Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
TAnonim2017-04-20 09:08:29
linux
TAnonim, 2017-04-20 09:08:29

How to increase the security of vds server?

Good day. The question concerns the server setup itself. I have a server on Ubuntu 16. Authorization via ssh - only by keys, without a password; access for root is closed; the port for connecting via ssh/sftp has been changed; password access is closed; ufw firewall works. What else can I do to maximize the security of my server? Is it possible and difficult at the current level of security to hack the server and gain access to the data on it?
Please give advice on how to reduce the chance of hacking to zero.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
P
Puma Thailand, 2017-04-20
@opium

taking into account the fact that hacking almost always goes through the application and not ssh, protect it
with me for 10 years and thousands of servers have never picked up a complex password or key with ssh,
changing the port for ssh only creates inconvenience for yourself

Report
B
blackbeard, 2017-04-20
@Black_beard_ast

Fail2ban and other brute force protections. Protecting the VDC itself is half the battle, it is important to protect the service that runs on it.

Report
S
Sergey, 2017-04-20
@feanor7

It is very easy to reduce the chance of hacking to zero. Raise the server at home / in the office, turn off the Internet - profit!
And so: a) firewall rules should allow administrative access only to admins, that is, filtering by ip at least, I would raise vpn for such purposes, b) fail2ban is a good thing, c) checking the input data on the service.
+ Never forget about backup.

Report
H
Host-Eiweb, 2017-04-20
@Host-Eiweb

Is it possible and difficult at the current level of security to hack the server and gain access to the data on it?

Whom to puzzle. Depends on the level of a particular specialist.
Ask to test your server on this forum . Get a detailed analysis, possibly with further recommendations.

Report
S
st0ner, 2017-04-21
@st0ner

I advise you to familiarize yourself with this: https://xakep.ru/2014/10/02/paranoid-linuxoid/
Also configure or block dns, as the Chinese love these ports.
It is better to change ports that look outward, because the Chinese brute force the standard ports on the machine, and this is extra traffic and load.
You can deploy a meerkat on the server to visually see the incoming traffic to the server.

Report
S
serf, 2017-04-20
@serf

Maximum? Hire the most intelligent administrator.

Similar questions
M
MIsternik2016-12-15 22:55:28
[dotnet core] How to install dependencies on Linux for a c# project? 3Reply
A
Athanasius Sidorov2021-01-14 22:54:08
What happens if you stop this process? 1Reply
G
gto61202016-12-16 11:57:02
The file does not open and next to it lies the same one with the SWP extension, what happened? 2Reply
G
gto61202016-12-16 12:43:08
How to do a proper substitution with sed? 1Reply
V
VN2021-01-15 13:17:06
How to send mail on behalf of another domain? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question