LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Increasing Security on Your Linux VPS

Tags: , , Date/Time: September 28, 2020 @ 12:00 am, by Jon Biloh

Increasing Security on Your Linux VPSThe internet is the source of income for millions of people, and it could be considered one of the best creations of technology. However, with time, the internet has become vulnerable to security threats. Thus, your Linux VPS is also susceptible to these risks, as it is hosted on the internet.

Your VPS can contain sensitive data of yourself or your customers. Moreover, the virtual private server could be essential to your business. Thus, it is of immense importance to secure it and protect it against the vulnerabilities.

In this article, we have compiled three simple steps that you can do to better the security of your Linux VPS immediately. These are just starting points that every VPS owner should consider adopting – we will be introducing more tutorials which will cover more in-depth security tutorials.

  1. Change SSH port number

By default on most VPS’s, the SSH server listens to port 22 on TCP. However, we can change this port to increase the security of our VPS.

You can check your current SSH port with the following command:

“netstat -tulnp | grep ssh”

To change the port number on most operating systems, open the file “/etc/ssh/sshd_config”. Then look for the line “#Port 22”, remove the “#” and change “22” with any desired port number. For example, change the line to “Port 11000”.

Now, you need to restart the SSH server to apply the changes. Run this command:

“systemctl restart sshd”

IMPORTANT: If you are running a firewall such as iptables rules or CSF, be sure to allow the custom SSH port.

  1. Set up a firewall

A firewall is an essential while setting up a VPS. It allows you to accept traffic only from specific ports while rejecting all other traffic.

This makes sure that all unused ports are not vulnerable to malware and insecure traffic. This prevents security breaches while also increasing the efficiency of your server.

One such firewall is ConfigServer Firewall or CSF. It readily improves your server’s security and comes with an easy to use interface. It rejects all traffic except useful connections such as emails, FTP, SMTP, and critical websites. You can learn more about ConfigServer Firewall here: https://www.configserver.com/cp/csf.html

  1. Install Fail2Ban

Fail2Ban is an intrusion prevention system. It is based on Python and keeps track of all traffic to detect any unusual activity, such as extensive login attempts. Fail2Ban will also stop accepting traffic from the attacker’s IP address after a predefined time.

Fail2Ban will secure your Linux VPS against threats such as brute force attacks and DDoS. 

What other security steps do you take on your VPS? Please share in the comments section below!

I'm Jon Biloh and I own LowEndBox and LowEndTalk. I've spent my nearly 20 year career in IT building companies and now I'm excited to focus on building and enhancing the community at LowEndBox and LowEndTalk.

5 Comments

  1. Jarry:

    Changing ssh-server port is topic for endless discussion. Even though some call it “security through obscurity”, I’d say it actually has very little to do with security. Determined attacker can find ssh-port anyway. IMHO if you disable root-login and password-login, it will secure ssh-server much more, than moving it to different port…

    September 28, 2020 @ 4:10 am | Reply
    • Thanh Le:

      totally agreed. Disable root-remote-login and changing ssh port help decreasing the amount of data go to btmp log every day.

      September 28, 2020 @ 11:22 am | Reply
    • Adrian:

      Completely agree with above comment. Changing port number isn’t completely pointless as it can stop the endless thousands of bot hits but doesn’t do much more than that. Securely configuring SSHD to use ssh keys and not allow password logins provides far more security and should be one of the first steps in configuring a new VPS.

      September 28, 2020 @ 6:47 pm | Reply
  2. Thanh:

    I used the command ‘sudo lsof -ai -p “$pid”‘ and found alot of processes, below. Has my VPS been hacked?

     
    sshd     1762     root    3u  IPv4  30045      0t0  TCP iz11-22.oxlookmail.com:ssh->192-210-165-38-host.colocrossing.com:34144 (ESTABLISHED)
    sshd     1786      lnt    3u  IPv4  30045      0t0  TCP iz11-22.oxlookmail.com:ssh->192-210-165-38-host.colocrossing.com:34144 (ESTABLISHED)
    sshd     1795     root    3u  IPv4  30407      0t0  TCP iz11-22.oxlookmail.com:ssh->89.236.239.25.static.ip.tps.uz:48810 (ESTABLISHED)
    sshd     1798     sshd    3u  IPv4  30407      0t0  TCP iz11-22.oxlookmail.com:ssh->89.236.239.25.static.ip.tps.uz:48810 (ESTABLISHED)
    sshd     1833     root    3u  IPv4  32007      0t0  TCP iz11-22.oxlookmail.com:ssh->223-197-193-131.static.imsbiz.com:37915 (ESTABLISHED)
    sshd     1834     sshd    3u  IPv4  32007      0t0  TCP iz11-22.oxlookmail.com:ssh->223-197-193-131.static.imsbiz.com:37915 (ESTABLISHED)
    sshd     1835     root    3u  IPv4  32038      0t0  TCP iz11-22.oxlookmail.com:ssh->158.40.73.34.bc.googleusercontent.com:34870 (ESTABLISHED)
    sshd     1836     root    3u  IPv4  32072      0t0  TCP iz11-22.oxlookmail.com:ssh->40.68.226.166:50236 (ESTABLISHED)
    sshd     1837     sshd    3u  IPv4  32038      0t0  TCP iz11-22.oxlookmail.com:ssh->158.40.73.34.bc.googleusercontent.com:34870 (ESTABLISHED)
    sshd     1838     root    3u  IPv4  32079      0t0  TCP iz11-22.oxlookmail.com:ssh->178.62.118.53:43282 (ESTABLISHED)
    sshd     1839     sshd    3u  IPv4  32072      0t0  TCP iz11-22.oxlookmail.com:ssh->40.68.226.166:50236 (ESTABLISHED)
    sshd     1840     sshd    3u  IPv4  32079      0t0  TCP iz11-22.oxlookmail.com:ssh->178.62.118.53:43282 (ESTABLISHED)
    sshd     1842     root    3u  IPv4  32105      0t0  TCP iz11-22.oxlookmail.com:ssh->120.195.65.124:26076 (ESTABLISHED)
    sshd     1843     root    3u  IPv4  32141      0t0  TCP iz11-22.oxlookmail.com:ssh->vps-04b8ae86.vps.ovh.net:52032 (ESTABLISHED)
    sshd     1844     sshd    3u  IPv4  32141      0t0  TCP iz11-22.oxlookmail.com:ssh->vps-04b8ae86.vps.ovh.net:52032 (ESTABLISHED)
    sshd     1845     sshd    3u  IPv4  32105      0t0  TCP iz11-22.oxlookmail.com:ssh->120.195.65.124:26076 (ESTABLISHED)
    
    September 30, 2020 @ 4:53 pm | Reply
    • Ole:

      Yes, looks like your server has been compromised. Run the command ‘last’ to check last successful login.

      October 3, 2020 @ 4:31 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *