user will be added and in the user dashboard you can see him.

Now if you click on login as {user you created} you will be logged in as a user.

After all this if you click on web then you can add a web domain as well. I will add a domain which is sagarbansal.com and as soon as you click on add you will see that a domain has been added and you can configure DNS records for that domain. There is already 14 DNS records which are added automatically but you can added then as well.

Now if you click on email you will see that you can also configures email addresses but since there is only 3 emails allowed you cannot add more than 3.

Similarly, there are some other things like databases, cron job, and backups as well. You can also change name servers and you can also force SSL on your domain.

Now, let’s head to check to whether we have access to the files of other domains.

This Guide will be Completed Soon
Contributes are Invited at support@sagarbansal.com

Orientation for Server Admins

Here we will talk about all other components of Vesta CP. This is a quick walkover of Vesta CP. This walkover is for that person who already knows how to manage a server.

The first one is a package where you can create packages for clients and can assign them. We have a separate module for this one as well.

We have the IP here which means the IP address of the server and if you want to add an IP address you can add that as well by clicking on the + button.

Then we have the graphs which contain the graph of your server loads, memory usage where you can see that the 2 GB ram is not more sufficient.

I Recomend to use Nginx + PhpFpm Model of Vesta which i will discuss later in this post, it allows me to run 17 High Traffic Sites on a 2 GB RAM Server

We have the bandwidth as well and nginx, Apache and many others and you can see them on weekly monthly and yearly basis.

then we have the statistics it is currently blank at this time because we don’t have another account for other users

Then we have the log which keeps a record of all the things which you do on your server, like if you added an FTP account or added a MySQL database etc

After this we have the updates where you can check for the updates

if there is an update it will be listed here

Then you have the firewall setting, if you want to open a port close a port you can do that from the firewall right here. You can see here some opens which are accepting connections like SSH and WEB. You can also create some rules by clicking on the + button

Then there is file manager which you can purchase as additional plugin from vestacp.com

Then there are apps which is Softlacious auto installer

after this we have the server tab where all the server configurations are listed like if you want to stop apache server you can stop that from here as well. You can also configure it and can restart it.

Now in the lower top bar, you have the user, the user is the personal profile of the user and it will show all the users in this. Admin can see all the users but customers can only manage their profile from here.

then we have the web where you can add a domain name by clicking on the + button. You can also limit the web to the clients and you can also add a subdomain from here as well.

then we have the DNS like if you want to create and manage your DNS server you can do that from here

at last we have the mail where we can manage the emails address for our domain name. And the DB for the database and Cron for the cron jobs and backup for the backups.

If you want to create a backup click on the + icon and you can create a backup from there.

Contributes are Invited at support@sagarbansal.com

Let me know what else you want me to add 🙂

Close Menu
Only Serious People Please!

Career Plan To Get $100K in Information Security

Where Shall I Send You This Plan?
SEND ME NOW!
No, Do Not Want To Make Any Career In It
This is Available For 24 Hours Only...

Ethical Hacking Training Only For Serious Students!

SEND ME NOW!
No, Do Not Want To Make Any Career In It

Premium Content Locked!

Enter Your Email Below to Unlock Your Exclusive Content
Get Instant Access
Exclusive & Confidiential To Your Eyes...

I Charge $3000 For Such Training But You Are Getting 24 Hours Pass!

SEND ME NOW!
No, Do Not Want To Make Any Career In It
%d bloggers like this: