My previous post on VPS was about why you should prefer a VPS. Now, I’ll focus on what you shuold first do on your VPS.

1. Choosing the OS
You should go with linux because well, it’s better, and it’s free. Probably almost all software that you would need on the web is developed for linux first. Then you need to decide on the linux distribution. You can simply google and ask google what you should choose. I don’t want to quote any other website in order not to have some blatant plagiarism. Unless you have the knowledge to prefer a particular distro, you might want to try Ubuntu. It’s probably the most frequently updated distro out there. Plus, because it is highly preferred by a lot of novice users, it’s highly likely that a problem you encounter is already answered a dozen times. You can simply google how you can do something and voila! Also, it uses the APT thingy (the apt-get command) which helps you easily install and uninstall software, look for updates and install them if necessary. No need to compile stuff on your server. Another popular option is CentOS. I’ve never personally used it, but years ago I used Redhat (CentOS is based on Redhat). It uses RPM (similar to APT) to install packages and so on.

Whatever OS you choose, you should be able to install it in seconds using the control panel your company provides you.

2. Securing the OS
There are a couple of things you should do after installing your OS. Let’s first connect to it using SSH. If you are on a Mac, you should already have the SSH client. If you are on Windows, download Putty. Then using the information the company sent you, connect to your server. You should use it as root@IPaddress. Then it’ll ask you for your password. Now, you are in.

a. Change the password: Typing passwd will help you change your password. Choose a proper password.
b. Add a new user: Typing adduser will help you add your new user. Choose a username which can’t be guessed. If your site is radiognome.com, a username like radiognome will be a really bad one. Make it different. Choose a proper password.
c. Disable root login on SSH: Why? Because root is the default admin user on linux. Every linux machine has a root account. So, they have your username, now they need your password. If you disable it, they not only need your password, but also the username. Google’ing “ssh root login disable” will give you the required info. How will you now login to your VPS? Well, you’ll now ssh to your server using newusername@IPaddress. After you login, type “su” (short of superuser), it’ll ask you for your root password, and boom. You are in as root.
d. Change SSH port. Google is your friend. Choose a port other than the default 22. This might prevent people from choosing you as a target after they run a a scan on a particular IP block. After you make these last two changes, you’ll need to restart your SSH daemon. On Ubuntu, you need to run service sshd restart .
e. Hide the version information from Apache and PHP. Google. This is good because noone will know what version of whatever you are running. So, if in time, your particular Apache version turns out to be vulnerable to some attack and you are not aware, you will still be vulnerable but at least noone will directly know you are until they actually try.
f. Disable FTP, telnet, etc daemons: Google. Telnet is SSH without any encryption. Same goes for FTP. Try SFTP or “FTP over SSH” (you should be able to connect using your login info and the SSH port). Or upload whatever you need to upload and disable them after you are done. You shouldn’t really need to upload a lot of files all the time if your server will function as a webserver primarily.

. Are you being paranoid? Not really, these should be standard with every linux open to the internet 24/7. You can never be too secure.

You know something I should have included in the list? Please put it in the comments to help out!

Tags: ,

This post has no comment.