How to Secure my VPS and test it for vulnerabilities

August 6, 2014 3.1k views

I'm trying to secure my server and finding a balance between usability and security.

There has been some bots or someone that's been trying to log in my server via ssh because I was looking at my auth.log and it has a long list of ip address trying to guess my log in username/password. I also see alot of guesses for root passwords. But luckily I disabled my root password log in and made it only ssh key when i first got the server. Now i also removed my root login completely.

What I have installed/setup atm

*fail2ban < default config with maxtry 2 and bantime at 2hrs

*root login disabled

*user log in with root and 2 factor authentication/google authenticator

*ssh is still on port 22- dont know what port to change i heard changing port below 1024 is good because its privileged ports. after changing the port what other settings do i have to change/watchout for in case i lock myself out?

also i heard installing wordpress on my vps is bad.. what other cms can i install to be secure?

Is there a test i can run to see if my server is vulnerable? do people try to get into your own vps to see if you can?

Currently my server is on ubuntu 14.04

3 Answers

csf has always been a good step for us

Step 1. Uninstall fail2ban because it introduces a point of failure without increasing security at all
Step 2. Make sure wordpress is configured correctly so that no one can access the wp-config.php or other sensitive files. You can test this with your web browser.
Step 3. Profit.

  • hmm is there another cms thats alot better and more secure than wordpress. can you tell me more about that point of failure with fail2ban? thanks! =]

Changing ports is usually a stupid idea. It does not prevent unauthorized access, nor does it make you less prone to invasion. A simple port scanner will detect OpenSSH opened on another port.

The only and best way to protect your server is to make sure it is always updated, using strong keys instead of password and adding things like fail2ban to prevent brute-force attacks

Have another answer? Share your knowledge.