Secure Linux Server - how can a web server be protected against hacker attacks?

Due to the numerous providers in the hosting market, prices for own Linux servers are cheaper than ever before. The idea of acquiring your own server is tempting. However, caution is advised, as being the owner of a server means being fully responsible for it and liable for actions originating from the server. Hackers target poorly secured servers, infiltrating these machines and abusing them for their own purposes. Often, these machines are used to send spam emails or carry out DDoS attacks. Serious problems arise especially when illegal material is distributed through the server. In such cases, the owner may face severe legal consequences.

To prevent problems caused by hackers, certain basic rules should be followed when configuring the server to make it difficult for attackers to penetrate. Here are some of these rules:

1. Keep the System Up to Date

The operating system, as well as the software and services used (web server, mail server, etc.), must always be kept up to date. Updates should be performed regularly, preferably automatically every day via a cron job. Especially after the system is newly installed, updates must be applied, as software provided by the host may not always be up to date.

2. Configure SSH Settings

Most attackers attempt to hack the root access to the server. Therefore, create a new user with a unique name for SSH access and completely disable root access in the SSH config.

Additional ways to enhance security include:

• Manually change the default SSH port to a different one.
• Disable SSH log-ins via password entry and only allow log-ins with a valid key file.
• Use additional applications like fail2ban or denyhosts. These programs automatically block attackers' IP addresses.

In this context, it is crucial to always use secure passwords consisting of letters, numbers, and special characters.

3. Secure Ports / Configure Firewall

Configure the system's firewall to block ports that are not needed. The usual ports used include those for SSH, FTP, HTTP, and HTTPS. Use the system's native software to configure the firewall or make the settings directly via iptables. Use Netstat to see which ports are open and in use.

Ensure that you do not lock yourself out while configuring the firewall.

4. Use Security Software

Just like for a home computer, there are various types of security software available for servers such as antivirus programs, anti-rootkits, and malware scanners. Implement these on your server as well. Commonly used software includes ClamAV, chkrootkit, rkhunter, and tripwire. Keep these programs up to date and regularly scan your system. Ideally, automate daily scans using a Cron job.

5. Configuration of Individual Server Services

All server services must be kept up to date and their default settings should be optimised. The settings will depend on the purpose and type of services being used. Here are a few examples:

FTP

• Review security settings and, for example, do not grant log-in access to anonymous users.
• Block the port if the service is not in use.

PHP

• Limit PHP's read and write access to explicitly allowed directories.
• Disable public error messages as they unnecessarily expose system information.

Web Server

• Disable unused modules.

Please note that this guide serves as a foundation and is not exhaustive. As the owner of a server, you are solely responsible for its security and ideally should continuously and intensively engage with the subject.

Find out how to secure a Windows Server as well.