A Few Steps to Securing your Dedicated / VPS Server


Here are a few things to do.
  • First and most important keep your server software updated and patched. Especially old PHP and kernels which can be insecure. A couple links with lots of info: Website security precautions, and Secure settings for PHP on Apache.
  • It's very important that you (if you manage your own web hosting server) or your web host enable open_basedir. In a shared hosting environment without open_basedir, an attacker has the ability to exploit a vulnerability.
  • Enable disable_functions (A disabled_function list below for a good setup)
  • Suhosin will further harden your PHP installation.
  • Close unneeded open ports.
  • Maintain access logs. Depending on the size of your site these can quickly grow in size, but they can be very useful in identifying any access points.
  • Disable direct root login, and change the default ssh port.
  • Secure passwords, limit access
  • Disable allow_url_fopen in php (recommended in the securing PHP link above).
  • If an attack happens, preserve the time stamps of the files affected (ie: using cp -p before deleting the files).
  • Disable world writable permissions (777) for directories. As a general rule, chmod 755 for directories, 644 for files.
  • mod_security
  • Firewall, brute force protection, email notification when someone logs in as root.
  • Backup, backup and backup again also maintain off-site backups.
  • Cloudflare? Clouflare blocks IP addresses, and many Asian countries share IPs (as do dial-up users). Many false positives if you have visitors from these areas, but worthy for high-risk sites.
  • A security diligent host or server admin can be amazing.
Disabled_function List
disable_functions = escapeshellarg,escapeshellcmd,exec,ini_alter,parse_ini_file,passthru,pcntl_exec,popen,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Running Arch Linux on a VPS

This tutorial is aimed at the more advanced users of Linux who wish to use/install Arch Linux on...

Setting Up a ShoutCast Server on a VPS

This tutorial will help you install a ShoutCast Server on your VPS. ShoutCast Servers are used to...

Setting up Debian and essentials

Installing EverythingAssuming a Debian 5- or 6-based system with no existing webserver installed,...