How to Secure Your Dedicated Server: A Beginner’s Guide

A dedicated server provides full control, but with that control comes the responsibility of securing your server against cyber threats. Whether you're hosting a website, game server, or business application, proper security measures are essential to protect your data and maintain performance.

This guide walks you through step-by-step security measures to safeguard your QuickServers dedicated server from unauthorized access, malware, and cyberattacks.

Step 1: Update Your Server Regularly

Keeping your server's operating system and software up to date is critical for security. Updates often include patches for vulnerabilities that hackers exploit.

  • For Debian-based systems (Ubuntu, Debian), run: 
    sudo apt update && sudo apt upgrade -y
  • For CentOS-based systems (CentOS, AlmaLinux, Rocky Linux), run: 
    sudo yum update -y
  • Enable automatic updates to keep your system secure without manual intervention.

Step 2: Use Strong SSH Security Practices

By default, servers use SSH for remote access. Enhancing SSH security prevents unauthorized logins.

  • Change the default SSH port from 22 to a custom port (e.g., 2244): 
    sudo nano /etc/ssh/sshd_config
    • Locate the line #Port 22, remove the #, and change 22 to another number (e.g., 2244).
    • Save and exit, then restart SSH: 
      sudo systemctl restart sshd
  • Disable root login via SSH to prevent direct root access:
    • In /etc/ssh/sshd_config, find PermitRootLogin yes and change it to PermitRootLogin no.
  • Use SSH key authentication instead of passwords for stronger security.

Step 3: Set Up a Firewall for Network Protection

A firewall restricts unauthorized access to your server while allowing necessary connections.

  • For UFW (Ubuntu/Debian): 
    sudo ufw allow 2244/tcp  
sudo ufw allow http  
sudo ufw allow https  
sudo ufw enable
  • For Firewalld (CentOS/AlmaLinux): 
    sudo firewall-cmd --permanent --add-port=2244/tcp  
sudo firewall-cmd --permanent --add-service=http  
sudo firewall-cmd --permanent --add-service=https  
sudo firewall-cmd --reload

Step 4: Install and Configure Fail2Ban to Prevent Brute-Force Attacks

Fail2Ban detects and blocks repeated failed login attempts.

  • To install on Ubuntu/Debian: 
    sudo apt install fail2ban -y
  • To install on CentOS/AlmaLinux: 
    sudo yum install fail2ban -y
  • Start and enable Fail2Ban: 
    sudo systemctl start fail2ban  
sudo systemctl enable fail2ban

Step 5: Disable Unused Services and Ports

The more services running, the more potential entry points for attackers.

  • List all open ports: 
    sudo netstat -tulnp
  • Disable unused services (example for FTP): 
    sudo systemctl disable vsftpd  
sudo systemctl stop vsftpd

Step 6: Secure Your Database

If your server runs MySQL or PostgreSQL, securing the database is crucial.

  • Change the default database root password: 
    sudo mysql_secure_installation
  • Restrict remote access to the database:
    • Edit MySQL configuration (/etc/mysql/my.cnf or /etc/my.cnf) and bind MySQL to localhost: 
      bind-address = 127.0.0.1
    • Restart MySQL: 
      sudo systemctl restart mysql

Step 7: Enable Automatic Security Monitoring

Regularly monitoring logs helps detect suspicious activity.

  • Set up log monitoring tools like Logwatch: 
    sudo apt install logwatch -y
  • Check system logs for unusual activity: 
    sudo journalctl -xe

Step 8: Use SSL/TLS Encryption for Secure Communication

Encrypting server connections ensures safe data transmission.

  • If hosting websites, install an SSL certificate to secure user data.
  • For Let's Encrypt SSL (free SSL certificate): 
    sudo apt install certbot -y  
sudo certbot --apache

Step 9: Set Up Regular Backups

Even with the best security, having a backup plan is essential.

  • Create automated backups using Rsync: 
    rsync -av --delete /var/www/html /backup/
  • Schedule backups with cron jobs to run at specific intervals.

Conclusion

Securing your QuickServers dedicated server is essential to protect your data, applications, and performance. By updating your system, hardening SSH, configuring firewalls, and monitoring security logs, you reduce the risk of cyber threats.

Follow these steps to keep your server safe and ensure optimal performance for your business or personal projects.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Set Up a Firewall to Protect Your Dedicated Server

How to Set Up a Firewall to Protect Your Dedicated ServerSecuring your dedicated server with a...
How to Secure Your Dedicated Server Against Brute Force Attacks

How to Secure Your Dedicated Server Against Brute Force AttacksBrute force attacks are a common...
How to Install and Configure Fail2Ban on Your Dedicated Server

How to Install and Configure Fail2Ban on Your Dedicated ServerFail2Ban is an essential tool for...
How to Enable Two-Factor Authentication (2FA) for Your Server Login

How to Enable Two-Factor Authentication (2FA) for Your Server Login Two-Factor Authentication...
How to Block Malicious IPs on Your Dedicated Server

How to Block Malicious IPs on Your Dedicated Server Protecting your dedicated server from...