Recently one of my colleagues asked me to help them secure their VPS for them.
They had a number of WordPress sites hosted on said server, and were constantly under attack from malware.
No sooner would they find rogue files and clean them off, the next day something else would be back to do fill up their mail queues with thousands of spam messages.
As linux server security is not something I have had much experience in, and nor had they, the following is a record of what we learned and did in terms of hardening the server – it may be of use to others in a similar boat.
The server in question is running Centos.
Checking port vulnerabilities on a VPS
The first thing we did was check which ports were showing as open.
To do that we used the MxToolbox site.
This particular server was lit up like a Christmas tree when it came to vulnerabilities!
We decide to start with 4 areas after considerable research online, and discussion with some of the linux geeks at work.
- Lock Down SSH
- User management
- Shut out FTP
- Disable remote mySQL connection
How To Lock Down SSH
First thing we are going to do is add another user, so that will be used with SSH, not the root user.
To add a new user type
It will look like not much happened, however you can now assign a password.
To do this type
And then put in a secure password.
Now disconnect from your connection and attempt to connect to SSH with your new username and password.
This worked however the user I had created did not allow me to act as root.
For this I needed to go into WHM/Security Center »Manage Wheel Group Users and add the new user in there.
Now I could login with the new user and then run as root by using the su command.
Next stop – changing the default port used by SSH.
How To Change The SSH Port For CENTOS
To change the port for SSH, if you are running CENTOS like the server we did this on you can just follow this tutorial
Once this was done we now had to specify the port when we connected.
The last thing we wanted to do in regards to SSH was to disallow the root user from connecting via SSH.
How to Revoke Root User Permission In SSH
To do this we need to edit the sshd_config file using vi or similar:
You need to change the line that states PermitRootLogin no.
To do this hit “i” to insert (otherwise you will only be able to delete!) and change the no to yes.
To save the file press the Esc key, type :wq! and hit enter. Finally you will need to restart SSH
To do this run
If you have managed to successfully complete the above steps then you have made your first steps in ensuring the front door of your VPS is not swinging open in the breeze.
Make sure you check back again soon, as our next task will be to secure FTP.