Linux VPS has a huge number of advantages. One of them is security, which is higher than that of other operating systems. After all, it provides protection against hacking Linux Security Modules (LSM) – a system responsible for supporting various security models. But it is also not enough for the user to be confident in the ability of a virtual private server to withstand hacker attacks. In this article you will learn 20 ways to protect your ubuntu virtual private server from hacking.
Protecting Linux VPS from hacking
No one will deny that Linux security is initially good, but it also has weaknesses. To upset all the hackers’ plans, to prevent them from gaining access to confidential information, follow simple steps. They will not require much effort from a user with administrative experience.
Disable the root login
If you intend to increase security measures, do not log in with “root” user access. By default, the server assigns the username “root” to the user. Most server owners don’t change it. Hackers only have to crack the password to gain access to the data. This way you will add an additional level of security. In the future, use the “sudo” command to authorize and execute administrative commands.
Changing the SSH port
Hackers use port 22 by default to connect to an SSH server. Changing the port will complicate the task for attackers. It will be difficult for them to crack the Remote Access Protocol (SSH) using brute force if they can’t find it. Accordingly, the hacker will not be able to perform a direct connection of malicious scripts. To do this, the administrator needs to perform additional settings, first making sure that the selected port number is not used by other services. Otherwise, a conflict is possible.
Do not ignore the software updates for the server
One of the effective methods of server protection is regular software updates. New versions of software and applications always have higher protection against unauthorized interference. In order not to miss the new version, subscribe to package update notifications. You can also configure automatic security updates.
If the ports are not used, they need to be disabled
Open network ports are easy prey for hackers. Apply the “netstat” command and you will see open ports. Close them and disable unwanted services. Your tools are iptables and chkconfig.
Unnecessary modules – to the trash
If you don’t use the software, get rid of it. After all, this is a vulnerable link through which an attacker can gain access to the database. Avoid installing unnecessary software. This will reduce the risks of threats. In addition, it will improve server performance.
If you are not using the IPv6 Internet protocol, disable it. It is often used by attackers to send spam or malicious traffic. If the protocol is open, hackers will definitely use this “hole” in the system sooner or later.
Hackers’ attacks are often aimed at data transmitted over the network. This can be avoided by encrypting the transmission through passwords and certificates.
Do not be lazy to come up with complex passwords, because weak ones are easy prey for hackers. Activate the “outdated password” option so that the system reminds you of the need to change the identification code.
Configuring the Firewall
A firewall is needed by those who really care about VPS security. Choose the Net Filter firewall to filter unwanted traffic or TCP Wrapper – an application that will block access from the network to various programs. No less popular firewalls are CSF and APF.
The previous paragraph mentioned the need to use a firewall. This is an important part of protecting the server from hackers. Installing a firewall is one of the first steps after setting up a VPS by a new tenant.
Use disk partitioning
Divide the disk space into isolated partitions. This way the OS files will be separated from the tmp files and user files.
In settings /boot – read only
All kernel files on Linux servers are stored in the “/boot” directory, the basic settings of which assume reading and writing. To exclude the modification of files that ensure the smooth operation of the server, you should leave “read-only” in the directory settings.
SFTP instead of FTP
Abandon the outdated File Transfer Protocol (FTP) in favor of SFTP. In this case, all transmitted and credentials will be encrypted.
Be sure to install licensed antivirus software. This is necessary for the security of the server. The software will scan the server, identify threats.
Don’t skip CMS updates
Hackers often look for weaknesses in the site engine. 20% of all websites run on Joomla, Drupal and WordPress. Developers offer new security features regularly. Don’t ignore them. The best option is to install automatic updates.
Use cPHulk in WHM if you have cPanel installed
The firewall may miss a malicious attack. To increase the level of protection, use cPHulk as an additional barrier to brute force attacks.
Exclude anonymous FTP uploads
To prevent users from uploading anything they want to the server, disable anonymous uploading in the FTP server settings.
Scan the OS for malicious software
It is not enough to install a scanner, they still need to be used regularly to find out if the server is infected. Set up automatic scanning so as not to forget to check the operating system for dangers.
One of the ways to increase the security of work is to create backups. Consider storing copies on the cloud to be able to access them from anywhere in the world.
Yes, yes. We have already said this. But the best teaching is repetition. A weak password is the No. 1 threat to server security. Passwords must be long, consist of numbers and letters, uppercase and uppercase. Change passwords regularly, do not use a password manager, and, moreover, do not save data on your own server.
Why is it so important to protect the server?
Weak protection of the server from intruders can lead to disastrous consequences. Personal data may be publicly available, users may be financially harmed.
Every day, millions of hackers search the network for weak VPS to strike. And only you are responsible for the security of your site. Corporate and commercial websites are the main target for attacks. After all, it is on them that you can get data that will bring hackers profit. So make sure you don’t let them do it. If it is difficult for you to ensure the security of the website yourself, use managed hosting services. Choose a package that includes security audits and security measures. In this case, you will share the responsibility and be able to sleep peacefully.