How can I ensure my server never gets hacked?
I've had some server compromises in the past, and it takes time and effort away from my business to fix the issues when they arise. How can I ensure that this never happens again?
1 Reply
Keeping a server secure requires a comprehensive plan which takes your whole software stack into consideration, and so there is no single piece of advice I can give which will ensure that you'll never have another compromise. That said, I recommend that you start with our guides on securing your server and advanced SSH security techniques. Make sure to install a service like Fail2Ban to automatically block automated intrusion attempts, and switch to using Public Key Authentication, if you haven't already. You'll also need to create strong firewall rules. To assist in creating a strong firewall, I've also linked this post on how to open firewall ports.
From there, you'll need to consider what other software is running on your Linode, and the security risks that each piece of software poses, while ensuring that your security measures don't hinder the usability of your Linode and its services. You can also check out this post for more information on basic server security, as well as some scripts which can be used to automate some of the process for you. You can also reuse those scripts as StackScripts when deploying other servers in the future.