Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How do you secure your server? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How do you secure your server?

2

Comments

  • jsgjsg Member, Resident Benchmarker

    Entertaining read ...

  • itfzeitfze Member

    You also have to use LiteSpeed service for better server performance and uptime of your VPS.

  • JordJord Moderator, Host Rep

    I use pandas armed with bamboo.....

  • @jonesolutions said:

    uzaysan said: But now server may go to production.

    Securing a server is not just about installing firewall, disable root, etc... You think it is ok but in the background, hackers are now trying to get in to some of your sites, doing something this and that which for sure, you are not aware of. It takes a lot of effort and not just by installing something and let it run/do the work.

    • NCIS will help you but in real life better have good sysadmin (yes not cheap) but only human help can prevent and protect your server
    Thanked by 1webcraft
  • If you turn off your server, hackers will not be able to access it.

    Thanked by 2webcraft default
  • GBIGBI Member, Host Rep

    On a serious note, it looks like you're not too familiar so if you are planning to host client accounts then hire an admin. Ask them to do an initial server harding and optimisation.

  • jeparamediajeparamedia Member
    edited May 2020

    i don't know 😁

  • Firewall + Disable Root, its all I can think of as of now.
    Rest is your script's security.

  • cazrzcazrz Member
    1. plan an offsite backup
    2. use ssh keys
    3. use non-root user
    4. install persistent firewall then iptables input drop all except ..., iptables output drop all except ...
    5. use reverse proxy
    6. use kernel care or other rebootless kernel tools if possible
    7. make sure all your web files and directories are non-wrtiable for world.
    8. if it is a web server atleast only install web server or mysql/mariadb other services like emails/dns put it elsewhere.
    9. do not use FTP, use sftp,scp or better yet git.
  • HostkeyHostkey Member
    1. secure connection
    2. SSH keys authentication
    3. secure file transfer protocol
    4. secure sockets layer certificates
    5. private networks and VPNs
    6. monitor login attempts
    7. manage users
    8. password requirements
    9. password expiration policy
    10. passphrases for server passwords
    11. update and upgrade regularly
    12. remove or turn off all unnecessary services
    13. hide server information
    14. use intrusion detection systems
    15. file and service auditing
    16. firewall
    17. back ip
    18. multi-server environments
    19. virtual isolated environments
  • martynsmartyns Member

    About SSH -22 Port, I would suggest you to restrict / close that port to only your IP with iptables
    If you have dynamic IP, even more ranges you can do that also simply by adding /16 on the end, of course 1 static IP is best. Can't get Static IP at least not for free from your ISP?

    • Then just install VPN on your VPS, and use that IP for using SSH (Port 22) Access.
  • I set password to "12345" and waiting for someone to lock my server. Enjoy.

    Thanked by 1pbx
  • NyrNyr Community Contributor, Veteran

    Your vanilla, updated system is "secure" by default. Inexperienced sysadmins seem to forget that.

    We then could talk about hardening specific services, but that is very specific and ample, not many generalizations can be made.

    Thanked by 2pbx lokuzard
  • @ben47955 said:
    I set password to "12345" and waiting for someone to lock my server. Enjoy.

    And then have your server suspended, no refund.

  • @TimboJones said:

    @ben47955 said:
    I set password to "12345" and waiting for someone to lock my server. Enjoy.

    And then have your server suspended, no refund.

    Yeah, this happening time to time, I don't understand why :(

    Thanked by 1pbx
  • I changed my password to Password, open all ports, and wait for another person to manage it for me, so that even I couldn't login ,

    Thanked by 1pbx
  • serv_eeserv_ee Member

    @ErawanArifNugroho said:
    I changed my password to Password, open all ports, and wait for another person to manage it for me, so that even I couldn't login ,

    Free managed dedicated, noice!

  • pbxpbx Member
    edited May 2020

    ben47955 said: Yeah, this happening time to time, I don't understand why

    The problem is that you don't choose your sysadmin: you will likely be lucky and find somebody taking good care of your server, but in some cases you can end up with an asshole doing nasty shit with it.

    Maybe try using a longer password? I use 1234567890 and never had any VPS suspended. Sometimes bandwidth consumption is a bit too high for my taste, but what can I say? Those people secure my server for free, I'm not gonna complain!

    Thanked by 1ErawanArifNugroho
  • JordJord Moderator, Host Rep

    Bamboo of course. Makes it nice and strong....

  • PHDanPHDan Member

    9mm

  • serv_eeserv_ee Member

    @PHDan said:
    9mm

    Are you American by any chance?

    Thanked by 1arw55
  • Unplug the internet

  • SaahibSaahib Host Rep, Veteran

    I just figured ..
    There is feature on internet called "Google"
    https://www.google.com/search?client=firefox-b-d&q=how+to+secure+linux+server

  • JordJord Moderator, Host Rep

    Did someone mention Hetzner?

  • /etc/host.deny
    /etc/host.allow
    ipset whitelist

  • To be honest you can't. More apps installed, more issues you will have also more security holes. Turn off all ports, as much as you can. Make sure that running services are alone on this node. Yandex has course about the security on YouTube. With many toolkits and basic principles. Because security tools always change with a time, but principles stay the same.

    Thanked by 2RedSox uzaysan
  • @serv_ee said:

    @PHDan said:
    9mm

    Are you American by any chance?

    That question would make more sense if he said 9", not mm.

  • JordJord Moderator, Host Rep

    Condoms

  • Hetzner_OLHetzner_OL Member, Top Host

    Jord said: Did someone mention Hetzner?

    Are you filling in for @eol? ;) --Katie

Sign In or Register to comment.