From df56f558f974c680fe8491eb69e83a7f38133321 Mon Sep 17 00:00:00 2001
From: clowwindy <clowwindy@users.noreply.github.com>
Date: Mon, 2 Feb 2015 17:15:19 +0800
Subject: [PATCH] Updated Securing Public Shadowsocks Server (markdown)

---
 Securing-Public-Shadowsocks-Server.md | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/Securing-Public-Shadowsocks-Server.md b/Securing-Public-Shadowsocks-Server.md
index a306ac3..68ee077 100644
--- a/Securing-Public-Shadowsocks-Server.md
+++ b/Securing-Public-Shadowsocks-Server.md
@@ -1,31 +1,33 @@
 If you share your server with strangers, you need to be careful.
 
-1. Limit bandwidth
+1. [Optimize your server](https://github.com/shadowsocks/shadowsocks/wiki/Optimizing-Shadowsocks)
+
+2. Limit bandwidth
 
         apt-get install wondershaper
         # limit bandwidth to 10Mb/10Mb on eth0
         wondershaper eth0 10000 10000
 
-2. Prevent ssh password cracking
+3. Prevent ssh password cracking
 
         apt-get install denyhosts
 
-3. [Prevent Shadowsocks password cracking](https://github.com/shadowsocks/shadowsocks/wiki/Ban-Brute-Force-Crackers)
+4. [Prevent Shadowsocks password cracking](https://github.com/shadowsocks/shadowsocks/wiki/Ban-Brute-Force-Crackers)
 
-4. [Block connection to localhost](https://github.com/shadowsocks/shadowsocks/wiki/Block-Connection-to-localhost)
+5. [Block connection to localhost](https://github.com/shadowsocks/shadowsocks/wiki/Block-Connection-to-localhost)
 
-5. Run Shadowsocks server as nonroot user
+6. Run Shadowsocks server as nonroot user
 
         sudo useradd ssuser
         sudo ssserver [other options] --user ssuser
 
-6. Block traffic to non-HTTP port
+7. Block traffic to non-HTTP port
 
         iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 80 -j ACCEPT
         iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp --dport 443 -j ACCEPT
         iptables -t filter -m owner --uid-owner ssuser -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
 
-7. Block BitTorrent trackers
+8. Block BitTorrent trackers
 
         apt-get install nginx