Secure your VPS now! [with a How-to]
#1
Securing your VPS from FreeVPS is vital, there has been many occurrences of people's VPSs being hacked. That's the last thing you want happening to your VPS, so it's best to take steps to avoid it.

Passwords are everything.

The rule of thumb is don't use obvious passwords, or as the passwd command likes to tell you passwords based on a dictionary word are BAD PASSWORDS. Try not to make your passwords exceptionally short, or easily guessed like mark1, it wont take long for a bot to get into your VPS if you have a password like that. Try and make your passwords long, include capital letters and include punctuation to make it more complex and hence harder to crack. Also don't store your passwords in an obvious place that people can find!

Eliminate the possibility!

You can stop those bot's trying to log in by disabling root password authentication on your SSH client. I am assuming you're running sshd (default SSH daemon), open your favourite text editor and edit the /etc/ssh/ssh_config and uncomment the line PasswordAuthentication yes, and change it to PasswordAuthentication no. If the line does not exist, create it! To replace logging in with your root password you can either create another user to replace or use SSH keys (preferred).

To use SSH keys you may follow this guide which explains it all in detail.. http://www.cyberciti.biz/faq/ssh-password-less-login-with-dsa-publickey-authentication/.

A few more suggestions to secure your VPS are as follows:
It's best not to take these as gospel but it will certainly help.

Restrict MySQL.

If you run phpMyAdmin or something similar, make it accessible only by your IP. Also make sure you have MySQL limited to localhost and not external hosts.

Keep your OS updated.

Run yum -y update or apt-get -y update depending on your OS regularly to keep your system up to date, this will ensure you have the latest security fixes etc.

Install DenyHosts.

It can be used to specifically allow your own IP only. Simple.

http://www.cyberciti.biz/faq/block-ssh-attacks-with-denyhosts/ - Debian variants
http://www.cyberciti.biz/faq/rhel-linux-block-ssh-dictionary-brute-force-attacks/ - RHEL variants

Stop using FTP!

Why use FTP when you can use SFTP and it's built in with your SSH server?
"I like to put random quotes, to make myself look clever."
- WiseMannnn
#2
Wow. Nice job Infinity. This is very helpful! Quick question: why can't you stop the sshd service and use the console the provider gives you to enable it when it is needed?
Cody Maverak
#3
(03-03-2012, 08:30 AM)Cody_Maverak Wrote:  Wow. Nice job Infinity. This is very helpful! Quick question: why can't you stop the sshd service and use the console the provider gives you to enable it when it is needed?

Because that's impractical. You could do that if you really wanted. I personally wouldn't rely on that though, it tends to be slower too.
"I like to put random quotes, to make myself look clever."
- WiseMannnn
#4
From my experience, the console in the control panel of the provider is most of the times a big hassle to use... it often comes as a Java applet, which often doesn't connect to the server that provides the raw console access.
#5
Well SolusVM does give you SSH details (w. username, pass and port) but still..
"I like to put random quotes, to make myself look clever."
- WiseMannnn
#6
But I am saying that you turn off sshd through ssh, then turn it on in console and use ssh from there. That would stop any hackers
Cody Maverak
#7
I'm not getting you, turning it off and on in console or SSH is the same thing. They're both controlling the same container.
"I like to put random quotes, to make myself look clever."
- WiseMannnn
#8
Thanks for sharing.I have one question?if we have a vps for 1 year.how many time we have to update our vps or it depend our os.what kind os take less space?
hi everyone WinkCool l
[Image: coollogo_com-307182676.gif]
#9
But no one gets access through the console. So if ssh is off, hackers can't get into the VPS. Only you can access it...

idk, it just seems easier to me this way
Cody Maverak
#10
(03-03-2012, 08:43 AM)casper253 Wrote:  Thanks for sharing.I have one question?if we have a vps for 1 year.how many time we have to update our vps or it depend our os.what kind os take less space?

I'd say update it at least every month, but it's up to you. Debian takes up very little space although there must be lighter one's around and about.

(03-03-2012, 08:38 AM)Cody_Maverak Wrote:  then turn it on in console and use ssh from there

That just confused me, I think I know what you're getting at. I think you mean disable SSH and use the console soley instead which would work.
"I like to put random quotes, to make myself look clever."
- WiseMannnn


Forum Jump:


Users browsing this thread: 1 Guest(s)