If you have a Linux web server on the Internet you can be sure it is going to be attacked in one way or the other. When the server gets setup by your dedicated server web host, it is only barely secured. Before doing anything else you should put some basic level of security onto the system and then later on harden the server and make it really secure. I highly recommend to outsource the task of securing an Internet facing web server, but this list below gives you a basic idea of tasks to look into:
1. Change default ssh port (even use SSH keys if possible)
2. Disallow root login and require login via different user accounts and then SU to root as needed
3. Disable any unneeded services
4. Install a good software firewall or better go hardware firewall
5. Disable dangerous or unused PHP functions
6. Install mod_security
7. Install a virus scanner like ClamAV
8. Mandatory Virus scan any FTP uploads
9. Install a root kit detection tool
10. Have root email notification of changes on the server send to an email account not hosted on the same server
11. Use complex passwords with at least 10 character minimums and special characters required
Of course this list is incomplete and only high level, but unless you outsource the task of securing your server this list should give you a few good hints of how to secure your new dedicated server. Or get a fully managed dedicated server from a company like LiquidWeb in the first place and concentrate on growing your website and not your frustration. LiquidWeb will take good care of you.
Leave a Reply