Securing Your Linux VPS: 15 Measures to Prevent Hacking

Securing Your Linux VPS: 15 Measures to Prevent Hacking

24.07.2023
Author: HostZealot Team
2 min.
291

A Linux VPS, also known as a Linux Virtual Server, is designed to run Linux software. It provides high-speed internet connectivity and allows users to choose from various operating systems like CentOS, Debian, and Ubuntu. With root access, users can independently manage the Linux virtual server located in the data center.

Servers play a critical role in processing and storing business-sensitive data. Implementing server security measures is crucial for ensuring:

  • Integrity. Server security safeguards the accuracy and completeness of stored data by preventing unauthorized tampering or accidental modifications.
  • Availability. Security measures enable system administrators to maintain the server and its services accessible to authorized users at all times, minimizing disruptions.
  • Confidentiality. Protecting sensitive data stored on the server prevents unauthorized access, preserving its confidentiality.

Linux VPS servers are more secure, thanks to the Linux security model (LSM). Here's how to secure and protect your Linux VPS from hackers:

  • Understand that Linux servers require the same level of care and attention as any network-connected computer.
  • Be aware of the potentially catastrophic impact of web server infrastructure vulnerabilities.
  • Millions of hackers worldwide are actively searching for security weaknesses in Linux VPS servers.
  • Ensure your VPS is secure to defend against future threats, as hackers will eventually target it.
  • Organizational and e-commerce websites are increasingly targeted, and basic security measures are often insufficient.

By implementing robust security measures, you can enhance the protection of your Linux VPS server and safeguard it against potential attacks.

1. Disabling root logins

By default, the primary user on a standard VPS is "root," which grants full access to the server. However, this also makes the root user a prime target for potential hackers.

To enhance security, it is recommended to create a new user and utilize the "sudo" command for executing root-level commands as needed. Before disabling the root account, ensure the new admin account has appropriate access privileges.

To disable root access, modify the PermitRootLogin parameter in the sshd_config file to "No." This prevents the root user from logging into the server.

While this step improves security, further customization of user access levels is crucial. It's important to assign access privileges based on individual user requirements. For instance, a web developer may not need root access, while a SysAdmin may only require limited root-level commands.

2. Changing the SSH port

SSH is a crucial component for remote server access, typically operating on the default port 22. However, attackers actively search for servers with open ports like 22 to exploit SSH vulnerabilities. One common attack method is brute-forcing the root user's credentials to gain unauthorized access.

To counter this threat, one effective measure is to change the SSH port to an alternative one. By doing so, automated scans will not detect SSH on the standard port 22. To change the port, you need to update a specific file (which we will address in subsequent tips, so keep it accessible).

/etc/ssh/sshd_config

Before making any changes to the file, ensure that the port you intend to use is not already occupied by another service. Otherwise, a conflict will arise, causing both services to function improperly.

3. Keeping server software up to date

It is important to regularly monitor and update your server software using the appropriate package manager for your operating system, such as RPM or YUM for CentOS/RHEL or apt-get for Ubuntu/Debian. Additionally, pay attention to panels like Plesk or cPanel and ensure they are updated, either manually or through automatic notifications. To stay informed about package updates, you can set up email reminders from your operating system.

4. Disabling unused network ports

It is highly recommended to avoid logging in as the root user. Since the username "root" is commonly targeted by hackers for brute force attacks, disabling root logins adds an extra layer of security by preventing them from guessing the password.

Instead, create a new username and utilize the "sudo" command to execute root-level commands without logging in as the root user. Sudo grants authorized users special access to administrative commands without requiring root access authorization.

Before disabling the root account, ensure that you have created a non-root user with the necessary permissions.

5. Disabling IPv6

Unfortunately, research indicates that hackers often utilize IPv6 in VPS servers to distribute malware, launch threats, and exploit security vulnerabilities within the server's operating system.

To reduce this risk, it is crucial for webmasters to proactively maintain their Linux server by keeping it up-to-date with regular updates. Additionally, disabling IPv6 as a network service can help enhance security and minimize the potential for exploitation.

6. Utilizing GnuPG encryption

Protecting data during transmission over a network is crucial due to frequent targeting by hackers. To ensure security, encrypting transmissions to your server using passwords, keys, and certificates is essential. GnuPG, a widely used tool, employs a key-based authentication system for encryption. It utilizes a "public key" that can only be decrypted by the intended recipient's "private key."

7. Implementing a robust password policy

Having a weak password is a significant security risk. It is important to prohibit the use of easily guessable passwords by server users.

When selecting a password, it is advisable to utilize a combination of uppercase and lowercase letters, numbers, and symbols. Additionally, you can enforce password expiration by setting a specific period for users to change their passwords.

To enhance security and prevent brute force attacks, it is recommended to set login failure limits using the "faillog" command. This helps in automatically disabling user accounts after repeated unsuccessful login attempts.

8. Configuring a firewall

Securing the system against unauthorized access is crucial, and one effective measure is to inspect and configure the firewall. To combat DDoS attacks and filter out unnecessary traffic on your VPS server, deploying a firewall is imperative. Popular firewalls like CSF and APF offer plugins for widely used panels such as cPanel and Plesk.

When setting up a new Linux VPS, one of the first steps should be installing and configuring a firewall. Additionally, it's advisable to use SFTP (FTP over SSH) instead of outdated and insecure FTP (File Transfer Protocol) for secure file transfers.

9. Employing disk partitioning

To enhance security, it is recommended to partition your disk and segregate the operating system files from user files, third-party programs, and temporary files. This can be achieved by disabling SUID/SGID access (nosuid) and preventing the execution of binaries (noexec) on the operating system partition.

By separating the operating system files from other data, such as user files and temporary files, you reduce the risk of potential vulnerabilities affecting critical system components. An experienced system administrator understands the importance of logical partitioning in VPS server disk space allocation to mitigate the potential loss of files and enhance overall system security.

10. Using SFTP instead of FTP

SFTP (Secure File Transfer Protocol) is a highly secure file transfer protocol that ensures data protection and privacy by utilizing SSH (Secure Shell). On the other hand, FTP (File Transfer Protocol) is a non-secure file transfer protocol that exposes you to potential risks such as brute force attacks and spoofing.

Unlike FTP, SFTP provides fast and encrypted file transfers, ensuring the confidentiality and integrity of your data. While it is possible to establish a secure connection with FTP, the content of the files remains unencrypted. When exchanging sensitive data, it is crucial to authenticate the server, and SFTP excels in this aspect by encrypting the connections and offering a more reliable and secure file transfer process. This is why we recommend using SFTP over FTP for enhanced security.

11. Enabling automatic CMS updates

It is important to regularly update your content management systems (CMS) and install security patches to prevent website hacks and attacks. Since CMS platforms like Joomla, WordPress, and Drupal are open-source software, it is crucial to secure your Linux system by enabling automatic updates for your CMS.

Regardless of the CMS you use, whether it's Joomla, WordPress, or Drupal, continuous security updates are necessary to protect against data loss and safeguard sensitive information. Utilizing the provided CMS security fixes and new features is essential for the ongoing security of your Linux VPS.

By enabling automatic updates, your CMS core, themes, and plugins will be regularly updated with the latest virus definitions, enhancing your website's security against potential future attacks. This approach also simplifies the management of multiple websites for website owners as the number of websites increases. Moreover, automatic updates ensure you benefit from the latest features and bug fixes, contributing to improved performance and stability.

12. Activating cPHulk in WHM

Alongside the firewall, cPanel offers the "cPHulk" brute force security system.

While firewalls are effective, they can sometimes have vulnerabilities and incorrect settings, allowing hackers to gain unauthorized access. In such cases, cPHulk serves as an additional layer of security, specifically designed to prevent brute force attacks on the server.

The process involves cPHulk initially blocking the login feature, while the firewall subsequently blocks the entire IP address. To enable this feature, navigate to the WHM Security Center and select the cPHulk Brute Force protection option.

13. Preventing anonymous FTP uploads

Enabling anonymous FTP uploads on your Linux server can lead to the hosting of illegal software or inappropriate content, making your server vulnerable to malware that can impact the entire virtual machine. To prevent this, it is recommended to disable anonymous uploads and allow only authorized users to upload files via FTP.

To disable anonymous access, follow these steps:

Open the following file:

/etc/vsftpd/vsftpd.conf

Edit the configuration for anonymous access and change it to the following:

anonymous_enabled=NO

By making this configuration change, you ensure that anonymous access to the FTP server is disabled, promoting a more secure and controlled file upload environment.

14. Regularly backing up your data

Many users make the mistake of neglecting regular backups, only to regret it when unforeseen events occur and they realize they don't have a copy of their data. Regardless of how cautious you are and how secure your server may be, there is always a possibility of something going wrong.

To avoid unnecessary risks, it is crucial not to overlook the importance of backups and not to solely rely on your hosting provider to handle them. It is highly recommended that you take your own backups, even if your hosting company claims to do it for you. Store copies of your backups in different locations and consider utilizing cloud storage to ensure accessibility from anywhere.

15. Employing a strong password

Weak passwords present a significant security risk to your Linux server, and the same applies to Windows servers as well. It is crucial to select a strong password that incorporates a combination of uppercase and lowercase letters, numbers, and symbols. Opting for a lengthy and complex password is highly recommended.

Both CPanel and Plesk provide the ability to enforce a robust password policy and set password expiration periods. Taking advantage of these features ensures an added layer of security for your server.

Conclusion

Securing your Linux VPS is crucial for protecting your personal data and maintaining system stability and functionality. This article provides a comprehensive guide on how to enhance security, including implementing strong passwords, enabling a firewall, installing antivirus software, disabling unnecessary services, and utilizing encryption. By following these steps, you can significantly reduce security risks and effectively safeguard your system.

It's important to recognize that security is an ongoing process, as new threats can emerge at any time. Staying informed about the latest trends and regularly reviewing and updating your security practices is essential. In a world where there are millions of hackers constantly searching for vulnerabilities, it becomes crucial to strengthen your VPS against potential threats. Corporate websites and online stores are particularly attractive targets, often susceptible to compromise despite basic security measures. This article aims to provide insights and strategies to secure your Linux VPS server and prevent hacker attacks.

Related Articles