How to Secure Your Dedicated Server?

 

Securing SSH

 

The default standard port number for SSH is 22. If you check your logs, you might find huge number of unwanted login tries on that port. Changing this port number in one of the simplest way to secure your server. In order to change this port number, you need to login as root in your server and run the below mentioned command:

vi /etc/ssh/sshd_config

 

Locate the line that says:

Port 22

Alter this line to some other port number above 1024. Making use of a port number above 1024 averts scans such as nmap choosing up SSH.

Next we have to to make use of extra secure SSH 2 protocol. On the line below the port number, assign the protocol to 2.

Protocol 2

Now save the sshd_config file and now restart sshd:

/etc/init.d/sshd restart

When to make an attempt to login through ssh access, you will have to describe the custom port number. In the illustration given below, the custom port number has been assign to 4874.

ssh -p This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Use the Inbuilt Plesk Firewall

However you can modify the firewall using command line, there is another way known as Plesk Firewall. Just locate to server > firewall modules > Firewall. If you are using a static IP address, you have the ability to create rules so that the web server will only have permission to access from your IP address. To give an example given above, custom SSH port 4874, the rule given below will only permit access from the IP address 101.11.12.20:

  



USE SFTP

SFTP is much more secure than FTP because it make use of the SSH protocol. Secure Shell access should be permitted to each and every Plesk user for every account. From the setup page choose /bin/bash below the Shell access to web server with FTP user’s details. The particular user will hereafter allowed to login over SFTP. Don’t forget to modify the port number in your FTP client if you modified the default port as stated above.  If you are confident you do not wish users to login on to standard FTP, you may too block this port via the Plesk’s firewall module. For more details check the screenshot given above.

 

The accompanying guidelines would apply:

Refuse incoming from all on port numbers 21/tcp & 21/udp

Additionally you can secure your FTP access, if you are using static IP address, by permitting access only from your IP address. If you IP address is 101.11.12.20, the rule for your would be:

Allow incoming from 101.11.12.20

Deny incoming from all others

 

Defuse Ping Requests

 

Your web server can be pinged by any person, it means it is findable. You can easily enhance the security ny modifying your firewall to only enable recognized IP addresses in order to ping your server. Suppose your IP address is 101.11.12.20, modify the rules under Ping setting in Plesk’s Firewall rules:

 

Allow incoming from 101.11.12.20

Deny incoming from all others

Given above are few of the best steps that will strengthen the security of your Dedicated Server.