Cloud Hosting

How to Install and Configure Fail2ban on CentOS

Jason Mazzota February 1, 2016 by under Cloud Hosting 0 Comments
Verified and Tested 4/28/16


Fail2ban is a great, wonderful service that is primarily used to stop brute forcers from accessing your system. It’s simple to install and configure and works great at deterring your basic attackers away.

Installing and configuring Fail2Ban on CentOS

We will be performing steps below as the root user. You will just need to sudo if you are using another user. For all editing of configuration files, we will be using vi. However, you can use whichever editor you are comfortable with. This installation is performed on a clean CentOS 6.5 64bit Cloud server.

Now unfortunately, fail2ban is not included in the base CentOS repo. We will need to add it so we can install it. Luckily that can be done with a simple command:

x86_64 (64bit)

rpm -Uvh

i386 (32bit)

rpm -Uvh

Once done simply run:

yum install fail2ban

It will prompt you for a yes or no for the installation. Simply hit ‘y’ on your keyboard for yes and hit enter. Fail2ban will install and we’re getting started.

Now we have to apply some configuration. The best practice when changing configuration files like this, is to always copy out the original to a backup. In this case, you can leave the original alone as fail2ban does work with a duplicate .local file also named jail. To do this, simply run:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Once you’ve made that .local file, it’s time to edit it with your editor.

vi /etc/fail2ban/jail.local

Now as you’ll see when editing the file, there are A LOT of sections for you to “play” with and adjust. You will want to navigate to where the JAILS section begins. Here we are going to make a [ssh-iptables] jail with the information below. The main aspects we’ll focus on are the ignoreip, bantime, findtime, maxretry, action, and logpath.

maxretry = 5
enabled = true
filter =sshd
action = iptables[name=SSH, port=ssh,protocol=tcp]
        sendmail-whois[name=SSH,[email protected],[email protected],sendername="Fail2ban"]
logpath = /var/log/secure
ssh-iptables Jail

ssh-iptables Jail

In the picture above, you will find the ignoreip. This is pretty important as you can tell fail2ban to IGNORE your IP address. This will prevent you from ever locking yourself out of your server by fail2ban. We highly recommend you add your IP address to this field. To add it, all you need to do is add a space after the and put your IP.

Next you will find the bantime. As it sounds, this is how long a host is banned when triggered for banning. This is set by the number of seconds that you want that IP address blocked from your system. We recommend that if you are gunning for someone to be blocked, you set this to a high number. The default is 10 minutes. Adding a 0 will make it 6000 seconds or 100 minutes (just over an hour and a half.) That’s a good start.

The next section below that is the findtime. As it states, this is the span of time fail2ban will look at for failed attempts. The default setting here of 10 minutes is acceptable. This means fail2ban will analyze the attempts every 10 minutes and make a decision based on what it found.

Under the findtime section, you will find the maxretry. As it sounds, this is how many times you’ll allow a failure to log in within the findtime before the origin IP gets added to the ban for what you have set the bantime to be. 3 is a great number here to really catch someone attempting to get in.

Now we’ll get to enabled. This value can be either true or false. By default every Jail in fail2ban is set to false (if it’s not listed, it’s false.) To enable our jail, we will have to set this to true.

The next section we’ll look at is for action. In the “action =” section you’ll see:

iptables[name=SSH, port=ssh, protocol=tcp]

If you have not changed your SSH port, this is fine. If you have configured a custom SSH port like described in the Changing your SSH Port In CentOS article, you will want to change the port= section. For example, using a custom SSH port of 9922:

iptables[name=SSH, port=9922, protocol=tcp]

Finally we have the logpath. This will tell fail2ban what log to read for it’s decision making.


Now once you have changed this configuration to your liking, all you need to do is save the changes you did and exit the file. Once out, simply restart the fail2ban service to activate it. You may also want to run a ‘chkconfig on’ on the service to ensure it runs at boot time.

service fail2ban restart
chkconfig fail2ban on

In the future, when adding new services onto the a server (like FTP, email, etc.) make sure you check your fail2ban configuration!

Thank you for reading this article, please check out our other related articles below.

Why Redis Has Become So Popular (Hint: It’s Fast & Open Source)

Sam Guiliano January 25, 2016 by under Cloud Hosting 0 Comments

Why is Redis becoming such a popular key-value data store? Here is a look at the many reasons it’s succeeding.

  • Basic Strengths of Redis
  • Built for Speed & Languages
  • The Crowd Says Yes
  • In-Memory Processing for Media
  • Leaderboard Delivery
  • Redis-Ready Cloud Servers

Basic Strengths of Redis

Redis is a data structure server. As a key-value data store, Redis is similar to Memcached, although it has two major advantages over that option: support of additional datatypes and persistence.

Those two features may not immediately appear “major,” but they really do set this ecosystem apart. Persistence allows you to treat Redis as a legitimate database rather than an unstable and temporary cache. If you reboot, Memcached information is lost; but Redis data remains.

Read More

What is the cPanel TSR-2016-0001 Announcement?

Atlantic.Net NOC January 21, 2016 by under Cloud Hosting 0 Comments


On January 18th, 2016, cPanel announced a patch to address security concerns with cPanel and WHM (TSR-2016-0001).  This patch addresses 20 vulnerabilities in cPanel & WHM cloud hosting software versions 11.54, 11.52, 11.50, and 11.48.

cPanel has rated these updates as having CVSSv2 scores ranging from 2.1 to 10.0.  Security level definitions can be located here.

At this time, additional information regarding the security vulnerabilities has not been made available.  This information is currently set to be released on January 25th, 2016.  You can check the cPanel Announcement page here for updates.

So what does this mean?

cPanel is suggesting that all cPanel/WHM servers that are not set to automatically update perform manual updates to the policies.  This will fix the vulnerabilities before they become an issue.

The Fix for the cPanel TSR-2016-0001 Announcement

Start by logging into your WHM management page.  In the options on the left, almost all the way at the bottom is a section named “cPanel” and under that section is “Upgrade to Latest Version”.  By clicking on Upgrade… option, it will take you to a page allowing our to “Click to Upgrade.”


After clicking on the blue “Click to Upgrade” button, an installation window will appear and run.  This may take a few minutes, but be assured that the process is running.  Once this is completed, the completion bar will state 100%, and the text box will turn green.  This means all your cPanel accounts have been updated to the current version and are safe from the potential vulnerabilities.


How to: FTP Uploads with Python

Wolfram Donat January 18, 2016 by under Cloud Hosting 0 Comments


In another article on using ftplib in Python, we talked about using Python’s ftplib library to connect to an FTP server and download both binary and text files to our local machine. In this segment, I’ll introduce several new concepts, including uploading text and binary files, error handling, and common directory commands using the same imported library.


It is difficult to experiment with many of these calls with a server that you don’t own–most FTP servers will not allow anonymous logins. Assuming you do not have access to a web-based FTP server, your best bet is to install a server on your local machine (see “Installing an FTP server“) and test your code using localhost as the target server.

FTP Uploads

As with downloads, you’ll need to specify whether a file you wish to upload to a server is a text file or a binary file since each uses a different method. You can upload text files using the storlines() method and binary files with the storbinary() method. A nice feature of these functions is that neither one requires you to write a separate function to handle reading the source file: storlines() calls the readline() method on each line in the file until it reads the last line, while storbinary() uses the read() method until there is no more data to read and upload.

Once you have access to an FTP server, open a text editor and enter the following Python script:

from ftplib import FTP  
ftp = FTP('_your_server_address_')  
ftp.login('_username_', '_password_')  
with open('', 'r') as f:  
    ftp.storbinary('STOR %s' % '', f)  

This should have the effect of copying from your local directory to the remote directory on your FTP server. Should you want to copy a text file instead, the script should look something like this:

from ftplib import FTP  
ftp = FTP('_your_server_address_')  
ftp.login('_username_', '_password_')  
with open('myfile.txt', 'r') as f:  
    ftp.storlines('STOR %s' % 'remotefile.txt', f)  


Working with Directories

Like any good FTP client, the ftplib library supports file deletion, renaming, moving, and even directory creation and deletion. These can be somewhat obscure calls since they’re not used very often, but they are very straightforward.

Like most library calls, you can experiment with these using an interactive Python prompt, rather than a complete, standalone script. To get a demonstration, connect to your FTP server:

>>> from ftplib import FTP  
>>> ftp = FTP('_your_server_address_')  
>>> ftp.login('_your_username_', '_your_password_')

Now you should be logged in, and you can experiment with some of the following library calls:

  • delete(_filename_) will delete a file from the server.
  • rename(_old filename_, _new filename_) will rename a file in the same directory, or move a file to a new directory, if you specify a new path in the second argument. For instance, rename ('spam.txt', 'eggs.txt') will rename the file spam.txt, but rename('spam.txt', 'new_directory/spam.txt') will move spam.txt into the new_directory within the present directory.
  • mkd(_directory_) will create a new directory.
  • rmd(_directory_) will attempt to remove a directory. Bear in mind that most FTP file servers require that a directory be empty (even of hidden files) before it can be deleted.

It is also possible to recursively “walk” through a directory, to go into all of the subdirectories and download (or print) all of the files you come across. Unfortunately, there is no elegant way to do this. The best way is to test whether each file you come across is a directory; if you can enter it, then you use the cwd(_directory name_) command to enter and test each file inside. You can use the nlist() command to return a list of all files in the current directory, and then try to enter each one.

We can probably best illustrate this behavior with a small script. In your text editor, enter the following:

# Thanks to _Foundations of Python Network Programming_  
# for the following code:  
import os  
import sys  
from ftplib import FTP  
def enter_dir(f, path):  
    original_dir = f.pwd()  
    print path  
    names = f.nlst()  
    for name in names:  
        enter_dir(f, path + '/' + name)  
f = FTP('')  
enter_dir(f, '/pub/linux/kernel/Historic/old-versions')  

This script recursively walks through the directories on the server, printing out all of the directory names it finds as it goes. If you’d like to test this code on your local server, simply substitute localhost for and your home directory for /pub/linux/kernel/Historic/old-versions and run the code again. You’d also need to update f.login() to include your username and password as well, most likely. As long as the FTP server is running on your local machine, you should get a listing of subdirectories in your home directory.

Error Handling With the FTP library

Like most Python libraries and modules, ftplib will raise an exception if an error occurs during processing. It has a list of its own errors (ftplib.error_reply, for instance, when an unexpected error is received from the server), and it also raises the standard socket.error and IOError. If you’re used to using try/except clauses, ftplib will be second nature to you. If you’d like to see what error is generated, the following template could prove useful:

except ftplib.all_errors, e:  
    errorcode_string = str(e)  
    print errorcode_string



I hope these short introductions to Python’s ftplib library have shown how useful it can be. There are plenty more method calls available, and I highly recommend you check out the online Python documentation. Thank you for reading! Be sure to check back for more updates, and to learn more about our affordable cloud hosting solutions.

How to Install Your Own FTP Server

Wolfram Donat January 18, 2016 by under Cloud Hosting 0 Comments


If you’re interested in learning about networking, or if you have files that you would like to share with the world at large, then at some point you’re probably going to want to get an FTP server running on a machine. There is a vast array of options for a server, depending on what operating system your server is running and how much work you want to put in to setting it up. Read on for instructions on how to get free FTP servers up and running quickly using Linux, Mac, or Windows. All of the software mentioned here is free; paid FTP server programs do exist, but almost anything you need to do with an FTP server can be done with an open-source program.


  • Ensure your firewall allows TCP traffic in on port 21 (if you are only using localhost to test an FTP server out, then this firewall requirement is unnecessary).


Running an FTP server on Linux

If you’re using a Linux machine, installing a free FTP daemon, vsftpd, is a very simple process.

On a Debian-based system (Ubuntu, Debian, etc.), in a terminal window, enter:

sudo apt-get install vsftpd

Enter ‘y’ to any necessary dependencies and allow the installation process to complete.

On a Red Hat/CentOS system, enter:

sudo yum install vsftpd

Enter ‘y’ to any necessary dependencies and allow the installation process to complete.

After the download and install process finishes, vsftpd starts, but its default settings do not allow uploads or directory editing. You’ll most likely want to allow this activity, particularly if you’re using the server to test your own code. To enable file editing and uploads, we need to enable them in the server configuration files. Open vsftpd.conf in a text editor.


sudo nano /etc/vsftpd.conf

CentOS/Red Hat:

sudo nano /etc/vsftpd/vsftpd.conf

Once inside, you will need change a couple of things. Below are the ones to change and why we will be changing them.


This will disable the ability for users to login anonymously


Since we disabled anonymous logins, we need to enable user logins that use the local authentication files.


This will enable users to make changes to the filesystem.


This will restrict users to have access only to their home directories.

After you make this change, save the file and quit. Then, restart the daemon:

sudo service vsftpd restart

To test your server, open a terminal window and enter

ftp localhost

You should be greeted with the ftp login (the username and password credentials will be same as your server credentials):

Connected to localhost.  
220 ProFTPD 1.3.4a Server (Debian) [::ffff:]  
Name (localhost:wolf): wolf  
331 Password required for wolf  
230 User wolf logged in  
Remote system type is UNIX  
Using binary mode to transfer files.  

You’ll now have an FTP server running on your local machine. If you allow it access to the Internet (by enabling port forwarding on your router or firewall) it can act as a normal FTP server. If you merely keep it running as a local service, you can use it to test code and connections.

Adding FTP User

Next, we have to create an FTP user. I will use the user “atlantic” in this example but you can use any username. To add a user, run the following command.

adduser atlantic

Enter a password for the user and fill the rest out if you would like. You can also press enter through the rest.

You must provide root ownership to the users home directory now.

chown root:root /home/atlantic

Next, for the user to be able to upload files, we need to create a directory under their home directory.

mkdir /home/atlantic/folder

Then provide the user this directory.

chown atlantic:atlantic /home/atlantic/folder

Now this user is set up to log in and upload files to their folder directory.

Running an FTP server on Mac

The Mac offers several options for running an FTP server. Probably the easiest option is to use the built-in server in OS X. It’s a bit hard to find in more recent versions of the OS, but it is still there and is fully functional.

To start it, open a terminal window on your Mac (Applications > Utilities > Terminal). Enter the following command to start the server:

sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist

That’s all there is to it! To make sure it worked, in your terminal window enter

ftp localhost

You should be greeted with the FTP login:

Trying ::1...  
Connected to localhost.  
220 ::1 FTP server (tnftpd 20100324+GSSAPI) ready.  
Name (localhost:wolframdonat):

You now have an FTP server running on your Mac! You can use your usual account name and password to access your files from another computer, or just test code you write.

Running an FTP server on Windows

By far the easiest program to use as an FTP server on a Windows machine is FileZilla. It’s free, and both a client and server option are available.

To get started, download the server from Filezilla’s site. Make sure you choose the correct option for your particular version of Windows and download the Installer Setup program from SourceForge. Double-click to start the installer, and accept all of the default options during the install:

  • Standard install
  • In the default location
  • Installed as a service that starts with Windows

When it’s finished installing, restart your computer, and the FileZilla server should start up automatically. The first time it starts, you’ll need to add a user (it doesn’t just recognize the user accounts on your computer.) From the ‘FileZilla Server’ window, click Edit > Users, and then add a user and password. You’ll also need to set a home directory for that user (the C:\ drive should be fine).

When you’ve created a user and password, you can test the setup. Start a command prompt, and in the terminal window, enter ftp localhost. You should see something like the following:

Connected to _your computer name_.  
220-FileZilla Server 0.9.54 beta  
220-written by Tim Kosse ([email protected])  
220 Please visit  
User (_your computer name_:(none)):  

Enter the username and password here that you just created, and you should get an ftp prompt:

230 Logged on  

Congratulations! You now have an FTP server running on your Windows machine! You can use the user/password you just created to test any code you write, or you can log in from another computer using any FTP client. Remember that if you are accessing your machine from outside your network, you’ll need to set up port forwarding on your router or firewall.


Setting up an FTP server is not difficult. It’s a skill that comes in handy if you need to share files quickly and easily with other computers, either on your home network or the internet. See some of our other articles here, and check out all of our reliable cloud hosting solutions. Thanks for reading!

How Elon Musk Stole My Car

Marty January 14, 2016 by under Cloud Hosting 0 Comments

This was my personal experience with Tesla Motors. I’m a fan of what Tesla Motors is trying to accomplish and hope they get their issues worked out.


With a new baby on the way, I was in the market for a new vehicle.  I scheduled a test-drive with Tesla Motors (Tesla) in mid-November and was on the fence about purchasing a Tesla. I had some questions which I emailed my test-drive consultant, but didn’t receive any response and I wasn’t particularly in love with the car, so I let it go.

Read More

How to Install Nginx, MySQL, PHP (LEMP) stack On a Debian 8.3 Cloud Server Or VPS

Brendan Bonner January 13, 2016 by under Cloud Hosting 0 Comments
NGINX Car by Walker Cahall

NGINX Car by Walker Cahall

Verified and Tested 8/26/16


This how-to will show you how to install LEMP on a Debian 8.3 cloud server or VPS. LEMP is a web service stack that consists of a Linux operating system, NGINX, MySQL, and PHP. The main difference between LAMP and LEMP is that LAMP uses Apache and LEMP uses NGINX. LEMP has been gaining popularity within the last few years because it excels in speed and scalability.


A server with Debian 8.2 installed.  If you do not have a server,  please consider an SSD Cloud VPS server from Atlantic.Net

Installing LEMP on a Debian 8.3 Cloud Server Or VPS

First we want to make sure that your server is up to date by running the command:

apt-get update
apt-get upgrade

Note: Depending on your installation you may need to remove apache2. You can do that by running the commands:

apt-get remove apache2*

Followed by:

apt-get autoremove

Installing Nginx on Debian 8.3

To install Nginx use the command:

apt-get install nginx

When it asks “Do you want to continue? ”  Hit enter.

Start the Nginx service with the following command:

service nginx start

We can now test Nginx, by going to your hostname or IP address in your browsers address bar. If you do not know your IP address you can run the following command:


You should get a result similar to the image below.

An example of ifconfig that shows the IP address of

An example of ifconfig that shows the IP address of


In our example, is the IP address. So in our browser we would go to

You should see a web page that looks like the image below.

This is the default webpage when installing Nginx on Debian 8

This example is the default Nginx web page on Debian 8.3


Now that Nginx is installed, we can move on to installing MySQL.

Installing MySQL on Debian 8.3

Install MySQL with the command:

apt-get install mysql-server

When it asks “Do you want to continue?” hit enter.

Shortly after, a screen similar to the image below will appear.  You need enter a password for your MySQL root user. It should be a strong password.

Insert your own secure password for your new MySQL root passwod

Insert your secure password for your new MySQL root password


Hit enter to continue. Once you have hit enter, a new screen will appear prompting you to re-enter the password you just picked.

Re-enter your new root password.

Re-enter your new root MySQL password.


Now that MySQL is installed we need to do the MySQL secure installation by running the command:


Enter your MySQL root password. When it asks “Change the root password?” Type N followed by enter. The rest of the questions are up to you. For standard installations, you can hit enter for the defaults.

An example of the mysql_secure_install

An example of the mysql_secure_install


Now that MySQL is installed we can now install PHP.

Installing PHP on Debian 8.3

Install PHP with the following command:

apt-get install php5 php5-fpm php5-mysql

When it asks “Do you want to continue?” hit enter.

For Nginx to work with PHP correctly, we need to edit a Nginx configuration file. In this how to, we are going to place a simple Nginx config file.

First we need to moved the original to a new file name, run the command:

mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.old

Using a text editor of your choice, we are going to make a file called default in /etc/nginx/sites-available. For nano use the command:

nano /etc/nginx/sites-available/default

Copy the following into your text editor:

server {
        listen       80;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        location / {
                try_files $uri $uri/ =404;

        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
                root /var/www/html;

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;

In nano to exit and save, hit ctrl+x and type y and then enter.

We are now going to make a simple PHP page to test.

Using a text editor of your choice, we are going make a file called info.php in /var/www/html

nano /var/www/html/info.php

Copy the following into your text editor.


Since we made changes to the conf files, we need to restart Nginx, by running the command:

service nginx restart

In your browser, you can go to http://Your-Hostname/info.php or http://Your-IP-Address/info.php

You should see a web page similar to the one below.

An example of what your info.php file should look like

An example of what your info.php file should look like

Congratulations you have installed LEMP on Debian 8.3. Thank you for following this How-To! Check back for more updates, and take a look at our how-to Installing WordPress on Debian 8. Atlantic.Net offers expert technical support and  services like Managed Cloud Hosting and popular one-click install applications like cPanel Cloud Hosting.

Why Deis and what is it?

Adnan Raja January 12, 2016 by under Cloud Hosting 0 Comments

Do you want to join the era of open platform-as-a-service? Adopted by Mozilla among others, Deis is one option that combines the strengths of Docker and Chef.

  • Groundwork of Deis
  • DevOps & NoOps
  • Born from Docker
  • Decision to Transition to Chef
  • Hats Off to Heroku
  • Deis on the Rise
  • Commercial Support Now Available
  • Deis Hosting from Industry-Leading Cloud

Groundwork of Deis

If you are a developer, it’s nice to see all the different types of environments and tools that are becoming available to automate the implementation of apps and to manage infrastructural components. With the nuts and bolts handled, it’s becoming easier to really focus squarely on innovation.

One way to leverage new technologies to improve the lives of developers is via a platform as a service (PaaS). This form of cloud computing give them an ecosystem that creates a distinction between the program and the OS.

Read More

How to Install Apache, MySQL, PHP (LAMP) On Arch Linux

Jose Velazquez January 12, 2016 by under Cloud Hosting 0 Comments
LAMP - Lighting created by Walker Cahall

LAMP – Lighting  created by Walker Cahall

Verified and Tested 1/12/16


This how-to will help you with your LAMP installation in Arch Linux so that you can successfully run a high available solid platform for your web environment. LAMP is simply a software bundle that consists of 4 components that work together to form a powerful web server.  However, in this setup the acronym’s are as follows: Linux (L) is the core of the platform which will sustain the other components. Apache (A) is used for the web service. MySQL (M) is used for database management,  and PHP (P) is used as the programming language.


You need an Arch Linux server that is configured with a static IP address. If you do not have a server already, please consider our cheap and reliable Cloud Hosting plans and spin a new server up in under 30 seconds.

Install LAMP on Arch Linux

To get started, login to your Arch Linux server via SSH or through the VNC Console here. Atlantic.Net Cloud servers are setup as minimal installations in order to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Let’s make sure that your server is fully up-to-date.

sudo pacman -Syu

With the server up-to-date, we can continue the process and install LAMP on your server.

Install Apache on Arch Linux

We must first begin by installing Apache with the following command:

sudo pacman -S apache

Start the Apache service with the following command:

sudo systemctl start httpd

To edit the main Apache configuration file for one or many websites according to your preference, they are configured in the following directory:

sudo nano /etc/httpd/conf/httpd.conf

In order to verify and test the installation, create a test PHP file in the following directory with the command below:

sudo nano /srv/http/index.html

Insert the following HTML code in the empty file then save and exit:

<h2>You have just installed Apache on your Arch Linux Server</h2>

You can now verify that Apache is installed correctly by typing http:// and your IP address on your browser.

http://YOUR.IP.ADD.RESS (To get your servers IP Address type the following command:)

curl -s
This is the test page created to verify Apache was installed correctly in Arch Linux

This is the test page created to verify Apache was installed correctly in Arch Linux

Restart the Apache HTTP service so the changes can take effect on your system.

sudo systemctl restart httpd.service

Install MySQL on Arch Linux

We then would like to continue by installing MySQL. However, in Arch Linux MySql is replaced with MariaDB. So, after running the following MySql command hit enter to select 1 then Enter, then confirm your installation by tapping Enter.

sudo pacman -S mysql

After the install, you must run the following command to fully complete the installation.

mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

Make sure that the MySql/MariaDB service is on with the following command before proceeding:

sudo systemctl start


To ensure the security of the default settings of MySQL/MariaDB, continue with the command below:

sudo mysql_secure_installation

Note: When prompt with “Enter current password for root” hit enter for none then Y(Yes) to set MYSQL password. You will then be prompted with a series of questions. Simply type Y for yes on all of them, see the screen shot below:

This is the secure installation of screen when installing MySql on an Arch Linux LAMP Stack server

This is the secure installation of screen when installing MySql on an Arch Linux LAMP Stack server

Install PHP on Arch Linux

Finally, we will conclude the the LAMP Stack by installing PHP with the following command:

sudo pacman -S php php-apache

We must now add the correct PHP modules in the Apache Configuration file for PHP to function correctly. Using your test editor access the Apache configuration file with the following command:

sudo nano /etc/httpd/conf/httpd.conf

The following instructions are crucial and must be completed in the correct order. By default, the Apache configurations file uses the  module which dont work for this setup. Using the Ctrl+w locate the following line :

LoadModule mpm_event_module modules/

Having identified the line, replace it with the one below:

LoadModule mpm_prefork_module modules/

We must now add the module below the new code that we just added in the previous step.

LoadModule php5_module modules/

Were almost done with the configuration of PHP. Scroll to the bottom of the LoadModule list and add the following line:

Include conf/extra/php5_module.conf

Fantastic! You can now save the file and restart Apache so all your configuration take effect.

sudo systemctl restart httpd.service

In order to verify and test the installation, create a test PHP file in the following directory with the command below:

sudo nano /srv/http/info.php

Insert the following PHP code in the empty file then save and exit:


Restart the Apache HTTP service one last time so all the changes take effect.

sudo systemctl restart httpd.service

You can now verify that PHP is installed correctly by typing the following on your browser.

This is the default page after installing PHP on a LAMP Stack Arch Linux server

This is the default page after installing PHP on a LAMP Stack Arch Linux server

What Next?

Congratulations! You now have a LAMP Stack cloud server for your web environment. Thank you for following along and feel free to check back with us for further updates.

How to Lock Down Your CentOS Server with IPTables

Jason Mazzota January 11, 2016 by under Cloud Hosting 0 Comments
Verified and Tested 1/11/16


In this tutorial, we will be covering how to perform some basic IPTables changes that will greatly help secure your server. This is done on a fresh install of CentOS 6.5 64bit in our Atlantic.Net Cloud.

Locking down your CentOS server with IPTables

Using the built in CentOS IPTables is a great way to guarantee a secure cloud server, because it is already installed and running when the server is created. To verify this, you should just have to run the below to check the status of IPTables and it will print out its current rule sets.

service iptables status

If you are not running as the root, simply add a sudo to the front of that. We will be continuing this securing tutorial as if you are the root user.

To edit your IPTables, you would first need to go to its configuration file. In this example, we use vi however you can use whichever editor is your favorite.

vi /etc/sysconfig/iptables
Sample /etc/sysconfig/iptables

Sample /etc/sysconfig/iptables

You should get a page that looks like the above. The first thing we want to do is if you have a custom SSH port (you should if you have followed the Changing your SSH Port In CentOS (link) tutorial or have changed it yourself), change the line that states:

--dport 22

to be:

--dport yourcustomSSHport

Following our example in the custom SSH port tutorial above, the line should read:

-A INPUT -m state -state NEW -m tcp -p tcp --dport 3389 -j ACCEPT

If you don’t have a custom SSH port, you can ignore this but you should think about adding one! Next, we want to take the section that says:


and make it say:

:INPUT DROP [0:0] and :FORWARD DROP [0:0]

What this does is it tells IPTables to block and drop all traffic that is not going to ports you specify to allow through. This will stop people trying to break in using services that you have running unless you have opened those ports to the public.

And that’s it! Your server is now more secure simply by changing a few things in IPTables. To have the changes take effect, you will need to save and exit the file and then run:

service iptables restart

This will cause your new rules to go into effect immediately and they’ll remain through reboots. If you want to get more restrictive with your IPtables, specifically access to SSH, you can do the following for each IP address that should be allowed through. This involves editing the SSH rule and adding more. Where it states the SSH rule we identified earlier, you want to change it to be:

-A INPUT -s IPADDR –m tcp –p tcp  --dport 3389 –j ACCEPT

Where IPADDR is your IP address that you want to have SSH access to your server. If you did not set up a custom SSH port, you would want that to remain 22 and not 3389.

To allow specific ports through say for web access to your website, all you need to do is know/find the port the service runs on (or you configured it on) and it’s protocol (TCP or UDP) and allow it through. For example, website access:

-A INPUT -m tcp -p tcp --dport 80 -j ACCEPT

And now the Internet has access to the web hosting you are doing.

Keep in mind, when adding new rules to either INPUT or FORWARD sections, it is a great practice to keep the new rules lumped together with like rules. INPUTs with INPUTs and FORWARDs with FORWARDs. You will also want to make sure that any rules you add that allow a new port through are listed ABOVE any reject statements for that rule set. If they are listed after the reject lines, the rules will not take effect.

To see the output of what IPTables is doing and blocking with its rules, you can run the below. It will print out the rules you have and anything packet wise about dropping connections or allowing them through.

iptables -L -vn

To find out what all the IPTables segments mean and more information about them, please see our IPTables section (link).

Note *You can always access your server via our VNC viewer in the Cloud Portal if you lock yourself out*

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4