A convenient way and secure enough to code in python language on Windows using a Virtual Private Server
VPS (Virtual Private Server) on Windows is nowadays a convenient use to code in Python if you don’t know Linux. Why a VPS? If you do not want to buy a computer, also if you want a speedy internet connection and no suden interruption of electrical power or forgot to save the work, with 20 $ a month you can have a VPS with a hosting provider.
Especially if you have some processing needs that might take longer than expected (I have some that takes more than 1 day), obviously to do it on laptop is not what you want. Even though a desktop placed at home that runs for more than 12 hours is exposed to suden interruptions when children go from a corner of the room to another, or the cleaning tasks might go over the wire … you know what I mean.
I have already a VPS (used on Windows Server 2012) since one year already and it works like a charm with python.
Note: please note that Windows Server 2008 will come to end of support in 2020, so you might want to choose some superior version of Windows Server .
Install and configure VPS
Access to the VPS is needed to be done using a VPN (Virtual Private Network) or other encrypted connection. In this short article I will go with VPN and I assume you have a hosting provider of VPS that offers VPN within its package.
Because on Windows, the RDP (Remote Desktop Protocol) is the standard to acces remotely a Windows computer, I have checked security of RDP and I am not in favor of it, without additional compensating security, i.e. VPN.
Only connect through VPN before to connect to VPS. THIS “before” IS A MUST. Otherwise, you will be exposed to hackers because Remote Desktop Protocol has flaws (see this link and this link in Romanian).
VPN is still good to go.
The next secure settings I have put in place for my VPS (after discussing also with one of my friends Adi Rusu – thank you Adi!). In my opinion, they are secure enough in my best reasonable judgement, based also on my experience of 12 years in IT field and having an engineering background, plus a CISA (Certified Information System Auditor) certification.
Please feel free to use them, but like anything in life do not take my word for free. Check for yourself and make your own judgement.
Therefore, use them at your own risk (DISCLAIMER: all these settings do not warrant you will be free from security incidents).
- Create a user that is not admin (username not JIM, nor JOE, nor ADMINPOWER, etc, but something random like “Tdte59&eg0Y7)df6”)
- Allocate only Remote Desktop rights to this new user. This is the only user that will be used for accessing the VPS
- Session 24h for this user only (to keep the work going on 24/7 and the scripts to avoid be stopped by ending of session)
- Create a second user with admin rights having random characters as a username (not ADMIN, nor ADMINISTRATOR, etc but something like “Rgdy6AGDTnr6el&5e” (or similar)). The longer the better.
- Passwords at least 16 characters (special, upper case and numbers) to all users. The longer the better.
- I saved these passwords (and also those long usernames) in a txt file on a memory stick that I attach to my laptop for small duration of time (like 30 seconds or so). I use that text file only when I go remote in order to access my VPS and want to connect. After I connect to VPS, the memory stick did its job and therefore I remove it. This makes my life easier (and hard to hackers). I will explain: convenient because I can use copy/paste from that memory stick when starting Remote Desktop Protocol to connect to VPS and do not need to remember such long and complex passwords. Hard for hackers: because (i) long passwords (ii) random usernames (hard to guess) avoiding usernames like ADMINISTRATOR for which they can do brute force attacks when do IP guessing and possibly find your IP (iii) my laptop is free of malware as it is configured as explained at last bullet, as to protect the credentials to access the VPS in two ways: no intruders allowed as no malware on the laptop and no credentials of VPS stored in my laptop anyway, but on a memory stick that is off line (in my pocket) (iv) and last, but not least: just in case a worst case scenario occur, i.e. say my laptop will get a malware (highly unlikely as I do not browse low quality sites and do not click sneaky attachments received to my email inbox), until the things go worst there are indicators that I am sensitive to, like slow processing, weird behaviour etc. So, I am confident will be able to notice in time and take appropriate actions (like stop using that laptop for accesing the virtual private server, disinfection, etc).
- Pay attention: do not use that memory stick on public computers! Use it only on your personal computer after you are sure it is safe (no malware or virus on it – see last bullet below on how to achieve that)
- Last step: the default ADMINISTRATOR account on Windows Server has to be deactivated (otherwise, if you do not configure properly the Windows Server, this account will be bombarded with brute force attacks from untraceable sources using Remote Desktop Protocol by hackers who might go random guessing your IP – I have searched the Event Viewer and saw those trials – so, deactivation of default admin account was the solution, as well as creation of another user account with admin rights having a random username – see fourth bullet point above)
- Needless to say, your laptop (or home desk computer) that you use to access your VPS needs Anti-Virus and Firewall (I would strongly recommend to go for a paid solution and avoid free antivirus software like Avast – because, for example, data from Avast antivirus users was sold to advertisers, who can then combine it with other data they have on your activities to track you in great detail – see this link). Plus regular – at least weekly – full scans (of your laptop, not VPS). Last but not least, use a normal user (no admin rights) when you browse the world wide web from laptop. Even though there are temptations to use a full power user account on Windows (when I want to install something on my laptop and avoid installing errors), I log on using a normal user account I created. Thus, I have Windows 10 with a user that has no admin rights that I use all the time. Each time I need to install something on my laptop, that new application requires admin password, so no harm, I have control over browsing, as well as I can install whatever I want. These settings avoid a malware from a website I browse from laptop – that I do not know if it is malware or not – to be installed in the background, because if it is something that really needs to be malicious, it will ask for admin credentials. Therefore, if there is something that pops-up requring admin password and I don’t know what it is, I deny it.
That would be all regarding VPS (no need for anti-virus, firewall for server as long as you are invisible to the world wide web). No web server (IIS, Apache, etc) needed. On the contrary, I would advise to uninstall them if they are installed by default. So, this way your VPS will be invisible to hackers. But take care to NEVER browse world-wide web from the server (why would you do that? as long as you have the laptop already and can browse from it – and RDP allows for sharing the clipboard, you can transfer that information using copy from the browser of your laptop and paste onto the server – over RDP).
Install Python on Windows
Go on the server (Windows Server on your VPS).
I use version 3.6.4 (and Windows Server 2012 is on 64 bits) since more than one year.
The next link is to be used for downloading Python 3.6.4 (from official python.org) – always install from official sites:
Now, about “pip”:
I would highly recommend to install a tool that will always be needed for your convenience, when you want to benefit from open-source libraries written in python that are abundant on internet.
The next option is to be chosen when installing Python:
That would be all.
Now you have all you need to start scripting in python on Windows.
Libraries (like for example free work of others that usually is comprised in modules), depending on what you need will be downloaded and installed easily using pip (the optional feature above).
Usually, these librariries are installed from the command line (Powershell is also a possibility, instead of classic – inherited from DOS – command line).
Thus, to use classic command line, type “cmd” at start and right click “Run as Administrator”.
To use pip when installing python libraries available on github or elsewhere (where they specify pip as installing tool) type as follows from command line:
C:\WINDOWS\system32> pip install “opensource library name that you want” (or whatever you want*)
You will notice a process that will follow in your command line, like a download of that library and additional components. The final outcome of that process should be finalised with success. This is the validation you have “downloaded” that library and you may start using it with python.
This “pip” and using command line are the most used features and also convenient for me when I explore various work in python made by others (usually they are free and could be found in a significant number on github).
Hope you will find enjoyable testing python on windows and convenient using a virtual private server (while you will be secure enough).
*) Still be cautious about “whatever you want”. I mean about open-source code you find on the web (not everything is checked by open source communities as for us to have the comfort we are free from malicious bugs).