Knowledge Base

How to secure a semi-managed server

This article describes several steps you can take to help secure a semi-managed server.

The information in this article only applies to the products listed in the Article Details sidebar. You must have root access to the server to follow the procedures described below.

Securing a semi-managed server

A semi-managed server provides you with total flexibility. Because you have root access to the server, you can install whatever you want, configure it however you want, and run it however you want.

With this freedom comes additional administration tasks, however, and one of the most important of these is security. If you do not take steps to secure your server, you leave it open to attack by malicious actors. A minor attack could be just an annoyance, while a major attack could result in the loss of your entire server configuration and data.

Therefore, it is very important that you try to secure your server as much as possible. The following recommendations can help you do this.

Use strong passwords

Weak passwords can undermine the most carefully configured server. Good security practices start with using strong passwords. For information about how to choose strong passwords, please see this article.

Disable root SSH access

The root account is all-powerful, so one of the first things you should do on a new semi-managed server is create a normal user account and disable root SSH access. For information about how to do this, please see this article.

A2 Hosting uses a different SSH port (7822) from the default port (22), which helps reduce the number of bots attempting to scan and access your server. Nevertheless, it is a very good idea to disable root SSH access.
Update the server regularly

Security vulnerabilities are constantly being discovered and patched. (One well-publicized example is the “Heartbleed” OpenSSL vulnerability that was disclosed in April 2014.) Maintaining an up-to-date server with the latest patches and fixes is crucial to maintaining a more secure server.

For information about how to install updates on a semi-managed server, please see this article.

Set up a firewall

A firewall enables you to control incoming and outgoing network packets. For example, you can specify rules that block all incoming packets on port 25, or all outgoing packets to a certain port or host.

  • For information about how to set up a firewall using iptables, please see this article.
  • For information about how to set up a firewall using Advanced Policy Firewall, please see this article.
Set up fail2ban

The fail2ban program helps secure your server against unauthorized access attempts by monitoring log files for suspicious activity. After a predefined number of failed access attempts from an IP address, fail2ban automatically blocks it.

For information about how to set up fail2ban on your server, please see this article.