When you’re just starting up your first digital product or setting up the digital identity of your enterprise over the internet, Leaving loopholes on dedicated server security aspects can end up ruining your online reputation.
In this post, We have shared some useful tips to keep your dedicated server secure from hacks. FYI, This article contains the techniques from an Engineer with more than a decade of sysadmin experience. Hope this will help you to keep your server safe from intruders.
Come on folks, let us dive into the contents.
1. SSH Key-based Authentication
A lot of people have a VPS or Dedicated Server nowadays. Ranging from bloggers to large scale e-commerce platforms have a server but almost everyone uses password-based authentication.
When you use password-based authentication for the root login of your server, There are many chances that a potential hacker uses a bot to randomize the password and tries to mass brute force your server.
If your server shows this whenever you log in “There were 100000 failed login attempts since your last login”, You’re being brute force attacked.
So we strongly suggest anyone use only key-based authentication with your VPS servers and Dedicated Server and block the access with a password.
If you do so, you can easily log in to your server as a Root user easily with the private key and at the same time, no one except you can SSH the server.
2. Use Private Networks (or Private VPN)
In 2019, A lot of people have already started using VPN. But, we didn’t mean any of the commercial VPN you thought.
What we suggest you do is, create your own Private VPN server using an open-source VPN application like OpenVPN. Once you setup one, Block access to your server from all other IP addresses except the one IP you got with your VPS (which you have a VPN installed with)
Now onwards, use your private VPN to connect to your servers.
Even though this takes a little cost to set up and maintain the VPN server, it is completely worth it. The level of security you can expect with this sort of setup will be just extraordinary.
If you find creating your own VPN a dreadful task, you could also use any commercial VPNs with a dedicated IP address. But when you go with a commercial VPS provider, do mind that, if your VPN provider changes your static IP all out of sudden for whatever reason, you won’t be able to access your server. So, exercise severe caution when opting for a ready to go commercial VPN. At the end of the day, creating your own VPN server is easier and becomes a safer solution. Anyhow, the option is yours now. Take your time, and decide the best for you. For now, let us jump to the next section.
3. Allow only necessary ports
We strongly recommend you to create your firewall on your server and block all unwanted requests.
Like to say, If you’re having PHP and MySQL on the same server and you’re not going to use your MySQL from any external servers but only through the PHP on your server, block MySQL for the outside world by blocking the connection to the port 3306.
When you do this, no application from the external world can access your databases. The same applies to mail port, etc.,
4. Use a Third-Party AV
When you’re running a Web hosting company or if you own a small scale Web hosting setup on your own for your client’s hosting purposes, there’s no wrong in using an external Security service.
That too, when you’re a Web hosting provider or when you take responsibility for hosting multiple client apps and websites, you gotta have your server very secure. And that’s because you’ll have 1000s of users on a server and they all will be tried to be hacked by hackers. So 1000x the severity is.
When you use an application like Imunify360, you can lead a peaceful life as it will get all your server security-related kinds of stuff managed by itself though you can monitor it manually if needed.
These days, hackers are evolving and they tend to introduce new sorts of attacks each and every day. We’ll update whatever new methods we get to know about – That’s being said, bookmark this page if you need any reference in the future.