How to Secure your VPS/Dedicated Servers

Virtual Private Servers (VPSs) are a great solution for anyone looking to run their own web server. VPSs cater to you and your needs while giving you the freedom of running your own hardware. VPSs are powered by an operating system like Linux or Windows. This allows the customer to install the OS of their choice on the server.

If you are planning to purchase VPS hosting Or you already have one, securing your VPS is a vital part because you are hosting your website on it. When you order your VPS, a distribution or operating system is pre-installed, but no security protocol is implemented natively. It is therefore up to you to secure your VPS.

This guide offers some general tips for securing your server.

1. Use only SSH to log into your server

You can log in to a remote server by using the SSH (secure shell) cryptographic network protocol for operating network services. The SSH protocol can offer you the highest level of encryption and you’ll be able to direct insecure traffic (coming to your server) through a secure connection.

You can secure SSH logins by

Disable root logins

Disabling logins from the “root” username adds another layer of security, as it stops hackers from simply guessing your user credentials. Instead of logging in as the root user, you’ll need to create another username and use the “sudo” command to execute root-level commands.

open up /etc/ssh/sshd_config in nano or vi editors and find the “PermitRootLogin” parameter.

By default, this will say “yes”.

Change it to “no” and save the changes.

Change the SSH port:

Default SSH port is 22, changing the SSH port number can prevent malicious scripts from directly connecting to the default port (22).

open up /etc/ssh/sshd_config and to change the appropriate setting.

Make sure to check whether the chosen new port number is being used by any other services – you don’t want to create a clash!

2. Use Strong Password

Weak passwords always have been – and always will be – one of the largest threats to security. Don’t allow user accounts to have empty password fields. You must have a strong and long password.

3. Always install the latest security updates

It isn’t difficult to update your server’s software.

You can simply use the rpm/yum package manager (CentOS/RHEL) or apt-get (Ubuntu/ Debian) to upgrade to newer versions of installed software, modules, and components on the Linux platform.

We recommend checking out for such at least once a week.

Both cPanel and Plesk provide utilities that allow you to update software within their web interface, or if you want you can easily do it via SSH at any time.

4. Using a firewall is essential

The first thing you should do when securing your Linux VPS is to activate and set up a firewall such as

• The IPTables Firewall
• The UFW Firewall
• The NFTables Firewall
• CSF is an outstanding add-on for your cPanel servers
• ♥

5. Disable unused network ports

Open network ports and unused network services are easy targets for hackers, and you’ll want to protect yourself against exploitation.

Use the “netstat” command to see all currently open network ports and their associated services.

6. Install antimalware/antivirus software

A firewall performs the job to deny access to any sources of known malicious traffic, and it effectively acts as your first line of defense. But no firewall is fool-proof and harmful software can still slip through, which is why you need to protect yourself further.

ClamAV and Maldet are two open-source applications that can scan your server and score potential threats. That’s why we install both of them as part of the VPS security hardening process for our managed hosting customers.

MyResellerHome provides a cPGuard interface to deal with such malicious uploads.

7. Turn on CMS auto-updates

Popular CMS providers include Joomla, Drupal, and WordPress, which powers nearly 60% of the web. Hackers constantly trying to locate security loopholes through a website’s content management system (CMS).

Most CMS developers regularly release security fixes, as well as new features.

Your website’s content is your responsibility, and not your host’s. It falls to you to ensure that it’s regularly updated, and it’s a good idea to take regular backups, too.

8. Enable cPHulk in WHM

cPanel has inbuilt “cPHulk” brute force protection. cPHulk acts like a secondary firewall, preventing brute-force attacks (from repeated attempts to guess the password) on the server.

To enable it, you’ll need to go to the WHM Security Center and select cPHulk Brute Force Protection

9. Prevent anonymous FTP uploads

By default, cPanel and Plesk both disable anonymous FTP uploads but other setups can come with it pre-enabled. it’s a bit like giving your keys to a burglar.

To disable anonymous uploads, edit your server’s FTP configuration settings.

10. Take regular backups

Most of the people forget to take regular backups – and then they regret it when something goes wrong and they don’t have a copy of their data