9 Ways To Keep Your VPS Secure
These days, the topic of web hosting security seems to be everywhere, a concern not only discussed among big companies but also individuals with an online presence.
And for good reason. With stolen personal and financial information, customer data loss, and destroyed website content, cyber threats are very real and should not be taken lightly.
In this article, we’ll specifically address security measures regarding Virtual Private Server (VPS) Hosting, where we’ve identified ways to keep yours extra secure.
1. Change Your Default SSH Login
Many VPS users use SSH or Secure Shell, a method for remote computer-to-computer connection, to log in to their servers.
If you use an SSH method to log in to your server, there is a risk of becoming a victim of a brute-force attack. When a “brute-force attack” occurs, this usually means someone tries to log in to your SSH using a variety of common passwords. For this very reason, we recommend changing the default SSH 22 port login password to a customized one. Strong passwords generally consist of a combination of upper and lower-case characters, numbers, and non-alphanumeric characters.
To change your default SSH login password, simply login to your VPS and locate the file /etc/ssh/sshd_config. Now switch PermitRootLogin from the default YES to NO. For advanced security, you might want to consider using SSH key authentication instead of password authentication, which is more resistant to brute-force attacks.
Keep in mind, however, that when you disable root logins without assigning authorized access beforehand, you may lock yourself out of your VPS.
2. Use The Latest Software Versions
It goes without saying that the older the software version, the more vulnerable your VPS becomes. Luckily, all it takes is a few clicks of your mouse to run the necessary updates for your operating system (OS).
You may also want to consider automating this process. And depending on the OS you use, you’ll most likely use apt-get for Debian and Ubuntu or yum/rpm for CentOS to perform system updates. This can be automated by cron jobs, a Linux-based utility that schedules a command or script on your VPS to run at a specified time and date or through your control panel.
In addition to updating server-side software, if you happen to use any Content Management System (CMS), we recommend monitoring for updates and install them as soon as they’re available.
3. Monitor Your VPS Server Logs
Managing your server logs helps you to stay in control over what’s happening with your VPS. By tracking your VPS systems and software, you’ll be better prepared if any issues rear their ugly heads.
When you actively monitor events, resource usage, traffic levels, user activity, and software-generated errors, you’re better prepared to handle the issues at hand. Whether that’s preventing or resolving, being aware of what issues are at hand can only help to solve them faster.
A helpful tip? Set up email notifications for any warnings and errors so you can follow the events in real time.
4. Set Up Your Firewall
You don’t want unwanted traffic, right? That’s why a firewall matters.
Most Linux-based operating systems have pre-installed firewalls (think iptables, firewalld, ufw, DebianFirewall). To conveniently manage iptables and integrate other control panels, consider installing the free ConfigServer Firewall, aka CSF. This firewall configuration script works to provide better security for your VPS while giving you an advanced, intuitive interface for managing your firewall settings.
Looking for additional protection? ModSecurity can be added to your main firewall and helps you to track HTTP traffic, injections related to your website code, databases, etc. Regardless of whether or not you decide to choose a pre-installed firewall or a custom firewall, you still need to configure the following:
- Filtering traffic that matches the patterns you’ve defined
- Blocking/allowing access for certain IP addresses
- Closing ports that are not used for scan prevention
- Making a regular rule audit to keep them relevant and adding new ones
- Performing updates to the existing rules to be prepared for new security challenges
5. Make Sure Your Server Is Malware-protected
In addition to setting up a firewall that guards incoming traffic, you also need to consider monitoring the files that have already been and are being uploaded to your VPS, just in case any vulnerabilities occur.
This is why you need solid anti-virus software on your VPS since its signatures require constantly updating. This is also a good way to detect any suspicious activity and helps you to quarantine unwanted files.
Luckily, there are plenty of anti-malware software applications available, the most popular ones being ClamAV and CXS. Sure, there might be some false positive instances, but as the saying goes, it’s far better to be safe than sorry.
6. Protect Against Brute-force Attacks
As we mentioned previously, brute-force attacks happen when hackers discover weak passwords, giving the attacker full access to your VPS. Unfortunately, it’s not enough anymore just to have a strong password. You also need tools that can help you detect brute-force attacks and block unwanted logins from happening.
cPhulk, a feature that’s integrated within cPanel is a perfect example. cPhulk helps block logins after several failed login attempts and blocks not only cPanel logins but also WHM, FTP, and email-based ones.
We also recommend utilizing Login Failure Daemon, aka LFD, a process that’s part of the aforementioned CSF, which periodically checks for potential threats to your VPS. LFD searches for brute-force login attempts, and if found blocks the IP address attempting to attack your server. LFD will also send you notifications of successful and failed logins. Now that’s added peace of mind.
7. Control User access
In the quest for VPS security, you may decide how you’d like control to be distributed. In other words, the areas where your users can operate.
Besides setting the different file permissions, you might want to consider taking a look at tools like SELinux (available with Red Hat Enterprise), which allows you to control process initializations, network interfaces, files, and file systems along with user-management access.
Let’s say, hypothetically speaking, that your VPS is used by many users. Here, you may decide to limit their access in order to prevent them from affecting your resource usage and to protect sensitive data. To do this, look for file systems such as CageFS (CloudLinux) or VirtFS. Both let you keep your users isolated within a specific set of resources and files.
8. Keep Calm And Perform Backups
Not just for VPS Hosting, backups (or better yet, automatic backups) are crucial for every type of hosting.
Ideally, backups should be performed outside the server, just in case something goes wrong with your server. Although some providers sell backup functionality as an additional service, Namecheap offers server backups for all types of management. If you are interested in offsite storage, we recommend Full Management for VPS Hosting.
9. Use SSL Certificates For Everything
SSL certificates help you create an encrypted channel between the server and client to ensure that nothing disrupts your privacy.
In order to keep your sensitive data safe, SSL certificates are crucial to every type of hosting, whether that’s transmitting files, sending emails or entering your login details.
To correctly implement SSL certificates, however, some technical know-how is required. In this case, it’s worth it to hire a system administrator to arrange everything for you and give you added peace of mind.
In summary, whether it’s Shared Hosting, VPS Hosting or Dedicated Server Hosting, no matter which type you use for your website, security should always remain top of mind. This ranges from creating difficult-to-guess passwords, enabling 2FA authentication where possible, avoiding the use of unofficial software as well as avoiding opening email attachments from people you don’t know.
With a VPS especially, more freedom means more responsibility. That’s why Namecheap only offers Linux-based OS with VPS Hosting, which compared to other OS is considered to have the highest level of security given its in-house solutions.
And although our handy guide won’t protect you from every online threat that’s lurking out there, it’ll certainly keep you and your VPS more aware, more alert, and better off in the long run.
Very good article, 9 content I thank you for pointing out what is needed for everyone. Good luck in the next article.
So glad the information was useful! Thanks for taking the time to read.
You covered all point nicely, even it applies to dedicated server too. Changing default ssh setting and firewall is must do thing.
Its true that if u follow these 9 steps then u don’t have to worry about your VPS security.