How do you protect your server?

resellermaster

New member
how do you protect your VPS or dedicated server from any kind of attacks?

does your hosting provider suggest you any alternative for this?
 
If you are solely using your VPS server, then first thing, login to your SSH and change default port 22 to something else.
Install CSF firewall on your server and block all non used open ports.

But, if you are hosting your clients on the same server, then you may required some extra security tweaks.
Such as installing Imunify360 or BitNinja, Installing CloudLinux and disabling SymLink on your server.
 
We have established DDoS protection for our customers in multiple data centers around the country. That, in addition to the best firewall technology and tech team, allows us to confidently host our clients with no issues or security threats. It's all about the infrastructure.
 
  1. First install all the updates and patches for your Operating system. This is the first step which will protect your server from known vulnerability.

  2. Remove any service /application not essential for your needs. The less service you run, the lesser will be the vulnerability.

  3. Install a good firewall and Intrusion detection system. If you are using Linux, install ConfigServer Security & Firewall. Use the recommended settings if you are not sure about any of the features.

  4. As an added precaution, you can also install fail2ban as well. Any failed attempt to login will trigger the offending IP address to be temporarily banned.

  5. Run only the PHP version still under support. Many old version of PHP contained many known vulnerabilities.
 
Simply I follow some basic rules of server security -
  • Update the OS & other applications
  • Minimize unnecessary software on servers
  • Unnecessary services should be disabled
  • Remove unnecessary operating system components
  • Minimize open network ports
  • Setup a good Firewall & maintain it
  • Monitor login attempts & Established password Requerments
And The Most Important Things are Backup, Backup & Backup.
 
and then educate your clients that when they are told of an avaiable software update, then update the software.
I lost count of how many clients using softaculous scripts, but never updates these scripts as most think ' why update something that is working fine'
 
As standard

Hardware Firewalls at the perimeter
Software Firewalls on the server
Mod_Security on the vhost
Custom security scripts
Config Exploit Scanner
MailScanner

Optional BitNinja or Immunify 360
 
We used to use modsecurity by comodo, CSF with some nice regex combinations to block attacks on wp-login and xmlrpc and also CXS with malware.expert rules to make it stronger.

However we found doing this required alot of log checking and changes all the time to keep up with new attacks etc.

We moved to Bitninja and ever since servers are more secure no more malware and everything is automated and looked after by a security company focusing on that specific part of our business.
 
You can protect your Dedicated Servers through -
  • DDoS Protection
  • Firewalls
  • Malware Scanning and Removal
  • Intrusion Prevention
  • Server Monitoring Tools
 
If you are solely using your VPS server, then first thing, login to your SSH and change default port 22 to something else.
Install CSF firewall on your server and block all non used open ports.

But, if you are hosting your clients on the same server, then you may required some extra security tweaks.
Such as installing Imunify360 or BitNinja, Installing CloudLinux and disabling SymLink on your server.
Changing the default SSH port from port 22 to another won't be of much help in the face of a seasoned hacker. I would suggest disabling remote root login and enabling passwordless SSH authentication using sh key pair.
 
Here are some handy tips you can use to fortify the security of your VPS:

1. Configure passwordless SSH authentication on your VPS. This ensures that you only log in using your ssh-key pair, which SHOULD ALWAYS BE KEPT SECRET.

2. Constantly update/patch the packages on your VPS to address any security loopholes. Where possible, enable automatic updates on your VPS.

3. Install a firewall on your VPS to control inbound and outbound traffic and only allow the required services through the firewall.

4. Turn off any unused services and block any ports that are not in use. The open ports there are, the more the attack landscape you are giving to your attacker.
 
If you are solely using your VPS server, then first thing, login to your SSH and change default port 22 to something else.
Install CSF firewall on your server and block all non used open ports.
You should do this as standard with any VPS regardless of who is using it.
When I get a server I will leave SSH port at 22 until I get the server configured incase I need assistance from providers and then I will change the port and close down all unused ports
 
Changing the default SSH port from port 22 to another won't be of much help in the face of a seasoned hacker.
Seasoned hackers usually start by looking for SSH port, right?🤫 By changing that port you'll at least save a bit of computational power of your server.

If your provider doesn't offer decent DDoS protection, it's a matter of time until you start having problems.
 
We use both Bitninja and Imunify360. We notice Bitninja lowers load nicely - its an awesome Firewall system however and has good bit of everything else even malware protection. Whereas Imunify360 is good with CSF together and it has a very good malware auto cleanup system. So both have their benefits Just depends on your needs. One of these two are kinda a must have now adays for shared hosting.
 
how do you protect your VPS or dedicated server from any kind of attacks?

does your hosting provider suggest you any alternative for this?
i think the best solution is to use a ddos protected dedicated server and use your software firewall on your server to protect yourselve, if you are using linux csf is a good solution for software based firewall.
 
to protect the server there are several ways like -
  • Setup firewall
  • Always use latest versions of software
  • Monitor server logs
  • Keep the server malware-protected
  • Take regular backups
  • Protect from Brute-force attacks
 
100% protection not possible but you can harden the config

for example:
1. Disable root
2. Using SSH key instead of password
3. Change SSH port
4. Open SSH port only from a particular IP

There are may ways to harden your server security
 
1. Disable root
2. Disable user authorize
3. Using SSH key instead of password
4. Change SSH port
5. Iptables + ipset
6. fail2ban


This is a mandatory minimum of what needs to be done on the server when installing and configuring it.
 
Back
Top