Everything on the Internet is subject to danger. It lies in the actions of bots, hackers, curious schoolchildren and other restless inhabitants of the global network. Servers, both dedicated and VPS, are exposed to great danger
VPS security basics on Linux and Windows
The provider usually provides basic DDoS protection, but what the user does to their machine is none of their business. So it's up to you to take care of security. So, what do you need to pay attention to?
1. Strong password and two-factor authentication
Protect your server with a complex password of more than 12 characters; include numbers and special characters; change the case of several letters. If you don't want to make up complex passwords yourself, create them using online tools. For example, using our generator.
An additional security level is created by two-factor authentication. To log in to the control panel, in addition to the standard credentials (login and password), the server will ask you to enter a temporary code that will be sent to your email or phone number. If attackers gain access to your credentials, you can rest assured that you are safe until your phone is stolen or your email is hacked.
Updating passwords
It is necessary to update passwords in a timely manner. Enable the "expiration date" feature, which can be configured using the usermod utility in Linux or manually in the /etc/shadow file. When the expiration date expires, the system will automatically send a notification to the user to change the password.
2. Software update
Even the smallest gaps in the secure VPS system can be exploited by attackers, so don't forget to keep your software up to date. Keep track of the version of the operating system, connected modules, CMS, control panel. To ensure maximum protection of VPS server, it is recommended to enable automatic CMS updates.
Get rid of unnecessary programs and add-ons for CMS. Keep the minimum that is necessary for the operation of your site, and everything else safely send to trash.
3. Do not keep all files in "one basket"
Separate your data optimally. In case of a hack or problem within one user, data from other users will not be affected. If necessary, separate the projects on different servers. It is not necessary to "store" everything on one server.
It is also important to disable SUID/SGID access (nosuid) and disable executable files (noexec).
4. Backups
It is important to remember to make frequent backups. Some hosting providers automatically create backups, but it is better to clarify this information to avoid losing all your data in case of hacking with no possibility to restore it.
With a EuroHoster VPS, you have the ability to back up your virtual machine manually whenever you deem it necessary, as well as to set up scheduled backups. If necessary, you can store up to 5 backup copies.
5. SSH port change
SSH is a secure, standardized way to connect to a Linux VPS. It provides a secure connection, end-to-end encryption and the ability to use features such as key authentication without using a password
To reduce the risk of an SSH attack, it is recommended that you change the port that bots target. SSH uses port 22 by default, so it is worth choosing another available port.
Disable unnecessary ports and confuse the bots
Only ports for active services should be open on the server, and all others should be closed.
The intelligence of the bots leaves much to be desired - they act according to the given instructions, not understanding their essence too deeply. For example, if told to get into an SSH port, they go to port 22, and if told to get into an FTP port, they go to port 21. You can confuse the bot by changing key port numbers and disabling unused ports. The main thing is to be consistent:
- open the desired port using iptables or ufw;
- change the port number in the service settings to the new one;
- close the old port.
6. Encryption for VPS protection
Configure the GnuPG utility to securely transmit information over your network. It is a free and easy-to-use program that allows you to encrypt all outgoing packets. Without the correct key, they cannot be accessed, even if they are intercepted along the way. Attackers will not be able to gain any benefit, and decrypting the information will take years.
7. Antivirus and firewall protection
Be sure to activate and configure a firewall and antivirus (on Windows). When choosing a hosting provider, pay attention to the presence of a built-in firewall that blocks suspicious connections and has protection against DDoS attacks.
Linux also offers several options for security:
- UFW is a simple firewall that is ideal even for beginners;
- IPTables - for managing NetFilter, built into the Linux kernel;
- NFTables - a firewall with a simple syntax that combines IPv4 and IPv6 support.
As for antiviruses - there are two main free antiviruses available for Linux users - Maldet and ClamAV. The free programs also help to create a secure VPS. The professional community has loved both antiviruses and is actively working on fixing bugs and adding new features. Download also Chrootkit, another free antivirus designed to detect rootkit virus.
Enable cPHulk in WHM cPanel
Although firewalls are considered an effective security measure, they can have vulnerabilities and may not be configured correctly. In such cases, activating cPHulk protects the virtual servers additionally. The feature first blocks the ability to log in and then, if necessary, the entire IP address will be blocked by the firewall.
Application of FAIL2BAN
To provide additional security in Linux, you can use the fail2ban utility. To install it, run the following command: apt install fail2ban. Before changing the settings, it is recommended to back up your files to keep the default settings. The utility includes several filters for Apache server, but it is recommended to create your own filters based on your web server security requirements. FAIL2BAN can monitor login logs, detect IP addresses from which a large number of failed authorization attempts have been made. The utility automatically creates firewall rules that temporarily block such IP addresses.
8. Remove access to /boot
It is best to disable access to the /boot directory where files related to the Linux kernel are stored. If a user has access to these files, he or she may gain powers that you would not want to give to hackers.
Open the /etc/fstab file in any text editor. At the end of the file, type the line: LABEL=/boot /boot ext2 defaults,ro 1 2. Save and close.
9. SFTP
Reconfigure your server from the legacy FTP protocol to the secure SFTP protocol. This is analogous to SSL for FTP, which provides a higher level of protection. It is also recommended to disable anonymous connections to the server to prevent unauthorized file uploads.
10. Get rid of the root user (with superuser privileges)
He can change anything he wants. Therefore, it is recommended to disable root completely and create a separate user with the right permissions and a complex password.
To disable root, open /etc/ssh/sshd_config, find the PermitRootLogin directive and replace the word "yes" with "no"
Restrictions on other users' permissions
By assigning passwords to public folders, the system will be protected because even through files of no value, it is possible to penetrate the system. It is necessary to limit the rights of users, giving them access only to the necessary functions. Such a server protection strategy is much simpler than controlling the security of all accounts.
11. Disable IPv6
This is another important step to improve Linux server security. Research shows that hackers often misuse IPv6, using it to spread malware and exploit vulnerabilities in the operating system. Therefore, if you do not need to use IPv6, it is best to disable it.
12. Monitoring server logs
Usually, any VPS control panel has basic monitoring. It displays standard parameters of system operation: CPU, memory and disk load. System log files and utility logs will help to track unwanted activity on the server, as well as identify vulnerabilities in the system as a whole. An important role is played by the /var/log directory, which stores logs containing important information about the operation of the system, kernel, package managers and other applications.
Advanced VPS/VDS performance monitoring that includes metrics of the services themselves is very useful. If you have this capability (for example, the service is provided by default by the provider or additionally purchased), it's great. Running a separate server for monitoring may be too expensive and only necessary in a limited number of cases.
13. Do not access the server from public Internet points, etc.
It is not recommended to use public networks, as their security cannot be fully relied upon. It can be quite difficult for an inexperienced user to distinguish such a network from an official access point. An attacker can intercept all your traffic. Therefore, it is not recommended to connect to your VPS server from such networks.
14. Spam monitoring
Protecting your mail server includes controlling spam, which is often used by attackers.
15. Configure automatic session disconnection
When a user accidentally forgets to close the RDP client on the computer, the automatic shutdown option will prevent unauthorized access to the system. After an interval of time, the system will require a password to log in again.
This is the case for Windows servers.
16. Built-in Linux patches can help
Prevent potentially dangerous configurations and the launch of malicious programs. In addition to integrated solutions, containerized or sandboxed access control systems are widely used. They restrict access to the system kernel through security policies and the creation of isolated environments where potentially malicious applications are run. The following systems are used to run applications in isolation on Linux: SELinux, AppArmor, LXC/Arkose, and Seccomp/BPF. Changing the chroot root directory is also practiced to safely sandbox applications. This method has the disadvantages of being difficult to deploy and having limited control over processes.
17. Trusted hosters
One last, important tip - choose a hosting company that fully meets your needs and has an impeccable reputation. Not to be confused with baited, fake reviews.
How to act in case of VPS hacking
If a server is compromised, it will be immediately obvious. The reasons for this can vary from simple user inattention to methodical password selection by intruders.
Signs of hacking: unstable operation, blocking, lack of user access. And traffic can skyrocket, mail can be sent secretly, files can be transferred without your knowledge via SSH.
How to check the server for hacking
Monitor background operations closely and detect them in a timely manner. Check the login time if someone has logged in without you. Look into the history of commands and operations. If the activations of dangerous commands coincide with the login time, then the server is compromised. Look at the list of IP addresses. If there are unfamiliar addresses there without authentication, then the fears are confirmed. Be attentive to the mail queue and look for X-PHP-Script command lines to detect possible scripts executing unwanted mailings. Check the most recently modified files on your site to detect any unwanted changes.
Examine the VPS for shells - code that can be used by attackers to gain access. If you find any shells, remove them. Check temporary and boot directories on your server for scripts that should not be there.
How to cut off the "oxygen" of attackers
Many experts advise to reinstall the operating system if a hack is detected, but this measure is not always mandatory. If the exact cause is known and it has already been eliminated, you can:
- restrict access to the administrative panel to specific IP addresses only;
- close unnecessary ports in the firewall settings;
- remove all malicious scripts and shell programs from the server;
- update user passwords and SSH keys;
- perform a complete software upgrade.
Conclusion
It is critical to ensure security when working with a dedicated or virtual server. Comprehensive measures allow you to avoid data leakage and protect the server from hacking.
If your actions are ineffective, there is no need to despair. Restoration of server performance and elimination of detected vulnerabilities is always possible. If necessary, you can quickly restore settings and information from backups. And the most important thing in ensuring security is consistency.
