Safeguard your server with these security pointers
Shared hosting can be ideal for a wide variety of websites and projects, with the added benefits of a platform that’s completely managed, maintained and updated for you. But more advanced sites and applications demand the performance of a dedicated or cloud server, and these platforms require significantly more administration from the user’s side.
In this context, security is a vital aspect of server management. To minimise any chance of your server becoming compromised, you need to maintain top levels of security. So we’re focusing on some key factors you should keep in mind.
Antivirus and monitoring
You should always have an active antivirus product installed and set to scan all incoming and outgoing emails. You may also be able to set up an email alert to notify you whenever anything unusual is uploaded to your site.
As part of your ongoing security audits, you’ll need to ensure the antivirus software is set to regularly scan the server for any potential issues. Running these scans overnight is a good way to minimise any impact on performance.
A range of monitoring products are available that allow you to monitor processes on your server. These can help you identify any unusual activity that could indicate an attack.
Choose a strong password and change it frequently
Always ensure you use a strong administrator password that includes uppercase and lowercase characters, as well as special characters like ‘@’ and ‘!’, and numbers. Don’t forget to update this password on a regular basis. See our recent blog post for more tips on password strength.
Never use weak passwords like ‘password1’. If you struggle to create a strong password, you can use a password generator. You’ll find plenty of these online, just make sure you choose one from a reputable source.
Obviously, don’t use the same password for multiple accounts, or for other services such as KVM access, and always keep everything updated regularly. As we discussed in another recent blog article, password managers can be a convenient and secure way to keep track of numerous logins.
Make your login details even more secure
Software such as Fail2ban can be configured to automatically block access to a server for a predetermined period. This can help prevent brute-force attacks that attempt to gain access to the server by repeatedly guessing your password.
You should also consider creating additional user accounts with limited access permissions, which can then be used to administer the server on a day-to-day basis. On a Windows operating system, the user will be prompted for a password before they can make any changes that require admin details. On Linux, you can use the ‘su’ command to grant the user admin credentials.
Operating system updates
Make sure your operating system is kept up to date at all times. We suggest you use the option to download and install OS updates automatically. If you don’t want to enable this, you’ll need to regularly and manually install any security updates from the operating system provider.
There’s always a small chance that updates could cause issues on your server, so ensure you make regular backups for recovery purposes.
Plesk and cPanel updates
If you use a control panel such as Plesk or cPanel, you’ll need to keep this updated to the latest version. This can usually be achieved from within the control panel itself, or can be automated.
For details on updating Plesk or cPanel, see the following knowledge base articles:
Disable SMTP relay
When your server is first deployed, SMTP relay should be disabled by default. You’ll need to ensure this setting is not changed, because if it is, anyone could misuse the server to send email. This could result in your IP addresses being blacklisted by real-time blackhole lists (RBLs), or the server being suspended for being in breach of your service provider’s terms and conditions.
Use the built-in firewall to block IPs or ports and help prevent unauthorised access to the server. If you’re not using a specific port and find that it’s open, close it. Only open ports that you know will actually be used.
If you have trouble resolving issues on your server yourself, our Professional Services team is available to assist you. To discuss this option further, please contact our server support team or raise a support ticket via your Fasthosts Control Panel.
This is not a definitive list on how to secure your server, but it should point you in the right direction and help you keep your server protected. You’ll find comprehensive help articles and guides on our support site, and you can visit the Fasthosts website for details of the security features offered by our dedicated servers and CloudNX platform.