Simple steps to secure your new VPS Print

  • 110

Securing your VPS is vital, people may think of hacking as happening to only elite systems such as NASA, FBI etc., but as a matter of fact it can happen to anyone. It's the last thing you want happening to your VPS, so it's best to take steps to avoid it.

Passwords are everything.

The general rule of thumb is don't use obvious passwords, or as the passwd command likes to tell you passwords based on a dictionary word are BAD PASSWORDS. Try not to make your passwords exceptionally short, or easily guessed like peter1, it wont take long for a bot to get into your VPS if you have a password like that. Try and make your passwords long, include capital letters and include punctuation to make it more complex and hence harder to crack. Also don't store your passwords in an obvious place that people can find!

Eliminate the possibility!

You can stop those bot's trying to log in by disabling root password authentication on your SSH client. I am assuming you're running sshd (default SSH daemon), open your favourite text editor and edit the /etc/ssh/ssh_config and uncomment the line PasswordAuthentication yes, and change it to PasswordAuthentication no. If the line does not exist, create it! Before you do this, make sure you setup SSH keys first, or you'll have to login to VNC (on a KVM VPS) and change it back to be able to login via SSH. Alternatively you can create another user with administrator prilages.

To use SSH keys you may follow this guide which explains it all in detail: http://www.cyberciti.biz/faq/ssh-passwor...tication/.

A few more suggestions to secure your VPS are as follows:
It's best not to take these as gospel but it will certainly help.

Restrict MySQL.
If you run phpMyAdmin or something similar, make it accessible only by your IP. Also make sure you have MySQL limited to localhost and not external hosts.

Keep your OS updated.
Run yum -y update or apt-get -y update depending on your OS regularly to keep your system up to date, this will ensure you have the latest security fixes etc.

Install DenyHosts.
It can be used to specifically allow your own IP only. Simple.

http://www.cyberciti.biz/faq/block-ssh-a...denyhosts/ - Debian variants
http://www.cyberciti.biz/faq/rhel-linux-...e-attacks/ - RHEL variants

Stop using FTP!
Why use FTP when you can use SFTP and it's built in with your SSH server?

Don't use vulnerable panels.
Just don't. Panels such as zPanel and Kloxo are outdated and vulnerable, it will only result in hacking us on your case!

Was this answer helpful?

« Back