An unsecured server is an open invitation for hackers. At Theory7, we see daily attempts to compromise servers through brute force attacks, exploits, and other methods. With the right security measures, you can block the vast majority of these attacks. In this guide, we cover the essentials of server security.

Why Server Security is Crucial

A hacked server can lead to:

• Data loss - Important files deleted or encrypted
• Spam sending - Your server sends spam, your IP gets on blacklists
• Malware hosting - Your server hosts harmful content
• DDoS attacks - Your server is used to attack others
• Reputation damage - Your domain and IP become contaminated

Prevention is far better than cure. It is essential to protect your server against these threats, not only to safeguard your own data but also to ensure the integrity of your customers and users.

Securing SSH

SSH is the primary gateway to your server. Secure it thoroughly.

Change SSH Port

The default port 22 is constantly being scanned. Change it to another port:

sudo nano /etc/ssh/sshd_config

Find the line Port 22 and change it to, for example:

Port 2222

Restart SSH after the change:

sudo systemctl restart sshd

Don't forget to adjust the firewall for the new port. You can do this by updating the firewall rules to allow access to the new port.

Disable Root Login

Disable direct root login. Work with a normal user and use sudo for administrative tasks:

sudo nano /etc/ssh/sshd_config

Change:

PermitRootLogin no

This prevents hackers from easily accessing the root account, which is a common target.

Require SSH Keys

Disable password authentication and use only SSH keys:

PasswordAuthentication no
PubkeyAuthentication yes

First, generate an SSH key on your local computer and copy the public key to the server before disabling password authentication. This significantly increases security, as it makes it harder for attackers to gain access without the correct key.

Configuring Firewall with UFW

UFW (Uncomplicated Firewall) makes firewall management simple and accessible for everyone.

Install UFW and Basic Rules

sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing

These basic settings ensure that all incoming connections are blocked unless specifically allowed.

Open Ports

Only open the ports you need:

# SSH (custom port)
sudo ufw allow 2222/tcp

# Web traffic
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# DirectAdmin
sudo ufw allow 2222/tcp

Activate Firewall

sudo ufw enable

Check the status:

sudo ufw status verbose

This gives you an overview of which ports are open and which rules are active.

Fail2ban Against Brute Force

Fail2ban monitors log files and blocks IPs that repeatedly fail login attempts. This is an effective way to prevent brute force attacks.

Installation

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Configure SSH Jail

Create a local configuration:

sudo nano /etc/fail2ban/jail.local

Add:

[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600

This blocks an IP for 1 hour after 3 failed login attempts within 10 minutes. This can help deter attackers and make your server more secure.

sudo systemctl restart fail2ban

System Updates

Outdated software often contains known vulnerabilities that can be exploited by attackers.

Manual Updates

sudo apt update && sudo apt upgrade -y

It is important to regularly update your system to receive the latest security patches.

Automatic Security Updates

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

By enabling automatic updates, you ensure that you always have the latest security patches without having to think about it yourself.

Additional Security Tips

Disable Unused Services

Every running process is a potential attack vector. Disable unused services:

sudo systemctl list-unit-files --type=service --state=enabled
sudo systemctl disable servicename

Enforce Strong Passwords

Configure password policies with PAM or use only SSH keys. This helps prevent weak passwords that are easy to guess.

Log Monitoring

Regularly check your logs for suspicious activity:

sudo tail -f /var/log/auth.log
sudo tail -f /var/log/syslog

By regularly checking your logs, you can notice suspicious activities in time and take action.

Two-Factor Authentication

Consider 2FA for SSH with Google Authenticator or similar. This adds an extra layer of security, so even if an attacker has your password, they still cannot log in without the second factor.

Security Checklist

Use this checklist for every new server:

• SSH port changed
• Root login disabled
• SSH keys configured
• Password auth disabled
• UFW firewall active
• Fail2ban installed
• Automatic updates active
• Unnecessary services disabled

Related Articles

• LiteSpeed web server configuration
• Monitoring server resources
• VPS first steps after purchase
• Firewall configuration (UFW)

More information about VPS servers at Theory7

Need Help?

We are here for you! Are you facing any issues or have questions? Our support team is happy to assist you personally. Send us a message via the ticket system - we usually respond within a few hours and are happy to help.