Before you can secure your server, you should know what the most common security risks you face are, including injection, authentication, cross-site scripting, denial of service, and security misconfiguration.
It’s that time again! October is National Cyber Security Awareness Month. This entire month is dedicated to raising awareness of cybersecurity. At Liquid Web, we’d like to do our part in helping raise awareness of ever-increasing cyber threats with a few DIY security tips. Learn what six simple things you can do on your own to secure your server. For step-by-step instructions on how to execute these tips, we have linked to any relevant corresponding articles from our Knowledge Base.
Update Outdated Content Management Systems
If your website utilizes a content management system (CMS), then one of the most important things you can do to keep your site secure is to regularly and responsibly update the CMS and any plugins you may have. However, it is important to keep in mind that it might not be necessary to upgrade immediately every time you discover a new update for your CMS. Pay attention to how your plugins may be affected and talk to one of our Heroic Support® staff members about how the latest update might protect your data.
Brute Force Detection, or BFD, is a service on your server that watches various log files for brute force attacks, an attack attempted via rapid logins using a dictionary file. Specifically, BFD looks for several failed login attempts in a short period of time from the same IP address. If detected, the guilty IP address will be blocked in the server’s firewall.
Changing your SSH port to something other than the default port 22 can help secure your server against brute force attacks scanning for vulnerable servers across the Internet. While it isn’t a guaranteed fix, many brute force login attempts are generally only looking for servers using the default port, and changing that port is a small thing that can greatly reduce the chances of you suffering from a brute force attack.
One of the common methods that brute force attacks use when attempting to gain access to your system is to focus specifically on root passwords. To avoid this, it’s best to disable root user login in the SSH server entirely. Creating a new user and using an alternative login that you can switch to root when needed, will both protect your server and allow you to still have access to root-level functions.
Once you’ve made the above changes to your SSH port and root user logins, you’ll want to make sure you update this information in our Manage interface. One of the best resources you can rely on for server security is our Heroic Support®. In order for our team to address any issues you come across, we’ll need access to your login details. Maintaining this information in Manage allows us to quickly login to your server to diagnose and solve any problems you have. In addition, we’ll be able to login into your server proactively to fix any problems or apply any updates so you don’t have to worry.
Even if every other security precaution is taken, an insecure password can make an entire server vulnerable. Longer, complex passwords are best when it comes to your server. Carefully choose your passwords when setting up your server, keeping in mind that secure passwords are often at least 10 characters, omit dictionary words, and contain a mix of numbers and special characters. Alternatively, just visit one of the sites listed in our above-linked Knowledge Base article to randomly generate a strong password.
National Cyber Security Awareness Month focuses on spreading awareness of cyber threats, but we want our customers to be able to protect themselves as well. By following the step-by-step instructions in the above linked Knowledge Base articles, you can be sure your server will much more secure against many of the common cyber attacks seen today. But don’t worry, if find yourself in need of more aid, our 24/7/365 Heroic Support® is here if you need them.