{"id":36262,"date":"2022-06-29T14:14:38","date_gmt":"2022-06-29T06:14:38","guid":{"rendered":"https:\/\/www.casbay.com\/blog\/?p=36262"},"modified":"2022-09-22T17:14:34","modified_gmt":"2022-09-22T09:14:34","slug":"15-security-tips-for-linux-vps-hosting","status":"publish","type":"post","link":"https:\/\/www.casbay.com\/blog\/vps-hosting\/15-security-tips-for-linux-vps-hosting","title":{"rendered":"15 Security Tips for Linux VPS Hosting"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"security\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Can Linux VPS Be Hacked? Is it Secure?\u00a0<\/h2>

Yes, VPS\u00a0may well be\u00a0hacked. Given enough time and dedication, any server\u00a0may be\u00a0hacked, including virtual machines, even with security controls\u00a0in situ. No system is ever 100% risk-free, but administrators can reduce risk to\u00a0all-time low\u00a0possible level to avoid threats and stop attacks. The Linux\u00a0software package\u00a0is usually\u00a0secure, but vulnerabilities are introduced when users misconfigure the system, add vulnerable software, leave applications unpatched, or download and install malware locally.\u00a0because the\u00a0system changes,\u00a0the chance\u00a0also increases or decreases\u00a0looking on\u00a0what was changed.<\/p>

Sophisticated malware can affect over\u00a0just the local machine. It can sometimes traverse the network from the hosted server, and it can occasionally affect other systems. If any sensitive data is stored on the local server,\u00a0it might\u00a0be exposed\u00a0and therefore the\u00a0host\u00a0may well be\u00a0the victim of\u00a0an information\u00a0breach. Even without traversing the network, malware affects the local virtual machine instance.

The virtual machine instance hosts the customer\u2019s website, so\u00a0whether or not\u00a0malware\u00a0doesn’t\u00a0affect other customers on the server, it does affect the local instance\u2019s hosted applications. Should a customer keep sensitive information on the server, it\u00a0may be\u00a0disclosed to attackers if the hosted site\u00a0isn’t\u00a0secure.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

How to Secure a VPS?<\/h2>

There are several steps to secure VPS hosting. While hosting providers rely somewhat on the customers protecting their site, administrators can still configure and install software that will better secure a VPS. Customers hosting their sites on VPS can also take steps to secure their sites and services.\u00a0<\/p>

1.Choose a Hosting Provider That Takes Security Seriously<\/strong><\/p>

Customers rely on web hosts to keep infrastructure secure. Not every web hosting provider treats security equally. To keep a website secure, customers should choose their web host wisely. For example, Interserver.net has proven to focus on security of their customer sites.\u00a0Interserver.net<\/a>\u00a0is a US-based hosting service with a good reputation for quality service at an affordable price. They have two datacenters on the east and west coast of the US to service their thousands of customers ranging from small individual site owners to Fortune 500s.<\/p>

2.Change the SSH Default Port<\/strong><\/p>

SSH is necessary for remote access to a server, and it\u2019s installed with the default port 22. Attackers scan servers for open ports such as 22 to gain remote access to SSH. After detecting SSH on port 22, an attacker might launch a brute-force attack to obtain remote access to the server by guessing the root user\u2019s credentials.<\/p>

To combat this attack, the SSH port can be moved to an alternative one. When SSH runs on an alternative port, any automated scans will show nothing for port 22. To change the port, the following file must be updated (we\u2019ll change this file in other tips, so keep this file open):<\/p>

\/etc\/ssh\/sshd_config<\/p>

Before you edit the file, make sure that the port is not used by another service, or you will have a conflict and both services will not run properly.<\/p>

3.Monitor Server Logs<\/strong><\/p>

Both host administrators and website owners should have monitoring enabled. Monitoring servers requires logging specific events such as authentication failures (and possibly successes), failed uploads, errors, and other common threats. These logs can then be used in analysis and reports that can give administrators detailed information and insights into activity happening on the server. Logs can tell administrators of an ongoing attack or a compromise.<\/p>

Host administrators can monitor activity on their servers to ensure that customer sites are secure, but website owners should also monitor their own sites. The sooner a compromise is contained, the smaller the window of opportunity for an attacker to exfiltrate data.<\/p>

4.Disable Unused Ports<\/strong><\/p>

Linux installs with several ports open. Some are necessary for certain applications, and others are unnecessary. For example, port 80 is often opened for web applications, but it\u2019s possible that you will not need this port open. Leaving unused ports open increases the server\u2019s attack surface, so best practices suggest that they should be disabled.<\/p>

You can identify open ports using the netstat command. You can then use firewall settings or edit open ports using the iptables command. First, use netstat to view open ports:<\/p>

netstat -a<\/p>

For example, suppose that you want to drop port 22. Netstat will confirm that port 22 is open. After you confirm, type the following command to drop port 22 and therefore block it from being used:<\/p>

iptables -I INPUT -p tcp \u2013dport 22 -j DROP<\/p>

5.Use GnuPG Encryption<\/strong><\/p>

Any data transferred over the internet is vulnerable to eavesdropping. Websites use HTTPS to encrypt data between customers and websites, but other data could be intercepted – such as credentials sent to server services or files transferred over FTP. To overcome this issue, asynchronous encryption is used to encrypt data with a public key that can then be decrypted only with the recipient\u2019s private key.<\/p>

The GnuPG application will let administrators and site owners transfer data using asynchronous encryption. The public key generated can be used by any third-party to send encrypted data to the site owner or administrators, and the private key is used to decrypt it. Because the private key is used to decrypt data, it should be secured and never disclosed to a third party.<\/p>

6.Implement a Strong Password Policy<\/strong><\/p>

A password policy is always necessary for any user with access to network resources. Users often use weak passwords that can be easily guessed using brute-force attacks. A password policy enforces length and complexity requirements when any password is generated, including new passwords when users are forced to change them and password resets.<\/p>

Generally, passwords should:<\/p>