Having your own server is great – whether for business or for personal use, it gives you much more freedom to do things the way you want it. But unless you go with a managed hosting service, where the datacenter or hosting company takes care of your server for you (including hardware and software maintenance), you will need to learn how to manage everything. [Load Balancing Servers]
The most important thing is security – the Internet is pretty much today’s battleground, and there are plenty of unsavory people out there who would love to have access to your data and your hardware. There’s big money in it, too, which makes things worse – which is why it is paramount that you secure a server before going live.
There are a lot of things that you need to take care of when it comes to securing a server, but if you’re starting out, it can get pretty overwhelming fast. That is why I created a checklist of things you absolutely must do before launching a server – it will take care of most security problems that you may run into, so it would be wise if you implemented it right away. [Guide on WordPress Hosting]
The single most important thing for security in any digital environment is a strong password – it is the first (and often last) defense against any attacks, and it’s quite surprising how many people still don’t understand that.
You need to use strong passwords everywhere – for your account, for your root account if you have it activated, for MySQL databases (and especially the root account!) – basically, for everything. Any other measures are worthless if you have a weak password that can be guessed or brute forced.
The best way to go is to use a random password generator like KeePass – it will create very strong passwords that are nearly impossible to crack, and stores your passwords database/list in an encrypted file – this is probably the only password that you need to remember. KeePass works on all platforms, so you’ll have no trouble logging in from anywhere. [How to Set Up Password less Login – WP Guide]
Permissions are very important – they define who can access and modify directories/files on a Linux system, so you need to make sure that they’re reduced to the owner and group that created them. This is usually taken care of by the control panel, so it’s recommended that you use one and do everything through it if you don’t want to worry about file permissions. CPanel and Plesk are the most popular, but there are plenty of alternatives, like ISPConfig, Virtualmin and VestaCP, all of which are free.
The firewall is a must have for any server – if you don’t use it, all of your applications and ports will be exposed to the world and you’d have no way of restricting their usage. This is why it’s very important to activate and configure it before going live. A basic configuration would entail blocking all the ports from communicating with the outside world, and excluding the HTTP, SSH, FTP, POP/IMAP, SMTP and other ports that you will use.
This way, you’ll have no potential openings for an outside attack. The firewall can even be configured to block DDoS attacks (by blocking offending IP addresses), although if you’re under a serious ongoing DDoS attack, that will not help much – you’ll need a more reliable hardware solution. But for basic security against probes and hackers, it is more than enough.
Brute force attacks are quite widespread nowadays – they’re completely automated, with a probe that finds your open ports and login URLs, which then passes this information to a brute force software that tries every password combination they can come up with (often from a dictionary, less often by a random algorithm).
If you use strong passwords, these attacks are highly unlikely to be successful, but they’re still a drain on your system resources, since every attempt creates a new connection to your server. Fortunately, you can easily block them using specialized software like Fail2Ban, which limits the number of attempts to login and blocks the offending IP (either for a limited time, or forever).
It’s pretty easy to install and configure Fail2Ban to protect your SSH, MySQL, FTP ports, as well as login pages for any CMS like WordPress, Drupal and Ghost. Just don’t forget to exclude your IP, or set a reasonably high number of retries (7-10 should be enough), so you don’t accidentally block yourself out of your own system.
If your server somehow got compromised, there is still hope – you can use rootkit and malware scanners to keep you informed of any successful hacks, as well as remove the affected files. RKHunter and Linux Malware Detect work well together, scanning for pretty much every known malware for Linux. You can automate their jobs with cron, so you can run a scan and report every day.
This is just the basic list of things you should do to ensure your server is protected from malicious software and outside attacks – it should take care of 90% of your security concerns. The rest depends mostly on the software you use, so you’ll need to figure out the best ways to protect those small security spots yourself. Generally, just keeping everything up to date will be enough.
Image Source: FreePick.com