I have had two VPS Ubuntu servers compromised by SYN flood DoS attacks.
The server environment is a Node.js server running on port: 3000, which I start using pm2 daemon as root user.
I also have LAMP (Apache web server, PHP, MySQL and phpMyAdmin) running on the same VPS (on the default port: 80) MySQL and phpMyAdmin which are all secured.
My question, is it safe to run my node server script on port: 3000 via pm2 as the root user? I have read on multiple websites its safe unless its running on port: 80. - Obviously the node server scripts are not accessible by the web server folder (sits outside).
I have also read its unsafe to run "node server.js" while logged in as the root user. It would be safer to setup a "safe user" (that asks for the password). > source(1) or do this > source(2).
Anyone have any tips how to lockdown Node.js?
My NodeJS server is still getting hacked!! after locking down the pm2 user by using a "safe user" by not running node as root user.
So I started looking around for other ways these pest's are getting in. I came across authentication methods for Node Client/Server communication. Here's a easy way to query the server with a unique key/code. If the server does not receive the correct key/code in the query parameter it refuses the connection of the client.
Client Side:
var socket = io("http://127.0.0.1:3000/", { query: "foo=bar" });
Server Side:
io.use(function(socket, next){
console.log("Query: ", socket.handshake.query);
if (socket.handshake.query.foo == "bar") {
return next();
}
next(new Error('Authentication error'));
});
So far so good.. will report back if it doesn't work.