VPS Security Tips

Moebuntu

Well-known member
Registered
Joined
Jul 1, 2016
Messages
103
Points
18
Do you know any tips to secure my VPS? VPS security is a complex task with many different variables to learn and I want to know what are main techniques to secure a VPS. Thanks!
 

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
Great question and I was just looking at security for servers myself. I'll be watching this thread. :D
 

steitieh

Well-known member
Joined
Apr 23, 2014
Messages
113
Points
18
One of the advantages of virtualization is if a private virtual server (VPS) is compromised at the security level, this will not affect the physical server. Obviously, if you are the owner of a VPS with security problems, then you would not like anything that the same is compromised, so here I can give you 5 basic tips to secure your VPS .

- Disable remote root access : While it is likely that your provider gives you root access at the beginning, you do not always need to connect in that way. Instead, it is helpful to create a separate user account that is able to log in as root when you require it. This is usually referred to as a user wheel.

- Use difficult passwords : this is without doubt the most basic security advice anyone can give. We suggest you read this post to know more about it.

- Use a secure method of file transfer: FTP is not the safest method in the world. Instead it is best to use an encrypted SSH connection. SFTP is a recommended method.

- Update the software: if your provider does not perform periodic updates, then you must do them, and not only at the service level, but also update the CMS you use, such as WordPress.

- Back up everything: make backups regularly, that is a couple of times a week, and check that they are effective in case something goes wrong.

Hope that helped.
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
The short awnser is CSF firewall.

I would do the following with a new VPS.

1. Disable any unneeded services (care should be take with this if you do not know exactly what you are disabling and why you don't need it.
2. Get an encryption cert for the server, if you have some malware on your PC it will be able to read any data sent in plain txt including passwords.
3. Install CSF and configure a strict rule set.
4. Multitail https://www.vanheusden.com/multitail/

400px-Multitail_scheme_murmur.png


More than anything you need to keep an eye on whats happening, I have a screen running multitail which displays certain elements or complete log files with color and you can even make things flash red such as a root login :D (yep it's like something out of a movie) and highly recommend.

95% of attacks are brute force attempts that are easily shut down by the firewall, what you should be worried about is you get someone targeting your server who is not just a script kiddie and dangerous, they will try to exploit code in an vulnerable SSH demon or other service for example.

Best advice I can give is use good firewall rules and keep everything updated and you should be good. Just watch the logs for anything out of the normal.
 

liveinhost

Member
Hosting Provider
Registered
Joined
Jan 18, 2017
Messages
48
Points
8
Yes, first of all, install a firewall and make sure you open only wanted ports.
Update all the software and modules to its latest stable versions. If you do at least these two things then I can say your server is secure.
 

Collabora

Well-known member
Registered
Joined
Jan 24, 2017
Messages
123
Points
18
Windows or Linux?
 

Moebuntu

Well-known member
Registered
Joined
Jul 1, 2016
Messages
103
Points
18
Windows or Linux?
I use Linux for my hosting

Besides most things suggested above, I would recommend changing the default SSH port.
How can change the default SSH port completely?

1. Disable any unneeded services (care should be take with this if you do not know exactly what you are disabling and why you don't need it.
This is useful tip, how can find out what are unneeded services and disabling them?
 

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
The question is what services do you need? Then that will determine what services to disable. If the VPS has customers, then you may need everything running, but if it's only for you......for instance say you have one WordPress website on that VPS...then all you need is PHP and MySQL. Everything else installed can be disabled.

Now mind you, it's as simple as it sounds, and you have to understand what you need, what services are associated to those needs, and then how to disable and/or remove not needed services.
 

NodeComet

New member
Registered
Joined
Feb 1, 2017
Messages
6
Points
0
To change your SSH port simply edit /etc/ssh/sshd_config and edit the Port line to something different than 22. Something around the 1000+ port range seems to work fine for obscurity. Then restart the SSH service and you're all set.
 

WhiteVM

Member
Registered
Joined
Dec 6, 2016
Messages
18
Points
3
To secure yours VPS is not easy and have a lot of things you must to do, but easily you can make the best config on Linux:
+ Install a firewall in yours server, use CSF or IPtables, block the don't need ports and applications.
+ Install WAF for yours websites
+ Use strong passwords, and replace it atleast every 30 days.
+ Change SSH and other programs ports, just for blocking the standart bruteforce scipts.

On windows VPSs :
+ Use antivirus
+ Use Anti Malware
+ Use Bitlocker
+ Use Network Encrypter
+ Use Security Group Policy to set max logins and other things
+ use strong password and change it atleast every 30 days.
+ Use firewall
+ Don't Give accsess to other users of the VPS to different places, use group policy and NTFS security.

Its the simple :)
But after all, If you need strong security go to a professional for that.
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
I will also add CSF has very good notifications so you can tell what is going on with your security in real time.

Here is one of our IP block SSH failure notifications:

Code:
Time:     Sun Feb  5 16:08:34 2017 +0100
IP:       119.193.140.204 (KR/Korea, Republic of/-)
Failures: 5 (sshd)
Interval: 3600 seconds
Blocked:  Temporary Block

Log entries:

Feb  5 16:08:19 vps371230 sshd[28282]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.204  user=root
Feb  5 16:08:22 vps371230 sshd[28282]: Failed password for root from 119.193.140.204 port 35468 ssh2
Feb  5 16:08:24 vps371230 sshd[28282]: Failed password for root from 119.193.140.204 port 35468 ssh2
Feb  5 16:08:26 vps371230 sshd[28282]: Failed password for root from 119.193.140.204 port 35468 ssh2
Feb  5 16:08:28 vps371230 sshd[28282]: Failed password for root from 119.193.140.204 port 35468 ssh2

As you can see it tell you who, when and where and how. All the information on the attacker you need :D You can even get the MAC address if you dig in the logs a little deeper.
 

StackArcVPS

Member
Registered
Hosting Provider
Joined
Apr 5, 2017
Messages
56
Points
0
Never use An ftp for starter use a more secure way for file transfers and if you are using a vnc then use tunneling to hide your password and other content. use complicated or auto generated difficult passwords. Also change your password right after your VPS order is delivered
 
Older Threads
Replies
0
Views
1,388
Replies
11
Views
3,757
Replies
26
Views
11,564
Replies
6
Views
3,732
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top