How do I stop hackers from getting into my server?
Notice: If you have our Fully Managed Support all of this will be done for you by one of our administrators. Simply open a ticket and they will start work right away.
There is an entire industry on server hardening and there are dozens of things you can do to get this process done. We will list each thing you should do and some other things we suggest doing. It is really important to take these steps to heart since if your server does get compromised it will be taken offline for several days and we don't want that to happen.
- Most importantly, Be Smart!
- When we say be smart that means:
- don't install programs that you aren't sure about. If you don't know with 100% surety that it is safe don't install it since any installed program, if malicious can cause your server to be suspended.
- DO NOT give your root password to ANYONE, friends, family, and even our staff!. You are giving them full control of your server. The only time staff will ask for a login will be if YOU have specifically asked us in a support ticket to log in and take care of an issue. We will never under any circumstance ask you to give us a login unless you're in a ticket. If you've done your hardening correctly the only way in will be if someone gets your password/keys.
- Harden SSH.
- There are thousands if not millions of infected servers on the Internet and most of them got that way by having their SSH compromised. There is no native brute force protection when it comes to SSH so an automated process can be set up that makes thousands of attempts to get into the SSH details until they finally do. We suggest you follow these steps to prevent your server from also being compromised and shut down. There's lots of options so google the exact settings you'll want to change and there is lots of help online. Below is a list of things we highly suggest you change at the minimum.
- Make sure your root password is complex. - Something like 18gBS83v21-vd83s3x@1f is better than something like password72
- Change your SSHD port to something besides the default 22
- Disable root's login permissions. Instead use a username and then sudo in.
- Consider using SSH keys so that people can't log in with passwords.
- Install some type of brute force protection for SSH.
- Setup IPTABLES (firewall) or use a firewall manager
- Almost everyone knows what a firewall is and IPTABLES is what Linux uses for firewalls. You can see the different commands for IPTABLES by googling online or typing
man iptables we highly suggest getting to know some of the firewall management options out there like CSF or APF we personally would suggest CSF. Having a Firewall manager has a lot of other benefits like being able to stop automated attackers, block people that get too many login failures and other things like that.
- Set up a forwarding email so you can know when attacks are happening
- Setting up a forwarding email for your server is pretty simple and if you have a firewall manager installed then you'll get an email each time someone logs into SSH, blocks, and other important emails. You can usually doing it by making a file called ".forward" in your /root folder with an email address in it. You should then automatically start getting emails from your server. This requires a mail server to actually get any mail (read below)
- Enable System Logging
- By Default your VPS has a minimal installation meaning it doesn't have some crucial logging installed. Make sure you install the binaries needed to enable system logging that way when an issue does pop up you can know what caused it and prevent it from happening again. Be warned though, logging can take up quite a bit of space after some time so make sure you keep an eye on rotated log files and if you need to keep them.
Additional Suggested Options
- Get the DDoS customization addon and block all attacks before they reach your server
- All TserverHQ customers have DDOS protection by default but to block other attacks besides DDoS you'll need to make sure you have a system in place like our above mentioned CSF firewall manager. The problem is that once that attack has reached your server if the software installed on it can't filter it fast enough your server will still have some downtime until the software can catch up. To prevent that bad traffic from getting to your server you can have us install a firewall in the layer above your server that will block all ports and traffic except for the ones that you allow through.
- Make sure you run any programs as a user not root
- Running programs or even logging in as root is dangerous. The reason why is because root is the absolute power on your server. If a program like TeamSpeak gets compromised somehow and they somehow hijack the process then instead of just having access to the TeamSpeak they will then have access to your entire server if running as root!
- Install a mail server so that system emails can be sent to your forwarding email.
- It isn't required but having emails sent to you is the best way to know what happened in an emergency. If your server is not responding for some reason and you don't know why usually an email may have been sent to you with a description of what might have caused it beforehand. If your server is not responding you wouldn't know this because you wouldn't be able to log in.