Latest Article

Casbay News

Promotions

Casbay Events

Tips Sharing

aaa

Stay tuned with us

15 Security Tips for Linux VPS Hosting

security linux vps

Can Linux VPS Be Hacked? Is it Secure? 

Yes, VPS may well be hacked. Given enough time and dedication, any server may be hacked, including virtual machines, even with security controls in situ. No system is ever 100% risk-free, but administrators can reduce risk to all-time low possible level to avoid threats and stop attacks. The Linux software package is usually secure, but vulnerabilities are introduced when users misconfigure the system, add vulnerable software, leave applications unpatched, or download and install malware locally. because the system changes, the chance also increases or decreases looking on what was changed.

Sophisticated malware can affect over just the local machine. It can sometimes traverse the network from the hosted server, and it can occasionally affect other systems. If any sensitive data is stored on the local server, it might be exposed and therefore the host may well be the victim of an information breach. Even without traversing the network, malware affects the local virtual machine instance.

The virtual machine instance hosts the customer’s website, so whether or not malware doesn’t affect other customers on the server, it does affect the local instance’s hosted applications. Should a customer keep sensitive information on the server, it may be disclosed to attackers if the hosted site isn’t secure.

How to Secure a VPS?

There are several steps to secure VPS hosting. While hosting providers rely somewhat on the customers protecting their site, administrators can still configure and install software that will better secure a VPS. Customers hosting their sites on VPS can also take steps to secure their sites and services. 

1.Choose a Hosting Provider That Takes Security Seriously

Customers rely on web hosts to keep infrastructure secure. Not every web hosting provider treats security equally. To keep a website secure, customers should choose their web host wisely. For example, Interserver.net has proven to focus on security of their customer sites. Interserver.net is a US-based hosting service with a good reputation for quality service at an affordable price. They have two datacenters on the east and west coast of the US to service their thousands of customers ranging from small individual site owners to Fortune 500s.

2.Change the SSH Default Port

SSH is necessary for remote access to a server, and it’s installed with the default port 22. Attackers scan servers for open ports such as 22 to gain remote access to SSH. After detecting SSH on port 22, an attacker might launch a brute-force attack to obtain remote access to the server by guessing the root user’s credentials.

To combat this attack, the SSH port can be moved to an alternative one. When SSH runs on an alternative port, any automated scans will show nothing for port 22. To change the port, the following file must be updated (we’ll change this file in other tips, so keep this file open):

/etc/ssh/sshd_config

Before you edit the file, make sure that the port is not used by another service, or you will have a conflict and both services will not run properly.

3.Monitor Server Logs

Both host administrators and website owners should have monitoring enabled. Monitoring servers requires logging specific events such as authentication failures (and possibly successes), failed uploads, errors, and other common threats. These logs can then be used in analysis and reports that can give administrators detailed information and insights into activity happening on the server. Logs can tell administrators of an ongoing attack or a compromise.

Host administrators can monitor activity on their servers to ensure that customer sites are secure, but website owners should also monitor their own sites. The sooner a compromise is contained, the smaller the window of opportunity for an attacker to exfiltrate data.

4.Disable Unused Ports

Linux installs with several ports open. Some are necessary for certain applications, and others are unnecessary. For example, port 80 is often opened for web applications, but it’s possible that you will not need this port open. Leaving unused ports open increases the server’s attack surface, so best practices suggest that they should be disabled.

You can identify open ports using the netstat command. You can then use firewall settings or edit open ports using the iptables command. First, use netstat to view open ports:

netstat -a

For example, suppose that you want to drop port 22. Netstat will confirm that port 22 is open. After you confirm, type the following command to drop port 22 and therefore block it from being used:

iptables -I INPUT -p tcp –dport 22 -j DROP

5.Use GnuPG Encryption

Any data transferred over the internet is vulnerable to eavesdropping. Websites use HTTPS to encrypt data between customers and websites, but other data could be intercepted – such as credentials sent to server services or files transferred over FTP. To overcome this issue, asynchronous encryption is used to encrypt data with a public key that can then be decrypted only with the recipient’s private key.

The GnuPG application will let administrators and site owners transfer data using asynchronous encryption. The public key generated can be used by any third-party to send encrypted data to the site owner or administrators, and the private key is used to decrypt it. Because the private key is used to decrypt data, it should be secured and never disclosed to a third party.

6.Implement a Strong Password Policy

A password policy is always necessary for any user with access to network resources. Users often use weak passwords that can be easily guessed using brute-force attacks. A password policy enforces length and complexity requirements when any password is generated, including new passwords when users are forced to change them and password resets.

Generally, passwords should:

  • Contain at least 10 characters, and 12 characters for access to highly sensitive data.
  • Contain at least 1 numeric character.
  • Contain at least 1 special character.
  • Contain uppercase and lowercase letters.

7.Use Disk Partitioning

Attackers that can run executables on the operating system can tamper with its operations and functions and eavesdrop on data. To gain access to the operating system, an attacker can use the /tmp and /var/tmp user directories to upload malicious files and execute them. You can separate the operating system from user file partitions to add security to the server.

To separate the two, you use the noexec (no execution of binaries) and nosuid (do not allow set-user-identifier or set-group-identifier) option to mount the two partitions securely:

# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp 

# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp

8.Use SFTP

Secure FTP adds encryption to file transfers uploaded to the server. All data transferred over FTP is in cleartext, but SFTP is “FTP over SSH,” adding encryption to file transfers. Some site owners might be tempted to use FTPS, but FTPS only encrypts credentials sent to authenticated into the server. SFTP encrypts both credentials and the files being transferred.

9.Keep the Operating System Patched and Updated

The Linux operating system was created with security in mind, but occasionally issues are found that must be patched. When patches are necessary, the vendor for your distribution will release an update. In some cases, the vulnerability discovered is considered critical. When the vulnerability is critical, it’s important that administrators update the operating system immediately because the exploit could open the server to a compromise.

The longer the operating system is left unpatched, the longer the window of opportunity for attackers will remain open. Administrators will often set aside a set schedule for server updates, but delayed updates leave the server open to exploits until patches are installed.

10.Prevent Anonymous FTP Uploads

If you allow anonymous FTP uploads to your Linux server, it’s highly likely that your server will become a silo for illegal software or other inappropriate content. It could host malware that could later affect the rest of the virtual machine. Instead of leaving the FTP server open to anonymous uploads, it should be disabled so that only approved users can upload to FTP.

To disable anonymous access, open the following file:

/etc/vsftpd/vsftpd.conf

Edit the anonymous access configuration by changing it to the following:

anonymous_enabled=NO

11.Install a Rootkit Scanner

Rootkits are one of the most dangerous malware applications. They could give the attacker control over the server, run other malware on the operating system, or disable any antivirus applications. To stop rootkits or detect them should they compromise the server, a rootkit scanner such as chrootkit can be installed to stop them.

Removing rootkits is much more difficult than standard malware, because it integrates with the operating system and can go undetected by standard anti-malware services. For sophisticated rootkits, it might be necessary to reinstall the operating system. For this reason, it’s important to use anti-malware applications that detect and stop them.

12.Disable root Logins

Every VPS is created with the root account, which contains the highest level of privileges on the system. Hackers know that many administrators leave root enabled and use the account to configure the server. In the interest of security, the root account should be disabled and another user account created with root privileges. This strategy secures the server from brute-force attacks against the root account.

Before disabling root, create a user account with elevated privileges, then open the following file:

/etc/ssh/sshd_config

Change the root login parameter to the following:

PermitRootLogin=no

Please restart the sshd service after making this change.

13.Keep Software Updated

You know that the operating system should stay updated, but don’t forget the other software running on the server. Common vulnerabilities are logged in the CVE database, but you must stay aware of the latest updates and patches addressing security issues involving the software installed on the system.

Software vendors release updates and identify the bugs and vulnerabilities addressed for each patch. You could manually update software and check for updates every day, or you can let Imunify360 automatically update and patch software so that it’s done for you. By keeping software updated in a timely manner, it reduces the opportunity for attackers to exploit a common vulnerability.

14.Always Create and Safely Store Backups

Backups are essential should your system be compromised beyond repair or any data is corrupted and must be restored. For example, if the operating system suffers from a rootkit compromise, instead of reinstalling the operating system, you can restore from a backup. With a VPS, you can back up the entire VPS instance and restore it should you need to.

You should keep backups secure and have a retention plan to keep backup files for a specific amount of time before you delete or archive them. At least one backup should be offsite in case the host experiences any downtime.

15.Install Full Server Protection

Securing a server and continuously monitoring it can take a big portion of your day, which is why many business owners hosting on VPS do not have the time to properly maintain server software and resources. Instead of spending time reviewing multiple reports, scanning servers manually, and removing any malware, allow Imunify360 with Linux malware scanner and Proactive Defense to monitor and remove malware for you.

While this list is not exhaustive, it starts VPS administrators off on the right path towards securing their server. Losing data and time costs thousands of dollars in lost revenue and brand reputation damage. With Imunify360 and the right server configurations, any site hosted on a VPS will be more secure, monitored for any strange activity, and in many cases automatically cleaned without any administrator hassles.

Take your web hosting security to the next level with Imunify360 security suite. Imunify360 is a complete security suite with all components working together to keep your servers safe and running while you could focus on other business tasks. Imunify360 is a synergy of Antivirus, Firewall, WAF, PHP Security Layer, Patch Management, Domain Reputation with easy UI and advanced automation. Try Imunify360 free for 14 days and see results in just one week.