Virtual Private Servers (VPSs) are a great solution for anyone looking to run their own web server. VPSs cater to you and your needs while giving you the freedom of running your own hardware. VPSs are powered by an operating system like Linux or Windows. This allows the customer to install the OS of their choice on the server.
If you are planning to purchase VPS hosting Or you already have one, securing your VPS is a vital part because you are hosting your website on it. When you order your VPS, a distribution or operating system is pre-installed, but no security protocol is implemented natively. It is therefore up to you to secure your VPS.
This guide offers some general tips for securing your server.
You can log in to a remote server by using the SSH (secure shell) cryptographic network protocol for operating network services. The SSH protocol can offer you the highest level of encryption and you’ll be able to direct insecure traffic (coming to your server) through a secure connection.
You can secure SSH logins by
Disable root logins
Disabling logins from the “root” username adds another layer of security, as it stops hackers from simply guessing your user credentials. Instead of logging in as the root user, you’ll need to create another username and use the “sudo” command to execute root-level commands.
/etc/ssh/sshd_config in nano or vi editors and find the “PermitRootLogin” parameter.
By default, this will say “yes”.
Change it to “no” and save the changes.
Change the SSH port:
Default SSH port is 22, changing the SSH port number can prevent malicious scripts from directly connecting to the default port (22).
/etc/ssh/sshd_config and to change the appropriate setting.
Make sure to check whether the chosen new port number is being used by any other services – you don’t want to create a clash!
Weak passwords always have been – and always will be – one of the largest threats to security. Don’t allow user accounts to have empty password fields. You must have a strong and long password.
It isn’t difficult to update your server’s software.
You can simply use the rpm/yum package manager (CentOS/RHEL) or apt-get (Ubuntu/ Debian) to upgrade to newer versions of installed software, modules, and components on the Linux platform.
We recommend checking out for such at least once a week.
Both cPanel and Plesk provide utilities that allow you to update software within their web interface, or if you want you can easily do it via SSH at any time.
The first thing you should do when securing your Linux VPS is to activate and set up a firewall such as
Open network ports and unused network services are easy targets for hackers, and you’ll want to protect yourself against exploitation.
Use the “netstat” command to see all currently open network ports and their associated services.
A firewall performs the job to deny access to any sources of known malicious traffic, and it effectively acts as your first line of defense. But no firewall is fool-proof and harmful software can still slip through, which is why you need to protect yourself further.
ClamAV and Maldet are two open-source applications that can scan your server and score potential threats. That’s why we install both of them as part of the VPS security hardening process for our managed hosting customers.
MyResellerHome provides a cPGuard interface to deal with such malicious uploads.
Popular CMS providers include Joomla, Drupal, and WordPress, which powers nearly 60% of the web. Hackers constantly trying to locate security loopholes through a website’s content management system (CMS).
Most CMS developers regularly release security fixes, as well as new features.
Your website’s content is your responsibility, and not your host’s. It falls to you to ensure that it’s regularly updated, and it’s a good idea to take regular backups, too.
cPanel has inbuilt “cPHulk” brute force protection. cPHulk acts like a secondary firewall, preventing brute-force attacks (from repeated attempts to guess the password) on the server.
To enable it, you’ll need to go to the WHM Security Center and select cPHulk Brute Force Protection
By default, cPanel and Plesk both disable anonymous FTP uploads but other setups can come with it pre-enabled. it’s a bit like giving your keys to a burglar.
To disable anonymous uploads, edit your server’s FTP configuration settings.