- Joined
- Jun 20, 2016
- Messages
- 32
- Points
- 0
Virtual Private Servers (VPS) are not dedicated servers. You are not responsible for a complete physical equipment, but a VPS is needed a certain tightening of the same security that can be expected from a complete server. The following are some security tips to secure your linux VPS
Secure your SSH
SSH is a window to your server. It gives you direct access to the command line and all the power it brings. This also means that no one else can access to it except you and the power that this tool entails. This is a high stakes security issue, and if you are new to VPS systems, you have to spend some time learning how to make SSH as secure as possible.
Be careful with the permissions of the web server
Whatever the user runs the web server, if it is "nobody", "apache" or any other name, it should not have access to the sensitive zones that contain private data, passwords, etc.
In order to ensure this, you need to be aware of the permissions you set and the files to your web server and what properties you have on it to determine if there is something that you only have read access to, so you are not given liberally access to Writing / performing.
Keep up to date with security updates
You've probably heard this before, but I'll say it again, since it's something you can not exaggerate. Many of the problems of administrators of a VPS server are due to software vulnerabilities. If your software is up to date and has all the current security patches, you can greatly reduce that risk. You can run the updates manually routinely or even configure your VPS to apply automatic updates.
Your VPS is an affordable way to move from shared hosting to a more flexible and powerful environment, but with that power comes a great responsibility. Stay on top of security issues and treat your VPS as you would with a dedicated server.
Secure your SSH
SSH is a window to your server. It gives you direct access to the command line and all the power it brings. This also means that no one else can access to it except you and the power that this tool entails. This is a high stakes security issue, and if you are new to VPS systems, you have to spend some time learning how to make SSH as secure as possible.
Be careful with the permissions of the web server
Whatever the user runs the web server, if it is "nobody", "apache" or any other name, it should not have access to the sensitive zones that contain private data, passwords, etc.
In order to ensure this, you need to be aware of the permissions you set and the files to your web server and what properties you have on it to determine if there is something that you only have read access to, so you are not given liberally access to Writing / performing.
Keep up to date with security updates
You've probably heard this before, but I'll say it again, since it's something you can not exaggerate. Many of the problems of administrators of a VPS server are due to software vulnerabilities. If your software is up to date and has all the current security patches, you can greatly reduce that risk. You can run the updates manually routinely or even configure your VPS to apply automatic updates.
Your VPS is an affordable way to move from shared hosting to a more flexible and powerful environment, but with that power comes a great responsibility. Stay on top of security issues and treat your VPS as you would with a dedicated server.