How to secure a linux dedicated server from hackers

How to secure a linux dedicated server from hackers

When hosting a website or application on a dedicated server using the Linux operating system, security is not optional but it is strictly important to take care of. Think of these safety precautions as a lengthy wall designed to keep your house safe. The more robust you build the wall, the more protected your home will be. In the same way, the right and robust security measures help you keep your Linux server away from hackers, malware, and downtime issues.

Many new server owners think Linux is already secure enough due to its design compared to other operating systems. While this is true, what they don’t understand is that hackers and cybercriminals don’t just target an operating system but a dedicated server.

Thus, without the right security configuration, even after a secure operating system (Linux), you will be vulnerable to cyber attacks and server hacking.

So, in this guide, our main goal is to provide the step-by-step process for how to secure your Linux dedicated server from hackers. We will explain everything from scratch so that even if you are a beginner in hosting, you can take these steps easily and secure your server.

In this guide, we will cover

  • Why Linux Servers get hacked
  • The most common attack methods
  • Step-by-step security measures implementation

So, Let’s get into it

Why do hackers target Linux servers more often?

Why do hackers target Linux servers more often?

Many beginner hosting owners often think, “Why would hackers attack their small websites like blogs and simple content-based websites or even e-commerce sites?” The idea that hackers exclusively target government and large corporation servers is a common misconception. Though in reality, any server connected to the internet is equally a target for cyber attacks.

Here are a few reasons why a Linux dedicated server can be the target even if it’s used for small- or mid-sized traffic-level hosting:

To steal valuable data

Even the basic blog content and e-commerce store contain a large amount of personal data, login information, and payment details. Hackers might be interested in stealing this valuable random data for cybercrime.

To find server resources

One of the typical reasons to hack a Linux dedicated server is to get server resources like CPU, storage, etc. They use these resources to run cryptocurrency mining, botnets and spam campaigns using your server resources

To find the gateway to larger attacks

Due to the fact that it is your server that will be used, hackers or cybercriminals may use your Linux server as a gateway to attack others and expose you to legal risk.

People’s misperception that Linux is already secured

As a Linux server owner, people think their server is already secured and they often don’t take any security measures. Hackers use this misperception to attack these servers by continuously developing bots and malware.

The most common Linux server attack methods in the hosting world

Why do hackers target Linux servers more often?

The reality is that hackers attack Linux servers using a variety of techniques, occasionally combining several techniques into one. So, before we get into the process of securing our server, it’s important to understand how hackers break your server and what techniques they use.

1. Brute Force attacks

This is one of the most common hacking methods for cyberattacks, where thousands of automated bots keep trying with different username and password combinations. Those who have set easy or weak passwords are more vulnerable to this technique.

Think of this method as thousands of people simultaneously trying to log in to an account by continuously smart-guessing passwords. If your password is weak, one of these automated bots will soon get the access.

2. Exploiting Vulnerable software

Hackers often target servers that are using old versions of PHP, MySQL, Apache/Nginx, or WordPress plugins because they have more security flaws and can be easily broken. This is why every hosting provider recommends you keep your system and security patches updated.

Since it is a little technical to operate on a Linux system, users often ignore updating unless it becomes mandatory. Hackers use this loophole to attack you.

3. Privilege Escalation

Hackers gain access to many Linux servers by exploiting security flaws and then attempting to escalate their privileges to root access. Meaning first they get small, limited access and then elevate the entire access.

4. DDoS (Distributed Denial of Service)

You must have heard about DDoS protection in hosting services, and that is because DDoS is a major technique used in hacking. Distributed Denial of service (DDoS) sends an overwhelming amount of fake traffic to your website, which crashes the server, and then they use it as a mask for another attack.

It is like first you will get a lot of unusual traffic, and by the time you figure out what’s happening, they will make another cyberattack to get access.

5. Malware uploads

Hackers use this method to get entire access to your server by uploading and installing malware to your server system. If you use an insecure upload form or give unnecessary file permissions, it might result in malware installation on your server.

Step-by-step guide to securing a Linux Dedicated server

Step-by-step guide to securing a Linux Dedicated server
Step-by-step guide to securing a Linux Dedicated server

This section of the blog is your main security blueprint, as we are going to discuss all the essential security measure you must take to secure your Linux Dedicated server

● Keep the server updated

Outdated server software like PHP, MySQL, and Apache is a very big red flag for your server security. It makes the hackers’ job easier to get access even without much hassle. It’s like you have unlocked the window yourself to get the robber to come inside.

Most security breaches exploit known vulnerabilities. Updating the system closes these gaps and ensures no attacks are being made because of an outdated system.

You can update your server with these commands in different operating systems:

For Linux:

sudo apt update && sudo apt upgrade -y

For Debian/Ubuntu

sudo yum update -y

For CentOS/RHEL)

sudo apt install unattended-upgrades

● Create non-root user

This is a very common security breach that beginners often commit: Running everything as root access, even when root access is not necessary. When you get the root access with your server, it is important to use it wisely. If hackers get your root access while hacking your server, they will own the server completely.

To tackle this issue, you need to create a new user for daily tasks that do not require root access and use the main root user account only when it is absolutely necessary.

You can use the following sudo command to add a new account:

adduser newuser

usermod -aG sudo newuser

Note: Change the newuser placeholder from your original preferred username.

You can also switch to your root user easily with this command when necessary:

sudo su

● Secure SSH Access

SSH is your primary method to get access to your server remotely, and if you leave this access unsecured, it is an invitation for hackers to come and get access. We don’t want to invite hackers to get access through our SSH, so we will just secure it by taking following 3 steps

Actions:

1. Change the default SSH port

By default the SSH port is 22, and in brute force attacks, automated bots often target servers with the default port. By changing the default port, you will add an extra layer of security to your server SSH access.

To do this, you need to edit the configuration file with this command

sudo nano /etc/ssh/sshd_config

Find the “Port 22” option and change it to anything like “Port 2244.” Now, just restart the SSH:

sudo systemctl restart ssh

2. Disable root login over SSH

There is no need to log in every time with root credentials, so we will disable it by default

In the same configuration editing, find the PermitRootLoginoption and replace the placeholder “Yes” with “No.” This will disable the root login

3. Use SSH key to log in instead of passwords

Passwords are more vulnerable to attacks, so we will use SSH keys to log in every time. To set SSH key as our primary login technique, use this command

Ssh-keygen

Upload your public key to a secure file:

~/.ssh/authorized_keys

● Install a Firewall

A firewall is like a monitoring tool and a guard whose main job is to decide what traffic should enter your server and what should be blocked or left. To secure your server, make sure you have an updated firewall installed and active:

Here is how you can install a firewall.

Option 1: UFW (Uncomplicated firewall)

Install UFW easily with the following command without any struggle:

  • sudo apt install ufw
  • sudo ufw allow 2244/tcp
  • sudo ufw enable

Option 2: Firewalld (For CentOS/RHEL)

  • sudo yum install firewalld
  • sudo systemctl start firewalld
  • sudo firewall-cmd –permanent —add-port=2244/tcp
  • sudo firewall-cmd –reload

Note that you need to change the details according to your server. For example, you should use only your port rather than just copy and pasting this code.

● Install Fail2Ban

Fail2Ban is an open-source system that allows you to block IPs that try too many failed logins or come from unsecured connections. This system is perfect for stopping brute force attacks, as they don’t allow many attempts.

You can install, enable, and start this software with the following commands step by step:

Install:

sudo apt install fail2ban

Or

sudo yum install fail2ban

Enable and start:

sudo systemctl enable fail2ban

sudo systemctl start fail2ban

● Disable Unnecessary Services

There are many services that keep running in the background on the server. Every active service is a potential entry point for hackers. Thus, it is crucial to check all the active services and disable everything unnecessary.

First check all the services that are running:

sudo netstat -tulpn

Or,

sudo ss -tulpn

Disable services using the following commands for every service.

sudo systemctl disable service_name

sudo systemctl stop service_name

Enable SELinux or AppArmor

With a Linux dedicated server, you get the Security Enhanced Linux (SELinux) and AppArmor installed that add extra layers of access control. You can enable them easily with these commands and make your server even more secure:

For SELinux Enable:

sudo setenforce 1

For AppArmor Enable:

sudo systemctl enable apparmor

Secure File Permissions

There are files that must be private to you, and no one other than you should be able to get access to these files. Such as:

  • /etc/passwd/
  • /etc/shadow/

If hackers get these files, it’s the end of your server. To ensure that it doesn’t happen and hackers can’t reach these files, we are going to secure these files with the following command:

sudo chmod 644 /etc/passwd

sudo chmod 600 /etc/shadow

Protect Against DDoS

As explained earlier, DDoS attacks are a widely used technique to slow down your server and attack severe malware on the server. Therefore, we need to protect our server separately from these DDoS attacks.

Usually a dedicated server comes with Anti-DDoS protection but for an extra layer, we will use mod_evasive for Apache

sudo apt install libapache2-mod-evasive

Use the above command to install the service. It will monitor for any suspected bots and block the IP address immediately.

Install Malware Scanners

Malware is a hidden attacker instrument for hackers. It can stay hidden for weeks before it causes any visible issue on your system. Therefore, it is crucial to scan for malware from time to time and block it as soon as possible.

To do this, we need to install heavy malware scanners that can scan and remove this malware in real time. Installing ClamAV and LMD (Linux Malware Detect) will solve this concern.

Use the following command to install them:

For ClamAV:

1 sudo apt install clamav

2 sudo freshclam

3 sudo clamscan -r /home

For LMD:

wget

http://www.rfxn.com/downloads/maldetect-current.tar.gz

Conclusion

A Linux dedicated server is one of the most popular operating system choices due to its robust security features. However, it is also a vulnerable option for cyber attacks if not configured well. With different types of evolving cyberattacks, from brute force attacks and DDoS attacks to privilege escalation and outdated software exploitation, it is crucial to wisely secure our hosting server.

We have discussed the top 10 security measure implementations that will make your server secure and free from any cyber attacks. This includes keeping the server updated, using a non-root user account, securing SSH access, installing a firewall, installing Fail2Ban and an anti-DDoS system, and disabling unnecessary services. Moreover, enabling SELinux, AppArmor, and malware scanners also provides enhanced security features.

Visit Our Service Page:
india cheap dedicated server
best dedicated servers

 

 

 

Related Articles

ssd vps

What is SSD VPS hosting and how does it benefit your business website?

The efficiency of businesses is paramount in today’s technology-driven society where every business relies on technology to succeed. It is important to run the website in a smooth manner in every industry or field you belong to. For your brand to be well represented, you need to have a well-managed website hosted on a reliable […]
Read more
VPS hosting india

Crucial Things to Know When Choosing India based Web Hosting Services

In this modern era of digitalization, businesses also understand the importance of expanding their online presence. They are trying to find numerous ways for spontaneous growth. The only solution they are getting for this sudden glooming and increase in traffic is the presence of web hosting services. In short, for a business to operate tremendously […]
Read more
data center location

Choosing Data Locations: Implementing Proper Geo-Hosting Strategies

Choosing the right data location is a very crucial part of starting an online business. It is not a very easy task to do. Implementing proper geo-hosting and choosing data locations requires proper and adequate strategies and guidance.   Your data location has so much potential that if you choose the right location, then it […]
Read more
Search for: