Is Quickbox secure?


#1

I was just wondering if Quickbox is a secure solution, My currently script uses things such as fail2ban but I dont see that in the list for quickbox. Thanks!


#2

QuickBox is as secure as possible within the guidelines of how we make it. We never parse data over HTTP that could potentially contribute to a system being compromised in and of itself. To that means it is very secure.

Additional to this we do include fail2ban, however, this doesn’t need to be listed as it is not a feature of QuickBox, therefore… why list it?

We’ve taken things a bit further and additionally block UDP Port 1900 to avoid (SSDP) DDoS attacks as the port being open to the internet is generally unwise. Fail2Ban can be seen as an install-able solution within this block function on the installer:

function _depends() {
  if [[ $DISTRO == Debian ]]; then
    yes '' | apt-get install --force-yes fail2ban

and also

elif [[ $DISTRO == Ubuntu ]]; then
    apt-get -y -f --allow-unauthenticated install build-essential debian-archive-keyring fail2ban

These again are referenced within the function _depends

To add another user-friendly lair of security, you may opt to install CSF as well. Simply run the command installpackage-csf will begin the installation process. This will additionally install sendmail to alert you to any potential breaches etc that may happen on your system, as well as blocks on IP that occur over time from bad bots hitting unavailable and available ports.

CSF will in a future iteration be included as an install-able package from the dashboard, however at this time… it is more of a security easter-egg.

Our Web Console is reverse proxied to show the console username.console as an https link rather than exposing ports to the web. We have @RXWatcher to thank for suggesting that this be patched and used.

On top of all this I would say it is a very secure solution. As developers we care about our members of QuickBox, their systems and we also have a stellar #beta-squad who are always making reports and aiding us in patching up anything that may appear. Then there is you! If you run into anything, we always make time to provide a fix and do so with the utmost respect to you and yours. We may be free in what we offer, but you do spend money on the thing you install us on… that is important.

Hopefully this helps you find some resolve… and please do not hesitate to present anymore questions or concerns. There’s always someone lurking about. :slight_smile:


#3

Sir, you never fail to impress me.