How do you protect your dedicated server?

Status
Not open for further replies.
14 comments
For protecting the dedicated server, you are suggested to do server hardening.

Some important things to protect the server:
1)change the password
2)Change ssh default port number
3)Regular Scanning and Testing(monitoring) system
4)Install a firewall for better security
5)Maintain your Databases
6)Update Software Regularly
7)Keep Data Backups.
 
For protecting the dedicated server, you are suggested to do server hardening.

Some important things to protect the server:
1)change the password
2)Change ssh default port number
3)Regular Scanning and Testing(monitoring) system
4)Install a firewall for better security
5)Maintain your Databases
6)Update Software Regularly
7)Keep Data Backups.
can you suggest some for monitoring system?
Can u suggest a firewall?
what is maintaining databases?
 
can you suggest some for monitoring system?
Can u suggest a firewall?
what is maintaining databases?

Yes, of course, you can go through the below answers to your questions:
1. Following are some of the Open source tool for server monitoring systems:

1. ZABBIX
2. Nagios
3. SolarWinds
4. ManageEngine OpManager
5. Hyperic HQ
6. Sciencelogic EM
7. Spiceworks
8. OpenNMS
9. GFI Network Server Monitor
10. Paessler

2. CSF is a software firewall which is extensively used to on Linux servers to safeguard it from dangerous attacks like brute force, DOS, invalid login attempts, SMTP errors etc. Generally, Web hosting provider across the globe rely on CSF firewall. It works with iptables in preventing your server.
CSF is more compatible with Linux distros which is efficient to manage and install. You can easily enable setup/block ports, allow/block/ignore the IP access & perform as many tweaks with CSF firewall.

3. The vital importance of maintaining and updating your data cannot be ignored. Also, endure that your database is always secured and protected against SQL injection. It is even more essential when you collect sensitive information about clients.
Moreover. you must look for:
1. reducing privileges of database users
2. eliminate unwanted data and
3. deflect the areas of interaction between client and the database when not needed

Hope this helps :)
 
Yes, of course, you can go through the below answers to your questions:
1. Following are some of the Open source tool for server monitoring systems:

1. ZABBIX
2. Nagios
3. SolarWinds
4. ManageEngine OpManager
5. Hyperic HQ
6. Sciencelogic EM
7. Spiceworks
8. OpenNMS
9. GFI Network Server Monitor
10. Paessler

2. CSF is a software firewall which is extensively used to on Linux servers to safeguard it from dangerous attacks like brute force, DOS, invalid login attempts, SMTP errors etc. Generally, Web hosting provider across the globe rely on CSF firewall. It works with iptables in preventing your server.
CSF is more compatible with Linux distros which is efficient to manage and install. You can easily enable setup/block ports, allow/block/ignore the IP access & perform as many tweaks with CSF firewall.

3. The vital importance of maintaining and updating your data cannot be ignored. Also, endure that your database is always secured and protected against SQL injection. It is even more essential when you collect sensitive information about clients.
Moreover. you must look for:
1. reducing privileges of database users
2. eliminate unwanted data and
3. deflect the areas of interaction between client and the database when not needed

Hope this helps :)
Thanks for all the info.
Do you have a website for your security services?
 
You can take following steps
  • Change login credentials - do not share with anyone
  • A good firewall will avoid most of attacks, make sure to install and configure Firewall
  • In case of creating users, assign permissions and privileges accordingly
  • Server Auditing is a major factor - here you will come to know most of the issues and you will be able to patch them within time.
  • Keep yourself updated regarding the servers and attacks to avoid one in future
 
- Secure SSH password
- Install and configure CSF
- Install Anti-viruses
- Server Monitoring
- User track
- Server Update
- Data Backup
 
You have to do following things to secure your server
- Secure SSH password
- Install CSF firewall
- Backup
- User tracking and server auditing
- Software Update
 
User-side:

protecting your server ip with cloudflare (use custom mail service like yandex.mail to cover mx leak), changing your ip before doing this as there is a possibilty that your server ip is already known and hiding it doesn't matter anymore. (like crimeflare database).
and before all these, doing all these actions on a secure computer without any doubts of keyloggers,rats matters. And also not using these credidentals on public computers, doesn't taking notes about server ip/password on computer/your cloud account are also important.

Server-side:

always use licensed or approved scripts that has no sql injection vulnerability.
change your root password and make sure to use 2 step verification on dedicated server provider's website if there are any.
your email account's security is also important.
to make sure any potential attact doesn't hit to the database, use recaptcha plugins - limit login attemption - ip blockers for unusual activity of db usage like the search part of the website.
using cache that doesn't use db connection is also helpful.
in any attack situation, switch to cloudflare's I'm Under Attack mode to cover most basic attacks.
keeping your website's backups outside in a secure cloud account helps to cover irreversible damage.

my opinions are more likely to help webmasters who host their sites on a vps but i hope it helps to someone.
 
Also, it is important to keep your server software as well as website scripts, including CMS and shopping cart software, updated and apply patches as soon as they are released.
 
Apply Kernel-based symlink protection
block default SMTP port
Disable potentially unsafe functions via disable_functions directive in php.ini
Example: disable_functions=dl,system,exec,passthru,shell_exec,stream_select,popen,proc_open,proc_nice,ini_set
 
Status
Not open for further replies.
Back
Top