How to protect your server from hacker attacks
Protecting a virtual server (VPS) is a guarantee that it will work stably. The number of hackers and bots is not getting smaller. If you want to keep your data from being stolen, you need to take precautions.
In this article we give some simple recommendations that will protect the server. This is the base that many webmasters use. This set of methods should be used by everyone.
Set a strict password policy
Passwords are your first line of defense. The more complex it is, the less likely it is to be hacked. Create unique and long passwords, avoiding predictable words and simple sequences. Use a password manager to safely store and generate them.
Why it's important. Hackers use bruteforcing - automatically brute force passwords. The more complex your password, the longer it will take attackers to guess it.
Change the default SSH port
The default port for SSH connections is set to 22. This makes it the first port that bots check. By reassigning SSH to a non-standard port, you'll make it harder for automated scanners.
How to do it. Open the SSH configuration file (/etc/ssh/sshd_config) and change the Port 22 line to any other value. Don't forget to reboot SSH with the command:
sudo systemctl restart sshd
Use SSH keys instead of passwords
SSH keys are a cryptographic authentication method that eliminates the use of passwords. One key is stored on your device and another key is stored on the server. Without the private key, access is impossible.
Why is this necessary? Passwords can be guessed and SSH keys are virtually impossible to forge. This greatly increases the level of security.
Install Fail2ban to protect against bruteforce attacks
Fail2ban is a program that monitors server login attempts and automatically blocks IP addresses with suspicious activity. This helps to reduce the likelihood of a successful bruteforce.
How it works. Fail2ban monitors log files and blocks IP addresses after several failed login attempts, reducing the load on the server and increasing its security.
Set up a firewall to filter traffic
A firewall restricts access to the server and filters traffic. Use it to allow access to only the ports you need. For example, if you change the SSH port, leave it open and close the others.
On a VPS with Ubuntu, you can install ufw with the command:
sudo apt install ufw
And then activate:
sudo ufw enable
Automate system and application updates
Outdated software is the root cause of many hacks. Configuring automatic updates can help protect your server from known vulnerabilities.
How to do it.
Use the commands:
sudo apt update && sudo apt upgrade -y
Special scripts can be used for automation.
Keep logs and check them regularly
Logging actions on the server helps to detect suspicious activity. If someone is trying to break into the server, you'll notice it in the logs.
Install Logwatch to easily analyze logs and receive notifications of suspicious activity.
Limit access by IP
If you are connecting to the server from the same IP address, configure the firewall to accept connections only from that IP address. This will block all login attempts from other addresses.
In ufw, use the command:
sudo ufw allow from [IP-address] to any port [port]
Make regular backups
Backups allow you to quickly restore data in the event of an attack or failure. Set up regular backups of your files and databases.
Why it's important. If your server experiences a data breach or becomes infected, restoring from a backup will minimize losses.
Following these steps will help increase the security of your VPS. But you also need a solid VPS provider to be successful. This is where LikeVPS comes to the rescue:
- Large selection of tariffs from basic to professional.
- High speed and performance: NVMe drives on all tariffs for maximum data access speed.
- Variety of countries and hardware configurations: choose a server in the desired country.
- 24/7 tech support: LikeVPS team is ready to help with any question.
VPS from LikeVPS combined with security measures will protect your server and data from attacks.