How to configure the security of your Linux VPS or Ubuntu Server. These measures will help minimize the risk of DDOS attacks, vulnerabilities, malware, and other security threats, while also ensuring the continued reliability and performance of your server.
How to Configure Security Linux VPS, Ubuntu Server Safely
Although VPS service providers provide some default security measures, users can still take additional steps to better secure their VPS by configuring and installing software.
1. Protect Your VPS with a Firewall: Essentials for Server Security
Installing and authenticating a firewall on the server is crucial for minimizing the risk of unwanted traffic, spam tool attacks, bots, and other security threats. Most Linux-based operating systems come pre-installed with a firewall, such as iptables, firewalld, and ufw for Debian. It is important to configure security Linux VPS and set up the firewall properly to ensure maximum protection for your server.
For easier management of iptables and integration with other control panels, we highly recommend installing the free ConfigServer Firewall (CSF). This firewall configuration script can improve the security of your Linux VPS or Ubuntu Server and offer an intuitive and advanced interface for managing firewall settings. To install and activate the firewall, you can utilize the following command:
sudo apt install ufw
sudo ufw enable
After you have enabled the Firewall, you can verify the status of “ufw” by using the command:
sudo ufw status
Configure Ubuntu Server Security with ufw Firewall
- Use ufw to open port 80, 443 and 8080
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 8080/tcp
- Use ufw to deny, close the connection port
sudo ufw deny 8899
Using the above command as an example for configure security Linux VPS, if you wish to block external connections to your server through port 8899, you can use the command below. Conversely, if you want to allow connections through this port, you can run the following command instead:
sudo ufw allow 8899
2. Securing Your Server: Use SSH Key and Disable Root Password
Typically, VPS providers will provide you with a root user, password, and IP address to log in to your VPS server. You can access your server by using the following command: ssh root@ipaddress
.
However, this method of using passwords is less secure compared to utilizing public keys to secure your Linux VPS. we have published an article on creating and using SSH keys on Ubuntu and Debian that you can refer to. By employing public keys, even if your VPS login password is compromised, intruders cannot access your server without the corresponding private key file.
Using FTP for remote login is not recommended. Instead, use SFTP with a public key for a more secure method. Filezilla is a simple yet effective tool for managing websites on VPS, allowing for easy file uploads, permission changes, and file editing. This is a highly recommended method for securing Ubuntu VPS and Linux Debian.
To enhance security for your Linux VPS, it is recommended to create a new user account with separate management permissions for folders and files instead of using the root user directly. For example, if you have a website running in a directory named httpdocs, you can assign permissions to that directory using the command: “chown username:groupname httpdocs“. This step is crucial for configuring security on your Ubuntu server. The method we use is illustrated in the screenshot below:
We have provided instructions on how to use the chmod command to manage and control permissions in order to configure security for Ubuntu server in this resource.
3. Ensuring Protection for Your Linux Server against Malware
The next step to increase the security of your VPS is to monitor the files uploaded on the VPS. Besides setting up a firewall to protect incoming traffic and secure VPS with SSH public key, file monitoring helps you detect and deal with possible security holes. This way, you can keep your VPS safe and certainly not attacked from malware or hackers.
Besides monitoring file uploads on a VPS, scanning for viruses and malware on an Ubuntu or Debian VPS is also an important step in protecting your system. This helps you detect suspicious activity and quarantine infected files to prevent potential attacks. We have shared 3 Linux antivirus and scanning tools to help you find and remove malicious files. By applying the above methods to configure security for a Linux VPS, you can ensure that your VPS system will not be easily hacked, and as a result, your important data is better protected.
4. Prevent DDoS attack VPS Security for Ubuntu / Linux
As a website owner, it is crucial to be aware that your website may be targeted by DDoS attacks from malicious individuals or competitors. These attacks can exploit vulnerabilities in your system, flooding your server with a massive number of requests in a short period, causing your server to become unresponsive and your website to go offline. Therefore, it is vital to take appropriate measures to configure security for your Linux VPS and prevent DDoS attacks.
It’s great to see that you have summarized some effective ways to secure VPS servers running on Linux Debian or Ubuntu. The tips you have provided, such as setting up a firewall, using SSH public key, monitoring files, and protecting against DDoS attacks, are all important measures to ensure the security of VPS servers.
It’s important to note that while Cloudflare can be useful in mitigating DDoS attacks, it should not be relied upon as the sole solution for website security when configure security Linux VPS. Furthermore, it’s worth mentioning that the SSL certificate provided by Cloudflare has a validity of up to 15 years only for the Universal SSL certificate, while custom SSL certificates are valid for up to 365 days.
Overall, it’s always good to stay vigilant and continuously review and improve the security measures in place to protect your VPS server from potential threats.