MDKadiwala
    Back to Blog
    Security

    From VPS Compromise to Fort Knox: Hardening Your Server Security

    Dec 5, 2024
    10 min read
    SecurityDevOpsVPSLinux

    The Wake-Up Call

    Three months into running my SaaS, I noticed unusual CPU spikes. A crypto miner had made my server its home. Here's how I locked things down.

    Immediate Steps

  1. Change all passwords and keys
  2. Audit all SSH access
  3. Check for backdoors

    4. Security Hardening Checklist

    SSH Configuration

    # /etc/ssh/sshd_config

    PermitRootLogin no
    

    PasswordAuthentication no
    

    Port 2222  # Non-standard port
    

    AllowUsers yourusername

    Firewall Setup with UFW

    ufw default deny incoming

    ufw default allow outgoing
    

    ufw allow 2222/tcp  # SSH
    

    ufw allow 80/tcp    # HTTP
    

    ufw allow 443/tcp   # HTTPS
    

    ufw enable

    Fail2Ban Configuration

    Automatically bans IPs after failed login attempts.

    Automatic Security Updates

    apt install unattended-upgrades

    dpkg-reconfigure -plow unattended-upgrades

    Monitoring

    • Set up alerting for unusual activity

    • Monitor authentication logs
    • Regular security audits

    The Result

    Zero security incidents in 12 months since implementing these measures.