We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
The trend is changing.
The Web is moving to Cloud from shared hosting for multiple advantages.
Lets get into apractical guideto securing Ubuntu and CentOS VM.
Changing SSH Default Port
By default, the SSH daemon listens onport number 22.
This means if anyonefinds your IPcan go for a link-up to your server.
They may not be able to get into the server if you have secured with a complex password.
However, they can launch brute force attacks to disturb the server operation.
Changing the SSH port in Ubuntu/CentOS is easy.
Instead, you might use the new port to connect.
If using SSH client or Terminal on MAC, then you could use-pto define the custom port.
Easy, isnt it?
This can bedangerousif not taken seriously.
There aretwopopular programs you could use to protect Linux from brute force.
SSHGuardmonitors the running services from the system log files and blocks repeated bad login attempts.
Initially, it was meant forSSH login protection, but now it supports many others.
you’re free to get SSHGuard installed with the following commands.
Ubuntu:
CentOS:
Fail2Ban is another popular program to protect SSH.
Fail2Ban automatically updates the iptables rule if a failed login attempt reaches the defined threshold.
However, if you oughta explore more then, you may refer to the following.
Note:this assumes you have already set up SSH key exchange.
There are multiple ways to hide the Origin IP to prevent the DDoS on your cloud/VPS server.
By doing this, you are advertising the CDN provider IP for your domain andorigin is not exposed.
There are many CDN providers to accelerate the website performance, DDoS protection, WAF & many other features.
So pick the CDN provider who offers performance & security both.
There are many, but one of the most popular ones isUFW(Uncomplicated Firewall) forUbuntuandFirewallDforCentOS.
Also read:Real-time Tips to Harden & Secure WordPress Website
Regular Backup
Backup is your friend!
When nothing works, then the backup willrescueyou.
Things can gowrong, but what if you dont have the necessary backup to restore?
Most of the cloud or VPS providers offer backup at a little extra charge and one should always consider.
Check with your VPS provider how to enable backup service.
I know Linode and DO charge 20% of droplet pricing for the backup.
If you are on Google Compute Engine or AWS, then schedule a daily snapshot.
Having a backup will quickly allow you torestore the entire VM, so you are back in business.
Or with the help of a snapshot, you canclone the VM.
OnUbuntu, you might useapt-get updateto ensure the latest packages are installed.
Keeping unwanted open ports like aninviting attackerto take advantage.
If you are on Google Cloud, then allow the necessary ports using firewall rules.
And if you are using VPS, then apply basic iptables ruleset as explained inLinode guide.
The above should help you in hardening and secure your server forbetter protection from online threats.
And if you are specifically looking for premium WordPress hosting, then this one.
