These days, the issue of virtual server security is everywhere, and in fact, it has become a major concern not only for many large companies, but also for some independent individuals who have an online presence. Of course, this concern is completely reasonable, because if financial and private information is stolen, site content is destroyed, or customer information is lost, cyber risks will show their damage and in no way should we be negligent in this area. did In this article, we will examine in detail the security issues related to virtual servers or VPS and discuss 9 ways to increase the security of the virtual server.
-
Change your default SSH login
Table of Contents
Many virtual server or vps users use SSH or Secure Shell to log into their server, which is actually a method of connecting two remote computers. If you use this method to connect, you expose yourself to brute-force attacks. When a brute-force attack occurs, it usually means that someone is trying to access your SSH using common passwords. For this reason, we strongly recommend that you change the default SSH password to a password of your choice. Strong passwords typically include upper and lower case letters, numbers, and non-alphabetic characters.
sshd-config file
To change the default SSH password, just log in to your virtual server and find the sshd-config file in /etc/ssh. Then, find the PermitRootLogin statement and change its value, which is YES by default, to NO. For more advanced security, you can use key authentication instead of password authentication, which is more resistant to brute-force attacks.
-
Use the latest version of the software
It is obvious that by using old and outdated versions of software, you endanger the security of your virtual server. Fortunately, updating the operating system and software only requires a few simple mouse clicks. Also, you might want to consider enabling automatic updates. Depending on the operating system you are using, the usual options for automatic updates are apt-gets for Debian and Ubuntu, and yum/rpm for CentOS.
Using cron jobs
You can also use cron jobs, which is a tool based on the Linux operating system and is able to set a time for the update as you wish. In addition to server software updates, if you also use a content management system (CMS), we suggest that you do not neglect its updates.
-
Monitor your virtual server logs
Managing vps logs helps you to always be in control of what is happening on your virtual server. By monitoring and following VPS systems and its software, you can better deal with problems that arise. When you continuously monitor resource consumption, traffic levels, user activity, software errors, and other events, you will always be able to fix problems as soon as they occur. This action can completely prevent or solve the problem. One thing that is good to know is that you can follow the events more quickly by setting up email to be aware of notifications, warnings and errors.
-
Set up your firewall
Most Linux-based operating systems have a firewall by default (itables, ufw, firewalld, and DebianFirewall). To more easily manage itables and combine other control panels, it is better to use the free tool ConfigServer or CSF for short. This firewall configuration script increases the security of your virtual server and at the same time creates a more convenient user interface for you to manage firewall settings.
Add ModSecurity
If you need more security and protection for your vps, you can add ModSecurity to your main firewall, to help you monitor areas such as HTTP traffic, site coding injections, databases, and more. .. to help Regardless of whether you are using a default firewall or a custom firewall, you should configure the following:
- Filter traffic according to the pattern you specify
- Allow access or not for certain IP addresses
- Close unused ports to prevent scanning
- Creating a rule for the rules to always be regular
- Updating existing rules to prepare for security challenges
-
Protect your server from malware
In addition to having a firewall that protects incoming traffic, you should also control the files that have been or are being uploaded to the virtual server for added security. This is why you need a reliable antivirus software. Fortunately, there are many antiviruses available, two of the most popular of which are ClamAV and CXS. Of course, mistakes may happen in some cases and flawless files are also known to be defective, but hard work does not make anything defective.
-
Protect the server against Brute-Force attacks
As we said earlier, Brute-Force attacks occur when hackers notice a weak password and thus gain access to your virtual server. Unfortunately, having a strong password is necessary but not sufficient. You must have tools that can help you identify these types of attacks and counter them. cPhulk, a feature built into cPanel, completely closes the login request after multiple failed login requests, covering not only cPanel logins but also FTP, WHM, and email-based logins.
LFD capability
We suggest you make the most of LFD as well. LFD is a process that is actually a part of the CSF introduced above. This feature continuously scans your virtual server for potential threats. More precisely, LFD looks for brute-force login attempts and if it sees one, it immediately blocks the IP of the person trying to attack the vps. In addition, LFD will show you notifications of successful and unsuccessful attempts to login to the server so that you are better aware of the status of your server.
-
Manage user access
To increase the security of the virtual server, you must decide how to control users; In other words, what environments are your users allowed to access. In addition to setting access to various files, it is recommended to use tools such as SELinux that allow you to manage the start of processes, network interfaces, files and systems along with user access. Imagine that your vps is used by many users; In this situation, you should decide to limit the access of users and prevent manipulation of resource consumption and sensitive server files. In order to do this, it is better to consider file systems such as CageFS or VirtFS.
-
Take a backup from the server
Backups are not only for virtual servers and are considered a very important part of all types of hosting. Preferably, save the backups outside the server files and in a safe environment so that you can use these backups in case of a problem with the server. Some hosting companies sell automatic backup as a service. If you don’t want this service, you can buy the virtual server you want.
-
Use SSL certificates for everything
An SSL certificate helps you create an encrypted channel between the server and the user to create a safe and secure environment. In order to protect your sensitive data, it is very important to use SSL certificates. Therefore, in everything, from sending emails or transferring files to requesting to enter the server, use an SSL certificate.
Summary and final remarks
In short, security is very important and vital both in virtual server and in dedicated servers or shared hosting. In a virtual server, having more freedom also means more responsibilities. For this reason, many hosting companies only offer virtual servers based on Linux operating systems because Linux is more secure compared to other operating systems. Up to date, it finds many branches and new ways to improve it are presented to the users.
CATEGORY:Blog