If you planning to purchase VPS hosting Or you already have one, securing your VPS is a vital part because you are hosting your website on it. When you order your VPS, a distribution or operating system is pre-installed, but no security protocol is implemented natively. It is therefore up to you to secure your VPS.
This guide offers some general tips for securing your server.
1. Use only SSH to log into your server
You can log in a remote server by using the SSH (secure shell) cryptographic network protocol for operating network services. The SSH protocol can offer you highest level of encryption and you’ll be able to direct insecure traffic (coming to your server) through a secure connection.
You can secure SSH logins by
Disable root logins:
Disabling logins from the “root” username adds another layer of security, as it stops hackers from simply guessing your user credentials. Instead of logging in as the root user, you’ll need to create another username and use the “sudo” command to execute root level commands.
/etc/ssh/sshd_config in nano or vi editors and find the “PermitRootLogin” parameter.
By default, this will say “yes”.
Change it to “no” and save the changes.
Change the SSH port:
Default SSH port is 22, changing the SSH port number can prevent malicious scripts from directly connecting to the default port (22).
/etc/ssh/sshd_config and to change the appropriate setting.
Make sure to check whether the chosen new port number is being used by any other services – you don’t want to create a clash!
2. Use Strong Password
Weak passwords always have been – and always will be – one of the largest threats to security. Don’t allow user accounts to have empty password fields. You must have a strong and long password.
3. Always install the latest security updates
It isn’t difficult to update your server’s software.
You can simply use the rpm/yum package manager (CentOS/RHEL) or apt-get (Ubuntu/ Debian) to upgrade to newer versions of installed software, modules, and components on Linux platform.
We recommend checking out for such at least once a week.
Both cPanel and Plesk provide utilities that allow you to update software within their web interface, or if you want you can easily do it via SSH at any time.
4. Using a firewall is essential
The first thing you should do when securing your Linux VPS is to activate and set up a firewall such as
The IPTables Firewall
The UFW Firewall
The NFTables Firewall
CSF is an outstanding add-on for your cPanel servers
5. Disable unused network ports
Open network ports and unused network services are easy targets for hackers, and you’ll want to protect yourself against exploitation.
Use the “netstat” command to see all currently open network ports and their associated services.
6. Install antimalware/antivirus software
Firewall performs the job to deny access to any sources of known malicious traffic, and it effectively acts as your first line of defense. But no firewall is fool-proof and harmful software can still slip through, which is why you need to protect yourself further.
ClamAV and Maldet are two open-source applications that can scan your server and score potential threats. That’s why we install both of them as part of the VPS security hardening process for our managed hosting customers.
MyResellerHome provides cPGuard interface to deal with such malicious uploads.
7. Turn on CMS auto-updates
Popular CMS providers include Joomla, Drupal and WordPress, which powers nearly 60% of the web. Hackers constantly trying to locate security loopholes through website’s content management system (CMS).
Most CMS developers regularly release security fixes, as well as new features.
Your website’s content is your responsibility, and not your host’s. It falls to you to ensure that it’s regularly updated, and it’s a good idea to take regular backups, too.
8. Enable cPHulk in WHM
cPanel has inbuilt “cPHulk” brute force protection. cPHulk acts like a secondary firewall, preventing brute-force attacks (from repeated attempts to guess the password) on the server.
To enable it, you’ll need to go to the WHM Security Center and select cPHulk Brute Force Protection
9. Prevent anonymous FTP uploads
By default, cPanel and Plesk both disable anonymous FTP uploads but other setups can come with it pre-enabled. it’s a bit like giving your keys to a burglar.
To disable anonymous uploads, edit your server’s FTP configuration settings.
10. Take regular backups
Most of the people forget to take regular backups – and then they regret it when something goes wrong and they don’t have a copy of their data
You may checkout the backup post at https://tinyurl.com/yxqdp6n8