Documentación » Security » How to protect a server

How to protect a server

In this document we are going to explain some measures you must take to protect a server from attacks and thus avoid being hacked.
But first you must know the legal considerations of not adequately protecting your server.

Attention, the following regulations are applicable in their entirety to VPS without an administration contract and that are delivered without any security configuration. In case you need help in this matter, you must formalize a contract for a managed service (Shared Hosting or Managed VPS) and thus delegate to GINERNET the responsibility of securing your server.

4.9. The client will be solely responsible for the administration of their services, the applications that they install on their server, as well as the effects they may have on the pre-installed standard software or the configuration of the machine, in those cases where it is feasible. this option, of the problems that could be generated in your server, especially, of those related to the security measures that should have been adopted.
4.10. In those exceptional cases in which a conflict occurs, GINERNET could only reinstall the service by eliminating all the data and configurations that the server may have.
4.11. Consequently, GINERNET will only be responsible for the availability of the physical infrastructures, the network and the physical host corresponding to the service.
This means:
  • The customer is responsible for the security of the server.
  • The customer has the obligation to secure and protect his server by installing firewalls and tools against system intrusion.
  • The customer has the obligation to know the necessary tools for the securing of servers.
  • In the event that a server has been hacked and the client does not know how to correct the problem, from GINERNET we will only be able to reinstall the complete operating system of the VPS, eliminating any content within the VPS.
Our goal is to provide an excellent quality network to those clients who trust us with the security of their data.
For this reason, we suspend the servers that we detect to be hacked, thus preserving the reputation of our network.

Tips for protecting a server

  • Strong passwords: It is extremely important that your server has strong passwords, this is that it is a set of alphanumeric characters and symbols in combination with upper and lower case. You can this tool to check if your password is easy to crack.
  • Brute force attack protection: It is extremely important that your server has a “login-failure” checking system installed so that if someone enters a wrong password X times on your system, it is blocked by a firewall. To secure at this level, use tools such as: Fail2Ban or CSF.
  • Block the ports you don’t use, or better yet, set a default blocking rule and enable only the ones you use. If you don’t know how to do this, we recommend installing the Webmin interface (Webmin for Debian or Ubuntu, Webmin for CentOS). It is a complete server management tool that does not cause conflicts with other panels that you already have installed on your server. Within webmin, you will be able to access the “Firewall” tool that will allow you, through the browser’s graphical interface, to secure your server in a very simple way, giving way only to those ports you use.
  • Keep the operating system and all software installed on the server up to date. Developers who schedule updates for systems, do not do it on a whim, most of the times updates include security patches, do not forget that a system that is not updated is a vulnerable and hackable system. We are talking about the operating system itself and related software as well as the APPs that run on the server, such as WordPress, Prestashop, Drupal, etc … which are CMS especially attacked by the number of people (victims) who use them.
  • Never, ever, use nulled software. You want to use an APP, module or template that has a license fee, but you have found “out there” an apparently “free” version or commonly known as “nulled”. These types of downloads include a prize. You are going to be able to use that software, but the hacker who has bothered to offer you that “bargain” does not do it for free and will have injected malicious code to take control of your server. Maybe it will steal your customer database, maybe it will use your server to send SPAM or in the worst case it will install a proxy to commit some kind of crime such as stealing credit cards. Don’t be naive and use only legally licensed software.
It is easier to protect a server than to clean an infected server. If your server has been hacked, in 99% of cases, it is best to REINSTALL the entire server because if the hacker has installed a backdoor, they will continue to have access to your server.
On the Internet, there are automatons systems or robots, developed by cyber-criminals, in search of vulnerabilities that they can exploit. Either to trade with the victims’ servers as well as to commit crimes through those systems that they have managed to violate.
Don’t make it easy for them and protect your server as much as possible.