Locking Linux Servers Down Tight - What Do You Recommend?

DDoS attacks and hackers are constantly attempting to undermine the web hosting industry and businesses worldwide. I'm curious what providers here recommend for the top ten apps or tips to secure Linux servers, optimizing them against these types of malicious attacks by cybercriminals.

Its a great question...

For me I use and recommend the use of a CDN such as Cloudflare which has a free entry plan which can help with overcoming DDOS attacks...

The other things you can do is improve on security of your website e.g. if its Wordpress then I do know that DDOS attacks can happen via the xmlrpc.php (pings/trackbacks) and as such recommend that you disable that file via .htaccess. There's a lot of info on that such as this article if you are interested to find out more.

For the rest - I'll leave that to the web hosting experts on the forum - as I am sure they will chip in ;-)

There is a lot that can be done, first as mention by @elcidofaguy CloudFlare can help with forward-facing web applications by means of simplified protection against SMALL DDoS attacks directed towards the domain of a website. This doesn't mean you are fully protected however, the best means of protection would be selecting a hosting provider that has in-house hardware based protection that will mitigate attacks up to certain sizes (usually 10Gbps+). The reason I say this is that it is easy to find the IP of a server even behind CloudFlare and as such if the IP were attacked said attacker would be completely bypassing the CloudFlare protection, which most do.

Next off you want to make sure you have a Firewall in place, usually for cPanel hosts CSF (ConfigServer Firewall) is the #1 Go-To Choice. Properly configured, this will protect your server from numerous different types of intrusion. Beyond that it boils down to how you configure your software and maintain your systems.