What are the most comon security mistakes that newbie VPS users make?

adamMc

Hi,

Just curious, what do you think are some of the common security mistakes that newbie VPS users (not providers) make when they are getting into hosting services on a vps.

SNetworks1

I think insecure passwords is probably the highest one... The amount of people we have had to explain to that a simple password will simply not cut it is scary...

Neoon

Not installing security updates, weak passwords, insecure configuration of services.

comXyz

Choose wrong providers.

wych

password="password"

4n0nx

not installing updates, misconfigured programs

Caster

uses passwords as "incorrect"
i asked them why ?
they replied to me that if they forget the password then the system will tell them, "Your password is incorrect" >.>

TinyTunnel_Tom

Gives SolusVM a secure password

Jonchun

not disabling root login
not disabling password logins
not following step by step guides that tell you how to do above
following above step by step guides, then claiming they are server admins
more to come.

TinyTunnel_Tom

@Jonchun said:
not disabling root login
not disabling password logins
not following step by step guides that tell you how to do above
following above step by step guides, then claiming they are server admins
more to come.

I do neither of the top two /yet/

On my to-do list haha.

ehab

how can i install windows?

Makkesk8

port 22

Mun

They dont run apt-get install fail2ban

Traffic

@Mun said:
They dont run apt-get install fail2ban

apt-get update && apt-get upgrade -y && apt-get install denyhosts unattended-upgrades -y

Mad

Insecure passwords, no firewall, no change SSH port.
These are some of the most important basic steps needed to secure a VPS

bsdguy

LAMP stack on some linux, passworded SSH, panels for everything.

jaypeesmith

Knowing nothing a the OS they're using on the server.

4n0nx

jaypeesmith said: Knowing nothing a the OS they're using on the server.

isn't that typical for a newbie? >.>

bsdguy said: passworded SSH

I see nothing wrong with non dictionary passwords :0 I want to see the bot that tries p€n!5 ;D

xxsaumitraxx

using the default configuration, like using the default passwords/login etc

namhuy

purchase vps(s) and not logging into his vps(s)

ehab

i have a real case.... not testing the provider long enough for example 2months while adding too much credit in first 2 weeks ...oh yeah-

steny

They don't read pages like this one.

Nomad

Getting an OpenVZ

NodePing

Not removing user accounts that came pre-installed from the provider's OS template, right @Nick_A?

nexusrain

You may take a look at my guide about the first 10 things you should do with a Linux server, including securing it: https://www.bitforce.io/linux-server/die-ersten-10-dinge-die-man-mit-einem-linux-server-tun-sollte/

GIANT_CRAB

They install stupid software like zPanel/Sentorra, etc.

khav

@RockBeltHOST said:
uses passwords as "incorrect"
i asked them why ?
they replied to me that if they forget the password then the system will tell them, "Your password is incorrect" >.>

I laugh so hard on this one

AbeloHost

Misconfigurations...

TheLonely

@Mun said:
They dont run apt-get install fail2ban

-bash: apt-get: command not found

RHEL masterrace!

Ikoula

Misunderstanding on files and folder rights, there is so many sites with 777 just to make the CMS working many people dont know how to set permissions.

deadbeef

@Ikoula said:
Misunderstanding on files and folder rights, there is so many sites with 777 just to make the CMS working many people dont know how to set permissions.

Does it REALLY matter in single tenant VPSs?