Webhosting1st is offering reliable and cheap VPS, prices are starting at just $6/Mo, for more details please check our plans.
The first thing you should do after you log in to your virtual private server (VPS) is to secure it against the most widespread attacks that it may be vulnerable to; an unsecured VPS is a very easy target for anyone. Additionally, all forms of attacks will eat at your bandwidth, slow down your VPS, and might lead to losing control over it.
The most common attack is brute-force for Secure Shell (SSH), which means that attackers will try to guess your root password and try to login to SSH as many times as possible. Clean Linux installation doesn't have any built-in security tools for this threat; that's why we must secure it first.
Change SSH port.
This simple, and easy to implement, change will prevent roughly 90% of brute force attacks. The default SSH port is 22, and attackers will most likely aim for this port without checking the rest of them because it is a time-consuming task.
Edit the SSH config file:
nano /etc/ssh/sshd_config
On top of the file, you should find the below line:
#Port 22
or
Port 22
Change this to:
Port 1255
You can use any other unused port, don't forget to remove the #, save the file (ctr+o, enter), and exit (ctr+x). Restart SSH:
service SSH restart
After that we must make sure that you don't use any firewalls at the moment:
systemctl stop firewalld;systemctl disable firewalld;
The firewall service should now be stopped and disabled, therefore, if you get any errors like:
"Failed to stop firewalld.service: Unit firewalld.service not loaded."
Then it is all OK; it means that you didn't have any firewalls in the system and we will install one in the next step.
From now on you will have to use Port 1255 every time you want to login to your VPS, so in PuTTY, you have to change 22 to 1255 in the port field, and for Linux, you will have to add the port information to your command, for example, SSH -p 1255 -l root YOUR_VPS_IP.
Install and configure the config server firewall (CSF).
Now we will install an external program - the very popular firewall, CSF. First, we must install all files required for this program:
Centos:
yum -y install vim unzip bind-utils perl-libwww-perl.noarch perl-Time-HiRes perl-Math-BigInt;
Ubuntu:
apt-get -y install perl zip unzip libwww-perl liblwp-protocol-https-perl sendmail-bin;
Now, lets install the CSF:
cd ~;wget https://download.configserver.com/csf.tgz;tar -xzf csf.tgz;cd csf;sh install.sh;
The firewall has now been installed, so let's configure it. We can do it manually or automatically.
Manually:
Edit the CSF config file:
nano /etc/csf/csf.conf
Now replace those lines:
TESTING = "1" replace to TESTING = "0"
RESTRICT_SYSLOG = "0" replace to RESTRICT_SYSLOG = "3"
PT_USERMEM = "512" replace to PT_USERMEM = "0"
PT_USERTIME = "1800" replace to PT_USERTIME = "0"
DENY_IP_LIMIT = "200" replace to DENY_IP_LIMIT = "2000"
You can find lines by pressing ctr+w, pasting searched phrase (crt+shift+v), and pressing enter. After you have made any changes, save the config file (ctr+o, enter) and exit (ctr+x).
Automatically:
You can also paste the below lines into the command line:
sed -i -e 's/TESTING = "1"/TESTING = "0"/' /etc/csf/csf.conf;
sed -i -e 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/' /etc/csf/csf.conf;
sed -i -e 's/PT_USERMEM = "512"/PT_USERMEM = "0"/' /etc/csf/csf.conf;
sed -i -e 's/PT_USERTIME = "1800"/PT_USERTIME = "0"/' /etc/csf/csf.conf;
sed -i -e 's/DENY_IP_LIMIT = "200"/DENY_IP_LIMIT = "2000"/' /etc/csf/csf.conf;
After manually or automatically editing the config file, we must restart the CSF:
systemctl enable csf;systemctl enable lfd;csf -s;
Now that the firewall is installed, anyone who fails to log in to the SSH more than five times will be blocked by their IP. That IP will be saved in:
nano /etc/csf/csf.deny
Your IP is automatically added to the whitelist:
nano /etc/csf/csf.allow
So, that's it! Your VPS is now secured well against typical brute-force attacks.
