Effective Ways to Protect VPS from Cyber ​​Attacks

How to effectively protect VPS from hacking and cyber attacks?

Virtual private servers are the best solutions for hosting various Internet projects, from one-page business card sites to large sites that require a variety of settings and powerful hardware.

Unfortunately, even the most powerful and flexible VPS is at risk of a network attack aimed at stealing personal information, intentionally damaging it, blocking the normal operation of the network resource, which makes it inaccessible. How to protect the server? What methods, settings, programs and applications are the most effective?

Specifics of hacking

Before studying countermeasures, you should understand how exactly hackers threaten the server. Potential threats can be divided into two main groups:

• Hidden penetration. To do this, the attacker needs to take over the account by guessing the password using a special program or by stealing it. The consequences are most serious if the fraudster managed to log in under the administrator account, which opens absolute access to the data, the ability to perform any actions with it, from changing to deleting. If a successful attack is carried out on a commercial structure or an online store, the financial losses are colossal.
• Rough attack. A typical example is DoS. Fraudsters "bombard" the server with thousands, millions of useless requests, each of which it must process, wasting computing power. Even the most powerful systems, with high-performance processors, huge amounts of RAM, cannot cope with such a load and “fall”, the sites hosted on them become unavailable, the owner companies suffer commercial and reputational losses.

To protect the system 100%, you need to prepare for all possible attacks, use all possible methods.

Security Basics

Taking actions aimed at improving the security of the site should ensure the following results:

• Data integrity. Unauthorized theft, deletion, or modification of information is unacceptable.
• Continuity of operation. The server must be constantly available to both administrators and users. Only in this case, the site hosted on it will be able to bring real benefits, help in solving commercial problems, and forming a positive image of the owner organization.
• Confidentiality. An integral rule of security is strict access control to files stored on the server and its sections.

General rules and methods

Each of the most popular operating systems, Windows and Linux, offers administrators, owners, and users of servers unique protective tools. Before studying them, however, you should familiarize yourself in more detail with the general methods that do not depend on the OS.

Timely software updates

Developers continuously test programs, and with enviable frequency release “patches” that eliminate vulnerabilities that can be used by intruders. To automate the update process and not worry about using outdated versions of software, you should do the following:

• On Microsoft Windows – activate the "automatic update" function in the "Update Center" of the settings menu.
• Linux – install the special "yum-cron" package.
• FreeBSD – periodically run the "freebsd-update" command. This command will check and, if new software versions are found, download them. However, you will have to run the installation manually.

Using licensed software

Installing unverified applications on a VPS, guided solely by the possibility of using them for free, is an extremely bad decision that can lead to catastrophic consequences. Software distributed free of charge is acceptable, however, it must be released by a reliable developer whose reputation is beyond doubt, downloaded from the official website.

Service control

It is better to completely deactivate all unnecessary programs running in standard or background mode. The principle is simple: hacking an inactive service is technically impossible. A more variable method is to set up a firewall that will allow interaction with services that are not in constant operation only from verified IP addresses assigned by the user.

Account Control

Each user must interact with the VPS exclusively from their own account, where access rights are recorded and delimited. If a user loses access to the server, for example, leaves the staff of administrators, their account must be immediately blocked to exclude unauthorized malicious actions.

Backup

You need to periodically create manual backups, or automate this process. The backup will help restore the server even in the event of a critical failure, hacking, or a successful attack, during which large information arrays were damaged.

Using secure protocols

FTP is a reliable, time-tested information transfer protocol, however, it is difficult to classify it as secure. The information is transmitted in text form, which means that authorization data can be easily intercepted by an intruder. Safer alternatives are SFTP, SCP, and support for SSH encryption algorithms.

Complex passwords

To authorize on a VPS, you should set passwords that meet general ideas about network security, a number of requirements:

• Length – at least 12 characters. General principle: the longer, the more reliable.
• Inclusion of the maximum number of available characters, letters of various registers, numbers, punctuation marks.
• Chaotic. It is better to use random combinations than words and expressions. The latter, however, is possible subject to appropriate modification, adding spaces, replacing letters with numbers that are similar in spelling.

Using additional antivirus programs

Firewall, like other protective tools built into the operating system, is good, however, their capabilities are not unlimited. Moreover, they are often inferior to specialized programs. It would be a good idea to install antivirus utilities. Of course, we are talking only about proven software from developers whose authority is beyond doubt.

Choosing a reliable hosting provider

Trusted organizations that value their clients and reputation offer the most secure VPS, the protection of which is not limited to only the tools built into the OS, many additional tools and options are available.

Microsoft Windows Server

Now we need to consider specialized methods of VPS protection, provided by the functionality of a specific operating environment. According to statistics, the most popular solution is Windows Server, and it is worth starting with it.

Firewall Setup

The firewall is the main obstacle in the path of intruders, so its setup must be approached with all responsibility. First of all, it is recommended to block unnecessary ports, 80 and 443 will be enough for most servers. Only users coming from IP addresses on the white list should interact with other ports, for example, 990 and 53.

Renaming the administrator account

The method may seem too simple and even banal, however, practice confirms its effectiveness. The essence is to change the name of the administrator account, which hackers immediately try to focus on. The functionality of Windows Server allows you to change the name "Administrator" to something less catchy, lost in the general mass.

Working through a simple user account

Administrator rights are needed only to perform a limited range of actions that are not required constantly, but episodically, for example, during a serious reconfiguration of the VPS. In the vast majority of cases, you can get by with a standard account with limited rights.

This approach is safer, allows you to minimize the harm from erroneous actions, up to the absence of any. User privileges are simply not enough for critical changes.

Access rights restrictions and delimitations

Anonymous interaction with files is unacceptable. Each user receives the right to work only after successful authorization with the entry of the name and password. This applies to all files, even those that at first glance seem insignificant, unimportant for the operation of the system. Yes, in themselves they are not of great value, however, they can become a “loophole” leading an intruder to more important information, the loss of which is critical.

Enabling RDP services

RDP is a special protocol that allows you to remotely interact with the Windows desktop and, therefore, change all system settings, right down to the main ones. The protocol security is quite sufficient, however, some actions additionally increase its level:

• Automatic disconnection of RDP sessions if the user has not confirmed their authority by entering a password.
• Changing the ports used for RDP by default. A simple action complicates the search for the required port and, accordingly, its “eavesdropping”.
• Activation of SSL and TLS. The use of these algorithms guarantees that data will be transmitted exclusively through secure channels.

Automatic disconnection of the session if there is no action

The inactivity time can be set at your discretion. After this period, re-authorization with a password will be required.

Linux Security

Administrators and users who have decided to choose Linux as their main operating environment can also be given several valuable recommendations to protect the server.

Configuring a Firewall

As with Windows, the technique is quite simple, but very effective. Linux users are offered several options:

• UFW. The simplest solution, aimed at undemanding users, beginners who have just begun to get acquainted with the server system.
• IPTables. A popular option, balanced in characteristics, security functions, ease of management.
• NFTables. Development of the previous solution, built directly into the system core. The setup is simplified, while security remains high. In addition, support for the current IPv6 Internet protocol is implemented.

Activation of the SSH protocol

This protocol helps to establish a secure connection with the VPS. Its principle is end-to-end encryption, thanks to which even interception of data by an intruder is completely useless, decoding is impossible. The overall level of SSH security, however, depends on the selected authorization method in the system:

• Entering a password. The method is simple, but not very reliable. In theory, hackers can find the right combination by brute force, especially if it is quite simple, consists exclusively of numbers, letters of the same case.
• SSH keys. The most reliable method. A pair of keys is used for authentication, the first is publicly available, helps the system identify the user interacting with it, the second is closed, needed for authorization, confirmation of rights and powers.

IDS and IPS systems

The main task of these systems is the prompt recording of hacker attacks. The automation keeps network traffic under control, and when there is even the slightest suspicion of an attack, a response in the form of blocking follows. The accuracy of IDS and IPS is very high, since tracking is carried out in a comprehensive manner, according to two criteria:

• Recording network traffic, searching for indirect and direct signs indicating the beginning of a network attack.
• Comparison of “correct” file configurations stored in memory with changeable, “incorrect” ones. Such changes may well be made by intruders.

Fail2ban System

The main function of this system is to record logins to the VPS, keep logs, detect IP addresses from which a suspiciously large number of unsuccessful authorization attempts were made, which indicates a high probability of login by brute-forcing the password. The system's response is a complete blocking of the address or, at a minimum, a notification of a potentially dangerous situation.

Hacking: recording and counteraction

An attempt at unauthorized access to the VPS can be recorded both automatically and manually. For example, the following signs indicate it:

• General instability. Delays, unavailability of some functions, their incorrect operation - all this indirectly indicates external malicious actions.
• A sharp increase in traffic. A surge indicates, for example, that the server is being used by hackers to send spam. You need to constantly monitor traffic in order to respond to its first surges.
• Inability to log in to an account, authorization problems.

The slightest deviation from correct operation is a reason for an in-depth check. It is not a fact that it is associated with a hacking attempt, harmless technical failures are also quite likely, but it is better to be on the safe side. Accurate conclusions can be made by determining the time of the login attempt, successful or unsuccessful, the IP addresses from which requests were received, by studying the running processes. Unclear processes consuming a lot of resources, unknown IP addresses – all this points to an attack.

If hacker activity is detected, all incorrect processes should be stopped, IPs should be blacklisted. At the same time, you should forcibly update the software to the latest versions, install antivirus applications with fresh databases, change passwords, block individual ports and deactivate malicious scripts.

Summing up

Ensuring security when working with a VPS is a complex task that requires taking into account many factors. You need to approach it responsibly, using the maximum number of functions built into the operating system, installing additional applications and utilities that track the activity of intruders.

If the attack was successful, do not despair, especially if a backup was made earlier. All information can be restored, and the server will be able to function correctly again.

Author of the article:

Editor-in-Chief

Danaev Almaz