Few ways how to protect your server from hackers ⋆ ALexHost SRL

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills
09.03.2023

Few ways how to protect your server from hackers

Few ways how to protect your server from hackers

Some ways on how to protect your server from hackers, applying on your server and practicing good security will be a very good thing to prevent and know how to protect server from hackers in Linux and other systems.

We have to be honest when it comes to server protection, good security hygiene is necessary, there is no such thing as a bulletproof system where no one can access it. This will always be a game of cat and mouse, where whoever has better technical knowledge, qualifications and experience will win, but it is possible to make the access more difficult and protect the server from some attacks and prevent it!

We will tearch you how to protect server from hackers in Linux by appling a good security pratice, please note this won’t be “enough” but will be better than do nothing.

Why is important to protect your server from hackers?

It is always better than ending up with a compromised server and all your and your customers’ information being exposed on the internet and compromised. And that is not good neither for the client nor for any company. This can be very bad for your company reputation, clients / customers and all information of your company like employeers.

Did you know…

Almost every day there are intrusion attempts on the servers?
Many hackers look for easy servers or use social engineering to penetrate servers?
Did you know that many people scan IPs to know which types of ports are open or closed? Did you know that this is dangerous?

Did you know that your server is the target of attacks on a daily, weekly basis? Sometimes more than 100 attempts!

Here are some solutions to prevent and how to protect server from hackers:

1 – Change your SSH port.

By default, your SSH port usually is 22 in most systems. It isn’t good to use the default port for everything, since hackers and some blackhat people knows certainly that the default port is the “main target” from bad intentioned people, then change the server port and change it to another to make it harder to access, this will not prevent an attack but it may prevent and help prevent and make it harder in certain aspects.

 

2 – Disable root logins and passwords and use only SSH Key Auth.

People by habit often use passwords for everything and this is not always good, did you know that you can avoid this? Just disable root access and password and start using key authentication known as “ssh keys” which will greatly increase your security and that of your server, as long as you don’t share the key with anyone!

 

3 – Install Firewall 

Installing a firewall is essential, I would say important and critical on the server side, it is important to have port filtering and blocking of certain ports. We recommend that you do the following.

3.1 Close ports that you do not use or do not use (i.e. that are useless), it is better to block and close them!

CAUTION: Be careful, don’t block ports like port 80 or 443, this can stop your server from working, because port 80 is used for direct connection with your web server. So be careful!

3.2 Limit login attempts for longer than 4h with email notification and always register.

This will give you time to know and prevent unwanted access and can also be useful in case someone tries to access your server. This will notify you, if you want to be more practical make 3 attempts and apply a block for more hours like 24h or more.

3.3 Types of firewalls for linux that you can install and use:

  • UFW (most common)
  • IPFire
  • CSF (ConfigServer Security and Firewall)
  • Pfsense
  • Smoothwall

    4. Types of ways to block brute force attacks.
  • Install any of those services to help you to protect your SSH Logins and server.
  • CSF (ConfigServer Security and Firewall)
  • Fail2ban (one of best)
  • SSHGuard
  • Crowdsec (one of best, currently being competitive with fail2ban)

Alexhost recommends you check CSF, Fail2ban and Crowdsec all of those provide good security and protect your server if it is very well configured. Install any of those and prevent anything from happening, it isn’t bulletproof but can definitely provide good security and prevent attempts.

 

  1. Block certain ISPs of Spamming, Brute Force, Hacking

Block IPs and IP blocks of ISPs and service providers and even IPs from countries with higher incidence rate, i.e…. Do an analysis and check which countries are always creating attempts to penetrate your server. Block them, usually there is always one country or another that stands out in this, if you don’t need it and it’s not a country you will work in you can block and prevent further headaches. Prevention is better than ending up being targeted.

  1. Using a non-root user to SSH into the server

That is one of best ways to avoid using “root” for everything, change it, and prevent it from happening. Using a non-root user to manage your servers will prevent many issues that can end with your work. Be smart and choose the security rather than be hacked or targeted by someone else. Disable root login and use other methods.

Alexhost recommends its clients and users to prevent on…

Well there are several ways to prevent it, another way is to use two-step authentication, this will help a lot and prevent many attacks from succeeding even if they manage to get in, with double authentication it will be much more complicated! And that’s the idea, is to prevent and make it as difficult as possible. Because there are no totally safe systems, there are always ways to do damage, prevention is the best thing to do on your server.

Our company Alexhost recommends to all customers to practice good security, it goes without saying that you should use strong and long passwords, easy passwords will facilitate the access of intruders! Don’t do this, ever. Use strong and long passwords whenever possible, preferably not known and unique. Need help? Alexhost have VPS Managed and Dedicated Servers with management, with will allow you to save time and we will harden your server and do this for you.

Are you looking for other services? Alexhost have it for you, check our other products:

LiteSpeed Hosting – Doesn’t need a lot of knowledge and comes with free SSL and cPanel + LiteSpeed technology web server.

VPS (Unmanaged and Managed) – You can apply this in your server or managed services will do it for you.

Dedicated Servers

VPN – Hide your IP and protect you from being a target when you are browsing

 

Alexhost have many products and services, you can contact us when you want and we will help you to choose the best solution for you, check our Alexhost Homepage, we also have many payment methods.

Conclusion:

This is a good way in how to protect server from hackers. There is no foolproof way to prevent any intrusion, the best security is prevention, being aware and reading the login logs whenever possible and of course making regular backups. Don’t trust people you don’t know or give your server password or key to someone you don’t know! Alexhost is proud to help every client and customer that are with us.

We want to you know that we are here not only for you, but for everyone who needs us. Alexhost guarantees that your privacy and security will be stable, secure and reliable with us. We take this seriously.

 

Test your skills on our all Hosting services and get 15% off!

Use code at checkout:

Skills