Why do we need to keep our VPS secure ?

Security matters ! Don't invite hackers in !
Admin
Site Admin
Posts: 490
Joined: Wed Jul 25, 2012 10:54 pm

Why do we need to keep our VPS secure ?

Postby Admin » Tue Jul 31, 2012 6:29 pm

You probably heard at times: "I dont have much secret stuff on my VPS, why would I care if it is hacked ?"
Well, for once, you won't like it when your traffic for the month gets used in a few days, due to DDoS attacks your captured VPS will participate in. You will also get suspended for hosting malware or spambots, perhaps even worse.
While we do understand these things, repeated offenders will get terminated, it is not right for everyone to suffer just because some people don't care.
I will give you some general advice here and will detail it in other topics.

1. Keep your password complex and secure !
This means you should not share your password with anyone. If you have to give access to someone else, please make an account with reduced privileges. At the very least, do not give the password of your control panel, in case your VPS gets stolen or hacked, you can at least reinstall and change password.
About the complexity of the password, it should be at least 8 characters long, contain uppercase and lowercase letters, numbers and special characters.
At first sight looks hard to remember, but MeMySelfAndI567%^& (SHIFT+567) is an extremely hard to crack password You can add a space or more and it is virtually unbreakable.
Passwords such as John or 123456 are clear victims at the first attempt, please avoid those !

2. Keep your instalation up to date !
This means that, from time to time, the different programs making the environment in your VPS (for example the webserver) are found to be vulnerable to speciffic hacker attacks. They could gain control over that package and sometimes over all the VPS.
Sure, the developpers of those packages will not sit on their hands, they will distribute updated versions where such vulnerabilities are patched, but a normal VPS can have hundreds of packages and it is impossible for a normal VPS user to keep current with all.
Fortunately, the distribution maintainers are doing this. You, as an user, only need to run a cuple of commands from time to time, depending on your distribution.
For example, in the case of CentOS you need to run

Code: Select all

yum update
. If it finds new updates, you will be notified and you need to accept it in most of the cases, in others it simply proceeds.
In the case of Debian and Debian based distribuions such as Ubuntu you need to run

Code: Select all

apt-get update
to read the list of updates and

Code: Select all

apt-get upgrade
to upgrade the packages that need an upgrade.
Do this immediatelly after you get your VPS, because the images installed are not always up to date.

3. Do not install software from shady sources !
If possible, stick to the repositories of your distribution. If not possible, try to make sure the software you install is widely used and has a large install base.

Please take care of your VPS and it will serve you well ! We will make sure it will !

Admin

Return to “General security”

Who is online

Users browsing this forum: No registered users and 1 guest