16 VPS Security Tips to Prevent Attacks on Your Server

Knowing how to secure your virtual private server (VPS) running Linux is crucial to avoid cyber threats. However, this is not a one-time task; in addition to applying security best practices, you must continuously monitor your VPS server.

In this article, we will delve into Linux security and its common vulnerabilities. We will also discuss 16 VPS security tips to prevent cyberattacks on your virtual server.

Linux Security and Common Weaknesses

Although Linux VPS security is generally robust, it has some weaknesses.

Many cyber threats can compromise your Linux server's security and data. Here are the most common ones:

- Malware: intrusive software designed to damage computers and their operating systems.

- Sniffing Attack: a cyberattack where a hacker uses packet sniffers to intercept and extract data from a network.

- Brute Force Attack: a hacking method where an attacker uses trial and error to guess login credentials.

- SQL Injection: an attack that occurs when a hacker exploits code in a web application to access the server's database.

- Cross-Site Scripting (XSS): a client-side attack where a hacker injects malicious code into a website.

- Lack of Function Level Control: when access rights to a server are not verified properly, giving unauthorized users root privileges.

- Broken Authentication: identity theft due to unencrypted data, weak passwords, or misconfigured application session timeouts.

Before implementing any security measures, learn the crucial elements you should monitor on your VPS server:

- VPS hosting security

- Server software

- SSH connection

- Root access and logs

- Passwords and credentials

- Firewalls

- FTP connection

- User rights and privileges

- Server logs

16 Security Tips to Protect Your VPS Server

This section contains 16 security tips to prevent cyberattacks on VPS hosting.

1. Research Your VPS Hosting Provider's Security

Your VPS hosting provider should have a solid security infrastructure and offer additional protection to keep your server safe. While users can install additional security features, some already come preconfigured.

Depending on the provider, security features will vary. At HolyHosting, we apply thorough security practices for all our VPS hosting plans to ensure optimal security, including:

- Web Application Firewall: a dedicated security feature that analyzes and filters incoming requests based on predefined security rules.

- Suhosin PHP Hardening: a module that hardens PHP applications against vulnerabilities that cybercriminals commonly exploit.

- PHP open_basedir Protection: a security measure that restricts access to specific directories for PHP scripts.

- Full BitNinja Server Protection: a suite of security solutions with modules for IP reputation, malware detection, and proactive defense mechanisms.

- Advanced DDoS Mitigation: protection against distributed denial-of-service (DDoS) attacks.

- Monarx Antimalware: a security tool that continuously scans your VPS for malware and suspicious activities.

- SSL Security Layer: SSL certificates that encrypt data transmission between your website and visitors.

Additionally, HolyHosting offers automatic backups and live snapshots for easy data restoration in case of cyberattacks or other incidents.

This is ideal for most users and beginners, as they should choose managed VPS hosting whenever possible. This means the provider takes care of all server hosting security features, updates outdated software, and scans for malware, keeping your VPS server secure with minimal effort.

However, advanced users who want more flexibility and control over their VPS security can still benefit from self-managed hosting from

HolyHosting. Users get root access to VPS servers, and we also offer a dedicated technical support team.

2. Change the Default SSH Port

If you are still using port 22 to access your virtual server via an SSH connection, there are likely hacking attempts. This is because attackers can scan open ports to perform brute force attacks and gain SSH access to the remote server.

We recommend changing the default SSH listening port to protect your data from automated attacks. Here is how you can change the SSH port:

- Open the Terminal and log in to SSH.

- Run the following command to edit the service configuration file:

`nano /etc/ssh/sshd_config`

- Find the line that says "Port 22".

- Replace the 22 with a new port number and remove the #.

- Save the changes and exit the editor.

- Enter the following command to restart the service:

- For Debian and Ubuntu

`service ssh restart`

- For CentOS and Red Hat Enterprise Linux (RHEL)

`systemctl restart sshd.service`

- Log in to SSH using the new port to verify if the changes were applied correctly.

3. Disable Root Login

Linux VPS servers have a root user who holds the highest privileges in the operating system and can modify any aspect of the server. Cybercriminals could target this user to gain full access to the server.

Disabling this account helps improve root access security, protecting your server from brute force attacks. However, we recommend creating an alternative username with the privilege to execute root-level commands to configure the server.

Follow the steps below to disable root login:

- Open the Terminal and log in to your SSH account.

- To open and edit the configuration file, run the following command using the nano or vi text editor:

`nano /etc/ssh/sshd_config`

- Find the following parameter and change it to no to disable root login:

`PermitRootLogin=no`

- Run the following commands to save the changes and restart the SSH service:

- For Debian and Ubuntu

`service ssh restart`

- For CentOS and Red Hat Enterprise Linux (RHEL)

`systemctl restart sshd.service`

4. Use Strong Passwords

Passwords containing information about your identity or simple phrases are easy to guess. To prevent successful brute force attacks, create a long and complicated password with various elements, such as numbers and special characters.

You can use tools like NordPass to easily create and store strong passwords. These tools offer various customization options, such as limiting password length and characters used.

Do not use the same password for more than one account and remember to change it regularly, ideally every three months. Also, avoid sharing login credentials for accounts with root privileges to prevent unauthorized modifications to the server.

5. Start Using SSH Keys

If you are still using a password to log in to your SSH account, you may be a target for sniffing attacks. To avoid this, use SSH keys instead of a password for VPS authentication.

These encryption keys are additional login credentials to secure an SSH connection on a VPS. Being computer-generated, they can be up to 4096 bits long, making them more complex and harder to crack than a root password.

SSH keys consist of two sets: public and private. The first is stored on the server, while the second is stored on the user's machine. When the server detects a login attempt, it will generate a random string and encrypt it with a public key. The encrypted message can only be decrypted with the associated private key.

Here is how you generate an SSH key on a Linux server:

- Open the Terminal application and log in to SSH.

- To generate public and private keys, enter the following command:

`ssh-keygen -t rsa`

- When a response appears, press Enter.

- You will be asked to enter a passphrase twice. If you don't have one, press Enter twice.

- Your private and public keys will be saved correctly.

6. Set Up an Internal Firewall (IP Tables)

Since HTTP traffic comes from diverse origins, setting up a firewall for your VPS helps filter requests to ensure only legitimate visitors can access your system. Doing so prevents malicious traffic and potential DDoS attacks.

Linux distributions include a built-in firewall service called iptables. This tool monitors traffic from and to your server using tables. It uses rules called chains to filter incoming and outgoing data packets.

It allows you to adjust firewall rules according to your needs. Here is how you can install and verify the current iptables configuration on Ubuntu:

- Open the Terminal and log in to SSH.

- Run the following command to install iptables:

`sudo apt-get install iptables`

- After installation, enter the following command:

`sudo iptables -L -v`

- The Terminal will display a detailed list of all iptables rules. Here is how the output might look:

[Screenshot of current iptables rules]

7. Configure Your UFW Firewall

The Uncomplicated Firewall (UFW) is a built-in application in Ubuntu that acts as a frontend for iptables. In short, it will deny all incoming connections and allow outgoing ones, decreasing the risk of potential threats.

You can modify and add rules to the firewall according to your preferences. Here is how to enable it:

- Open the Terminal and connect via SSH.

- Type the following command to enable UFW and press Enter:

`sudo ufw enable`

- If the response indicates that the command was not found, install the firewall with this command:

`sudo apt-get install ufw`

- Once the installation is complete, run the command from step two to enable UFW.

- Verify the firewall status with the following command:

`sudo ufw status`

- Alternatively, use our built-in VPS Firewall in hPanel. Select your VPS and choose Firewall:

[Screenshot of the Firewall button in the VhPanel panel]

8. Regularly Update Server Software

Keeping your operating system and software up to date is crucial to ensure all security vulnerabilities are addressed. Cybercriminals constantly look for exploits in old software versions to infiltrate servers.

Schedule regular updates for your operating system and any server software you are using. Debian-based systems, like Ubuntu, can use the following command:

- `sudo apt-get update && sudo apt-get upgrade`

For Red Hat-based systems, like CentOS, use:

- `sudo yum update`

Remember to restart your server after applying updates for the changes to take effect.

9. Use Secure SSH Connections

The SSH protocol provides a secure connection to your server, but you can still improve security by following some best practices. Make sure to disable password authentication and only allow key-based authentication.

To make these changes, edit the SSH configuration file with the following command:

- `nano /etc/ssh/sshd_config`

Find the `PasswordAuthentication` line and change it to `no` to disable password-based authentication.

Additionally, enable key-based authentication by adding the following line to the same file:

- `PubkeyAuthentication yes`

Save the changes and restart the SSH service.

10. Configure Limited IP Access

Limiting access to your server to only specific IP addresses reduces the risk of brute force attacks and prevents unauthorized connections. Edit the SSH configuration file:

- `nano /etc/ssh/sshd_config`

Add the allowed IP addresses at the end of the file in the following format:

- `AllowUsers username@IP`

Replace `username` with your username and `IP` with the authorized IP address. Save the changes and restart the SSH service.

11. Perform Regular Backups

Backups are your lifeline in case of data loss due to an attack, human error, or any other issue. Schedule automatic backups and store them in a safe location.

You can use built-in solutions, such as HolyHosting's hPanel backup, or third-party tools. Make sure backups include all critical data, such as configuration files and databases.

12. Monitor Server Logs

Regularly review server logs to detect unusual activities or potential intrusion attempts. Logs such as `/var/log/auth.log` and `/var/log/syslog` contain valuable information about system behavior and user interactions.

Use the `tail` command to follow specific logs in real time:

- `tail -f /var/log/auth.log`

Set up alerts for anomalies and consider installing log monitoring tools to facilitate analysis.

13. Install an SSL Certificate

Website security is also crucial. Install an SSL certificate to encrypt the communication between your server and site visitors. This is especially important if you are collecting sensitive information through online forms.

You can get free SSL certificates from Let's Encrypt and easily configure them on your

web server.

14. Enable DDoS Protection

Distributed denial-of-service (DDoS) attacks can overwhelm your server with fake traffic, causing a service interruption. Use DDoS protection services or tools to mitigate these attacks.

HolyHosting provides advanced DDoS protection on all VPS servers, which helps keep your site online even during intense attacks.

15. Use an Intrusion Detection System (IDS)

Intrusion detection systems monitor and analyze traffic for malicious patterns. Set up an IDS on your server to detect potential threats and act quickly to prevent intrusions.

Snort and Suricata are popular IDS options for Linux. Customize the rules according to your needs and regularly review the reports generated by the system.

16. Consult with Security Experts

If you are unsure about how to implement certain security measures or need additional advice, consider consulting with IT security experts. Professionals can perform security assessments and provide specific recommendations for your server environment.

Remember that security is an ongoing effort. Stay up to date with the latest threats and security best practices, and adjust your configuration as needed. With these 16 VPS security tips, you will be well on your way to protecting your server against cyber threats.

Final Conclusions

Protecting your VPS server is a constant commitment that requires attention and effort. By following these 16 security tips, you will be strengthening your server's defenses against various cyber threats. Here are some final conclusions to keep in mind:

- Continuous Education: Stay informed about the latest cybersecurity trends and attack techniques. Continuous education is key to adapting to new threats.

- Proactive Implementation: Instead of waiting for security problems to occur, adopt a proactive approach. Set up solid security measures before issues arise.

- Regular Monitoring: Constant monitoring of server logs and implementation of automatic alerts will allow you to quickly identify and address any suspicious activity.

- Collaboration with Experts: Whenever possible, seek advice from IT security professionals. Their experience can be invaluable for strengthening your server's defenses.

- Quick Response: In the event of a security incident, have a quick response plan.

The ability to isolate and troubleshoot problems quickly can minimize the impact of an attack.

Remember that security is an ongoing process and that every server may have specific requirements. Customize these tips according to your needs and your server's specific environment. By doing so, you will be significantly improving your VPS server's security and protecting the integrity of your data and applications.

Keep in mind that these tips are designed to provide general guidance, and it is important to adjust the recommendations according to the specific characteristics of your environment and the technologies you use. If you have any additional questions or need specific guidance, do not hesitate to seek professional advice to ensure optimal security for your VPS server.