What a great day it is! You’ve just got your new VPS and are ready to get hosting some websites on it, but before you do anything you need to make sure you’ve locked it down to stop any unwanted activity.
While we do provision our servers with a secure image, there are some additional steps you can take to ensure everything is as secure as it can be. As we offer VPS hosting with a few control panel options, I’ll split this post up a bit. We’ll focus on cPanel and Plesk today as these are by far the most popular control panels.
For Both cPanel and Plesk
Always patch your software.
Both Plesk and cPanel provide great utilities for updating software within their web interface, or you can easily do it via SSH at any time. This ensures you not only have the latest performance patches, but also the latest security fixes leading to a more secure server. You don’t want your server to be part of a spam botnet!
We’ve got to the point today where using special characters just isn’t enough anymore, the software used to guess passwords expects these. You need to have as long of a password as possible. For example, theinternetwasmadeforcatvideos is far more difficult for automated tools to guess (or “crack”) than v%b3h43@.
Sign up for password leak alerts.
There’s a great tool online for checking if your email address or password has been compromised called haveibeenpwned. This is a service run by Troy Hunt, a very well-known and well-respected security engineer. As well as the ability to lookup email addresses and passwords as and when you please, you are also able to set up alerts for any email addresses on your domains. Just head here and get set up! This way when breaches happen you’ll be notified immediately reducing the amount of time someone has to get on to your email account and start doing unwanted things.
Both cPanel and Plesk include a Security Advisor tool to help get some quick wins to help you get secured. These cover things such as making use of extra firewall tools, ensuring you are using SSL certificates (including from AutoSSL or LetsEncrypt) to protect website visitors, and checking your server software is up to date. As long as you have used these tools you are in a pretty good position to face the wild west that is the internet.
Tips for cPanel
CSF (ConfigServer Firewall)
CSF is a brilliant addon for cPanel servers and it really will make administering your firewall significantly easier, as well as helping to manage things such as IP blocking/whitelisting server-wide and brute force protection. CPHulk is great, but CSF takes it to another level.
We recommend installing this straight away, taking a look at the documentation, and setting it up so that everything is set right for you and your needs. If you need a hand with getting it installed, you can always drop a message to our lovely support team who will be more than happy to give you a hand!
I mentioned this briefly above, but CPHulk is a great brute force protection tool that comes with cPanel. It is pretty basic out of the box but protects all-important system services such as email, cPanel, WHM, and SSH. cPanel has some great documentation for it here, we definitely recommend checking it out!
Keeping Up To Date
cPanel frequently releases updates for their software, and one of the best features of cPanel is that it will automatically manage updates and patch things for you periodically in the background. However, sometimes updates require reboots. To ensure you are in control (and your website doesn’t randomly drop off the face of the earth) cPanel won’t automatically reboot your server to apply these updates. You will need to log in to WHM and reboot it manually when the yellow message shows in the top right. A reboot won’t take long, but a small bit of downtime (in quiet hours for your websites or projects) can go a long way to keeping you safe in the future.
Tips for Plesk
A great addon for Plesk that you can install is Fail2Ban. It works much the same as CSF for cPanel but is a little bit more limited. It will keep an eye on log files for system services (such as SSH, email, Plesk Logins) and it has some configurable options for managing ban duration, etc. This is a must-have for any Plesk installation to keep you, and your customers / end-users, safe.
Keep Everything Updated
Unfortunately, Plesk doesn’t automatically apply patches out of the box. You will receive a message in Plesk when logging in letting you know that updates are available, but you will need to install them manually. This should be done frequently to ensure you have the latest security patches for system packages and Plesk itself. Plesk has a great update tool within the Tools & Settings section of the Plesk interface, or you can run the Plesk installer over SSH. If you need a hand with this (as it is a little bit more complex than cPanel) please feel free to drop a message to our support team in a ticket and we’ll give you a hand!