Contact Us

  • Call Now:(01)773-455-6676
  • Sales Email:sales@dedicatedhosting4u.com
  • Support Email:support@dedicatedhosting4u.com
  • Billing Email:billing@dedicatedhosting4u.com

Close Support

Support

How to Secure Dedicated Servers from Hacking


Warning: array_key_exists() expects parameter 2 to be array, string given in /home/dedicate/public_html/wp-content/themes/megahost/inc/extra-codes/domain.php on line 5
  • 5
    Sep

How to Secure Dedicated Servers from Hacking

Initially, to protect the business, suitable policies should be acquired. Dedicated servers may be targeted by hackers as it provides numerous benefits compared to other web hosting. Protecting the servers is the primary step. If not secured, it may results in loss of enterprise in an incurable manner. Below example shows the process takes place in a hacking system of client business.

Client “A” buys the web hosting package

The client uploads financial data to the server

Predatory hacker infiltrates poorly secured data

Subsequent damage could destroy the business of Client “A”

Hacker installs monitoring software and recovers all sensitive data

The following are the ways to secure dedicated server from the hacking.

1. SSL and firewall
To secure dedicated hosting, certain privileges can be applied. Required data can be accessed using SSL with those privileges.
The firewall acts as a layer between the local network and the Internet. Here firewall can block the harmful code and SSL provides access to transfer the encrypted data. It is a basic step to have a firewall to prevent DDoS attacks. For effective security use firewall along with SSL.

2. Interruption protection system
It is an improved security system works with the firewall as a set of two. It determines the traffic at the source and allows real traffic. Firewall reacts to hacking attempts, IPS is dynamic which means it takes decisions like to prevent the traffic, reviewing the connections, giving the indication to the administrator, etc.

3. Secure Passwords
To secure dedicated hosting Iin the case of passwords selection, Brute force techniques can track the most common or simple passwords. Selecting complex passwords can increase security. The complex passwords can be the combinations of lowercase and uppercase characters mixed with numbers and special characters. Attackers cannot track such complex passwords.

4. IP Whitelisting
Whitelisting of IPs allows access to only limited IPs thereby insignificant traffic is avoided. Only authentic and verified IP addresses can access the server.

5. Script Updates
To secure server hosting Update the scripts regularly. The performance of a server depends on server scripts and applications. These updates can help in overcoming the errors caused by earlier versions.

6. Server management
Proper management of hardware can result in the best performance. Restricted access to the server can be the primary aspect to secure dedicated hosting.
It is the job of hosting provider to protect the server and network. This can be achieved using methods like IP blocking, spamming and mod security. So select the hosting provider who is accountable for software, hardware, proper system maintenance, technical support, monitoring, and updates.

7. Limit Login Attempts

Brute Force Attack is one of the basic malicious attacks on the. secure dedicated server To make any website accessible on the internet it should have some services open to the internet. These open points may become accessible to attackers. In these kinds of attacks, attackers try to access the secure dedicated server with an assumption of some random username and password. Limiting the login attempts to the website can block the IP addresses from which multiple attempts are taking place. Using SFTP/FTP server setting login attempts can be limited. This limit range can be basically between three to five times only. Always keep updating the security patches and updates for computer and browsers.

8. Secure Connections

While connecting to the secure dedicated server, it is important to secure the connection. If your connection is insecure, there might be a threat to data from someone who is monitoring these connections.

  • By using a key instead of traditional username and password while logging to SSH provides extra security. It is advisable as it is difficult for the hacker to guess the key since it has no username associated with it.
  • Use SFTP instead of normal FTP while making FTP connections. For this, you also need to enable SSH/Shell Access on your account to make secure server hosting.
  • Your SFTP server should also have settings for a maximum number of requests per second the server will allow. The minimum setting is 40 connections per second. If you have very high traffic to your server, you can set this a bit higher, but take care that it should not be very high. This helps to prevent DoS (Denial of Service) attack where a server is made unavailable by using a program to saturate the server by many requests at a time.

Avoid using freeware as the development environments may not be secure. This increases the risk to a malware attack in free downloads.

9.Security Plugins

Some security plugins are available like ‘iThemesSecurity’ and ‘Bulletproof Security’ which addresses the security threat present in every platform which can threaten your website. Also, if you have a business which relies on its website, you can consider investing in ‘SiteLock’ or similar. It provides daily monitoring, malware detection, virus scanning to protect your website.

10. Change Default SSH Port

The SSH listening port is set up on port 22 by default as it is an industry standard. So, it is advisable to change this port setting to something different than the default value. Most of the  secure dedicated server hacking attempts that are made by robots which target port 22, so modifying this setting will make your server a difficult target.

To change your default SSH port, you need to follow the below mentioned steps:

  1. To open the configuration file to make changes, use the following command:

nano /etc/ssh/sshd_config

  • Find the following part in your file and replace port 22 with a new port

# What ports, IPs and protocols we listen for Port 22

Now, while requesting a new SSH connection on your machine, you need to indicate a new port by:

ssh root@YourServer.ovh.net -p NewPort

Please remember to reboot your server once you are done reconfiguring the port. Also, do not choose a port number that is already in use. Also, you may find that some services cannot be reconfigured to a non-standard protocol and so these services will not work.

11.Back up your system and Data

You should regularly back up your data. Save your data in some backup storage so that in case of an attack, you can retrieve via different protocols like FTP, FTPS, NFS, CIFS. Also, it is important to outline a plan of data restoration in case of any such attack or hard drive failure.

12. Update your system and packages

For security reasons, distributed system developers receive software package updates very often. So, it is important to install all the updates to avoid hacking. Many of the tools used in creating the website may be open source software programs, and the code is easily accessible to everyone, like hackers. Hackers can find pores in the code, and take advantage of any security vulnerabilities present. Make sure you have the newest version of the platform and scripts installed to minimize risks. Also, make sure to update the package list and the packages on your secure dedicated server regularly.

13.Protect your website from SQL injection

If you have a web form that takes input from outside users to display information, there lies a risk of SQL injection. If the parameter field is left much open without much validity checks, someone can insert code into them and access your database. It is important as sensitive client information is often stored in the database. To avoid this, you can use parameterized queries and strict validation checks in the web form.

Additionally, developers, database administrators, and system administrators can also take care of the below-mentioned things for secure hosting.

  • All the web application components like framework, libraries, plug-ins, database server software, web server software should be kept at their latest version with all the security patches installed.
  • Principle of Least Privilege should be followed while providing user access to the database. For example, if a website does not have any post or update operations and is only used to fetch data, only SELECT access to the database is sufficient. In this case, INSERT, UPDATE, DELETE privileges need not be provided.
  • Avoid using shared database accounts for many web applications. This will help in minimizing the impact of any successful attacks.
  • User-supplied inputs should be validated in all cases, type-in input fields, radio buttons, dropdown list.
  • Proper error handling should be present on the web server and database so that the user does not get any system generated error output. Attackers can research the technical details present in such messages and use queries to exploit the database.

14. Prevent Cross-Site Scripting

Cross-site Scripting is another threat to website which is also to be observed by website owners. This attack takes place when hackers get a chance to insert some harmful code to JavaScript code into the pages can affect the website. To prevent this, the developer must ensure while writing the code for fields or functions where the user provides input to be precise, which reduces the chance of adding such harmful code.

Avoiding the XSS can evade the user input. This means that when the application data is received make sure it is safe before processing to end user. Thereby the data is protected from being used in a harmful way when the webpage receives data. Restriction on the basic characters for coding like ‘<‘ and ‘>’ can prevent hackers from adding the codes to the web pages.

Also prevent the all HTML, JavaScript, URL entities wherever not required. Filter HTML entities to allow the user to enter rich text on forums and comments. Use the replacement format for using raw HTML with a format like Markdown.

15. Using Content Security Policy (CSP)

CSP allows the individual to enter the valid domain so that the browser considers it as a proper executable program. The browser accepts it as not a malicious script or malware to effect client computer. Using CSP means adding a proper HTTP header to the webpage that provides a string of directives which directs browser about the safe domains and if any exceptions are present to this rule. Browsers which has CSP compatibility will execute the scripts loaded in source file received from the safe domains and ignores other scripts. CSP is designed to be backward compatible. Some browsers may not support CSP will also work with secure dedicated server  that implement it by ignoring it, functioning as well.

16. Change root user Password

Whenever we install a distributed system or an operating system, a root access password is automatically created. It is very important that you should change this password for system safety. To change the password, you need to open an SSH connection to your secure dedicated server and use the below command:

passwd root

Then you need to enter your new password twice. Please remember, while typing the password it will not be displayed due to security reasons. So, you will not see the characters that you have typed. For logging in to the system for the next time, you should use this new password.

17. Disabling server access by the root user

A root user is created on every UNIX system, like LINUX. This has all the administrative rights on your. secure dedicated server. If your server has critical information, it is not advisable to keep your dedicated server accessible through a root user, as it is risky and can perform any undesirable change on your server which may not be reversed.

You can disable this access via SSH protocol. To do this, Open an SSH connection to your secure dedicated server and enter the following command to open SSH configuration files.

nano /etc/ssh/sshd_config

Find the below section of code and edit PermitRootLogin property to ‘no’.

# Authentication:

LoginGraceTime 120

PermitRootLogin yes

StrictModes yes

After saving and closing the configuration file, restart the SSH service to apply this change. And you can login to the server using the user account you have created to ensure safety.

18. Restricted user access

To perform everyday activities on the secure dedicated server, a user account with limited access also solves the purpose. To add a new user, enter the following command:

adduserCustomUserName

All the required information like username and passwords need to be provided. This user is allowed to access the system via SSH and the password set. If some activity requires administrative rights the below command can be used to access the root user rights:

su root

Root user password must be entered for validation.

19. Avoid anonymous access

Most of the FTP servers have an option for the user named as ‘Anonymous’. Determining the port for FTP and version of FTP software running will be easy with ‘Anonymous’ login. With minimal research security vulnerabilities in the software can be found by them.

Though anonymous access provided, restrict the user access permission to read-only and lock into home directory. If there is any requirement for download access, keep those files in a dedicated SFTP outside your demilitarized zone (DMZ).

20. Change File Permissions

The website is managed by a series of files and folders on a secure server hosting account.

To secure hosting If the website is hosted on a windows server, then follow the below steps to change file permissions.

  1. Login to the server as an administrator
  2. Locate the file to change file permissions
  3. Right-click on the file, select “Security” tab and then click on “Edit”
  4. If the permissions to be changed for a user then select the user
  5. Change the permissions as per the requirement whether it can be Read, Write or Execute.
  6. Click on “Ok” to accept the changes and “Apply” to apply the changes before closing the file or folder properties.

To secure hosting,  change file permissions on a Linux operating system, permissions are saved in 3 digit format where each integer is between 0 and 7. Here, the first digit refers to the administrator or owner of the file, the second digit refers to the group of the file belongs to. And the third digit means to any other user whoever accesses the file. The permissions can be:

  1.  4 for Read
  2. 2 for Write
  3. 1 for Execute
  4. 0 for No Permissions.

For example, a file provided with permission code ‘644’. Here, 6 means the owner has permissions to Read and Write (4+2=6), the group has 4 means Read permission only and other user also has 4 means Read permission only. The common rule for files and folders security is:

  1. Provide folders and directories with 755 permissions
  2. Provide files with 644 permissions

Protect the website from hackers with steps needed accordingly for the business to make profits.