Are you planning to purchase VPS hosting?
Or do you already have one?
Whatever the case be, but securing your VPS is a vital part because you are hosting your website on it. As you know your website works for you 24/7 so, it is your responsibility to take its care.
Your VPS hosting provider ensures that you are safe, but still, from your side, you must consider some parameters that ensure everything is secured.
Here are few tips to secure your VPS hosting as per the popular control panels and those are cPanel and Plesk.
Tips for securing both cPanel and Plesk :
1) Use Long Password
The common belief of having a strong password is incorporating special characters to it. But, this isn’t enough as the software can easily guess such passwords. Thus, you must have a long password to make it a strong one. For example, a password as thewebhostingforresellerusers is more difficult for an automated tool in the software to guess or to crack than a password as w#bho3sting.
2) Patch Your Software
Both cPanel and Plesk provide utilities that allow you to update software within their web interface, or if you want you can easily do it via SSH at any time. This ensures that you have the latest performance patches along with the latest security fixes that lead to a more secure server. This saves your server from spam botnet.
3) Security Advisor
Both cPanel and Plesk are incorporated with a Security Advisor tool that provides you quick wins to help you get secured. These incorporate essential things like the use of extra firewall tools, encrypting SSL certificate, and checking the regular server updates.
Essential Tips for cPanel are :
1. CSF (ConfigServer Firewall)
CSF is an outstanding addon for your cPanel servers, which makes the administration work of your firewall very easy. Also, it helps you to manage tasks like IP blocking, whitelisting server-wide and brute force protection. If you seek help to install this addon contact our support team and they will do it for you without any hesitation.
CPHulk is a protection tool that comes with cPanel and protects all important system services like email, cPanel, WHM and SSH.
Do check out the documentation for CPHulk.
Essential tips for Plesk are :
You can install a great addon called Fail2Ban on your Plesk. It monitors log files for system services such as SSH, email, Plesk Logins, etc. This is required for the Plesk users, in-order to keep your customers or end-users safe.
2. Keep Things Updated
Plesk doesn’t apply patches automatically. Instead, you receive a message in Plesk when you log in and it lets you know about the updates that are available, and you need to install them manually. This process needs to be done on a regular basis in-order to ensure that you have the latest security patches for your system packages and Plesk. Plesk comes with a great update tool with the Tools & Settings section of the Plesk interface, or you can also run the Plesk installer over SSH.
Let’s now see how you can secure VPS according to your operating systems.
You must be aware of the risks and tradeoffs so as to maintain a balance between usability and security. This is a great way for you to explore and leverage the power and flexibility of the Linux platform.
1. Use the only SSH while you log in to your server
Using SSH(Secure Shell) is the most secure way to login into a remote server. It is a cryptographic network protocol for network services that offer you an out-most level of encryption. It allows you to direct insure traffic (that comes to your server ) via a secure connection. Secure network connection allows you to take advantage of X-forwarding and running graphics applications remotely.
2. Deactivate the root account
It is an essential step to disable the root login option. Instead of using root access, you can take advantage of pseudo access.
You must also create unique user accounts for every single user and service on your Linux VPS. Provide each of them the permissions needed to do their job.
Everything else like permission and privileges should be inaccessible to them. This will eliminate the chances of involuntary mistakes, that harm your server’s overall security.
Along with that, also disable all the unnecessary user accounts. You can do this, at the time when you install any new software or when you find out that a user no longer needs access to your system.
3. Download software only for official channels
Download the software only if you are well familiar with its source. Otherwise, it might risk your Linux VPS.
4. Avoid unnecessary services
Owning your own VPS server allows you to use various services on a single machine. Hence, we strongly recommend you to install and run only those services that you actually need. The reason is, services are offered by the third party which has the potential to carry a threat to your server. So always check the active services on your server by Present-day Linux distribution service.
5. Configure permission settings
The broader your permission setting gets, the easier it becomes for you and your users to interact with your website. However, very broad permissions are not secure and hence, setting permission task is very tricky. So, you need to find the right balance that will allow your sites and apps to function, without any risk of security. For this implement a balanced unmask i.e. default permission for each new file and or directory policy. Create adequate defaults for it. File permission should be relevant to your specific needs and usage, so set up file permissions as few as possible. The fewer file permissions are better for your overall Linux VPS security.
Follow the guidelines to secure your Windows VPS hosting or Windows 2012/2016 Cloud VM before you make it available to the public :
1. Intrusion Detection System (IDS)
IDS acts like an alarm for your Windows VPS by keeping a record of the files that have been changed with their time and also alerts you of anything new or altered. Use IDS to save your server from the threats created by hackers those usually try to replace binary applications.
2. Use Bastion Host
A bastion host is a special purpose computer available on the network that is specially designed and configured to withstand against attacks. Bastion host limits the direct access to your server from the public network and also minimizes the chances of penetration.
3. Enable BitLocker for server drive encryption
Enabling BitLocker for server drive encryption provides security to your information. Also, it protects your Windows VPS from offline attacks and protects your data if hacker boots from any alternate operating system, because it requires administrator privileges on the server to install.
4. Use alternate ports for common services
Do you know, default ports for privileged services like RDP, SQL Server are used to break into your server?
Hence, you should change the ports to your common ports to avoid such attempts. This reduces the chance of having any services remotely hacked. Also, it secures your Terminal Server or Remote Desktop Server. Anyone who attempts to connect to alternate ports is blocked entirely for a specific span of time.
5. Remove unwanted protocols
Audit the services running on your server and disable all the unnecessary services and their bindings in order to reduce the threat attacks. Instead, you can use a port binding that involves specific information configurations to find out where and how messages are transmitted and delivered within the network. This helps you to keep the track record of unknown activities on your server.
Security is an essential parameter when your business is set up online. Leaving server open is like giving an open invitation to the hackers. We shall never risk our and our customer’s personal and private information and to achieve this we need to secure our VPSs. All the steps mentioned help you to secure your VPS from common attacks and problems.
Tell us about your tips in the comment section that you use to protect your VPS.