Trust and SecurityFew Ways How to Protect Your Server from Hackers
Some ways to protect the server from hackers, applying your server and practicing good security will be very good for preventing and knowing how to protect the server from hackers in Linux and other systems.
We must be honest, when it comes to server protection, good security hygiene is necessary, there is no such thing as an unbreakable system where no one has access. It will always be a cat-and-mouse game, where the one with better technical knowledge, qualifications, and experience will win, but it is possible to make access difficult and protect the server from some attacks and prevent them!
We will show you how to protect the server from hackers in Linux by applying good security practices, please note that this will not be “enough,” but it will be better than doing nothing.
Why is it important to protect your server from hackers?
It is always better than ending up with a compromised server and all the information about you and your clients being exposed on the internet and compromised. And this is not good for the client or for any company. This can be very bad for your company’s reputation, for clients/users, and for all the information of your company, such as for employees.
Did you know that..
Are there almost daily attempts to penetrate servers?
Do many hackers look for easy servers or use social engineering to penetrate servers?
Did you know that many people scan IP addresses to find out which types of ports are open or closed? Did you know that this is dangerous?
Did you know that your server is subject to attacks daily, weekly? Sometimes more than 100 attempts!
Here are some solutions for prevention and how to protect the server from hackers:
1 – Change the SSH port.
By default, your SSH port is usually 22 in most systems. It is not good to use the default port for everything, as hackers and some people with bad professions certainly know that the default port is the “main target” for people with bad intentions, so change the port on the server and change it to another to make it harder to access, this will not prevent an attack, but it may help to prevent and make it more difficult in some aspects.
2 – Disable root login and passwords and use only SSH Key Auth.
People habitually often use passwords for everything, and this is not always good, and did you know that you can avoid this? Just disable root access and the password and start using key authentication, known as “ssh keys,” which will significantly enhance your security and that of your server, as long as you do not share the key with anyone!
3 – Install a firewall
Installing a firewall is essential, I would say it is important and critical from the server side, it is important to have port filtering and blocking certain ports. We recommend that you do the following.
3.1 Close the ports you do not use or do not need (i.e., those that are useless), it is better to block and close them!
WARNING: Be careful, do not block ports like 80 or 443, this may stop your server from working because port 80 is used for direct connection to your web server. So be careful!
3.2 Limit login attempts for more than 4 hours with email notification and always log.
This will give you time to understand and prevent unwanted access, and it can also be useful in case someone tries to gain access to your server. This will notify you, if you want to be more practical, make 3 attempts and apply blocking for more hours, for example, 24 hours or more.
3.3 Types of firewalls for Linux that you can install and use:
- UFW (the most common)
- IPFire
- CSF (ConfigServer Security and Firewall)
- Pfsense
- Smoothwall
4. Types of ways to block brute force attacks. - Install any of these services to protect your SSH logins and your server.
- CSF (ConfigServer Security and Firewall)
- Fail2ban (one of the best)
- SSHGuard
- Crowdsec (one of the best, currently competing with fail2ban)
Alexhost recommends you check CSF, Fail2ban, and Crowdsec – all provide good security and protect your server if it is very well configured. Install any of them and prevent anything that may happen, it is not unbreakable, but it can definitely provide good security and prevent attempts.
Blocking certain internet service providers for spam, brute force, hacking
Blocking IP addresses and IP blocks of internet service providers and service providers and even IP addresses from countries with a higher incidence rate, i.e….. Analyze and check which countries always create attempts to penetrate your server. Block them, there is usually one or another country that stands out in this regard, if you do not need it and it is not a country you will work with, you can block and prevent further headaches. Prevention is better than becoming a target.
Using a non-root user for SSH on the server
This is one of the best ways to avoid using “root” for everything, change it and prevent this from happening. Using a non-“root” user to manage servers will prevent many problems that could end with your work. Be smart and choose security instead of being hacked or becoming a target for someone else. Disable root login and use other methods.
Alexhost recommends its clients and users to prevent…
Well, there are several ways to prevent it, another way is to use two-step authentication, this will help a lot and prevent the success of many attacks, even if they manage to get in, with double authentication it will be much more complicated! And that is the idea, to prevent and make it as difficult as possible. Since there are no completely safe systems, there are always ways to cause damage, prevention is the best thing you can do for your server.
Our company Alexhost recommends all clients to practice good security, it goes without saying that you should use strong and long passwords, easy passwords will make it easier for intruders to access! Never do this. Use strong and long passwords whenever possible, preferably that are not known and are unique. Need help? Alexhost has VPS Managed and Dedicated servers with management, which will allow you to save time, and we will harden your server and do this for you.
Are you looking for other services? Alexhost has for you, check out our other products:
LiteSpeed hosting – Does not require much knowledge and comes with free SSL and cPanel LiteSpeed technology web server.
VPS (unmanaged and managed) – You can apply it to your server or the managed services will do it for you.
VPN – Hide your IP address and protect yourself from becoming a target while surfing
Alexhost has many products and services, you can contact us, whenever you want, and we will help you choose the best solution for you, check our Alexhost homepage, we also have many payment methods.
Conclusion:
This is a good way to protect the server from hackers. There is no fail-proof way to prevent every intrusion, the best protection is prevention, awareness, and reading login logs whenever possible, and of course, regular backups. Do not trust people you do not know, and do not give your server password or key to someone you do not know! Alexhost takes pride in being able to help every client and customer who is with us.
We want you to know that we are here not only for you but for anyone who needs us. Alexhost guarantees that with us your privacy and security will be stable, secure, and reliable. We take this seriously.
