Hey Everybody,
Just a friendly note from a PowerVPS tech.
Finding out your VPS has been hacked is like walking out to your car, and seeing the gaping hole where your stereo used to be. It hurts, bad.
However there are plenty of steps you can take as a VPS owner to secure your setup. Most of these are fairly basic and can halt the majority of hacking attempts.
If you need help setting up or configuring anything listed below, don't hesitate to contact support. Who knows, you could get lucky and get me for your tech!
1) Securing SSH
SSH presents a unique problem. It is necessary for system administrators to manage their servers, and because of that it raises security vulnerabilities.
For those of you who use cPanel / Plesk or Webmin-Usermin, you may not use SSH everyday, or at all. It is easy to forget about it.
1.1 don't login (or allow logins) to ssh as 'root'
The user root is way, way to powerful to be allowed direct remote access. This does not mean you need to disallow root functions over ssh. In this setup another user is first used to login to ssh, and then the sudo command is used to allow root only operations. (Don’t worry, it’s not complicated... really it’s not
First ssh in to your VPS (if you have to use root this time, so be it)
at the prompt type the command
Code:
nano -w /etc/ssh/sshd_config
this will open the Nano text editor and allow you to edit the ssh configuration
find the line
Code:
# PermitRootLogin yes
and change it to
hit cntrl + x to exit Nano, then hit y and then enter to save the file
Now, we need to make a user to login to SSH when root level functions need to be performed.
when you are at the command line in ssh type the following command
Code:
useradd NewUserName -g wheel
this will create a new user in the wheel group (change NewUserName to whatever you want this user to be called)
Next run
and enter the new password for the user you just created
Please Please Please use strong passwords, they are your first line of defense against hackers. Setting your password to doggie, is about the same as locking your front door with a q-tip and some scotch tape. Google "complex passwords" for some help picking one
Now we need to edit the suddoers file. This file determines who is allowed to use the sudo command, and that is what will allow you to act like root, without actually using the root account.
Since we added the new user to the wheel group, all we need to do in here is allow the wheel group to sudo. This is already in the file so all we need to do is remove the comment in front of it. Here is how
Code:
nano -w /etc/sudoers
Find the line
HTML Code:
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
and remove the # like so
Code:
# Uncomment to allow people in group wheel to run all commands
%wheel ALL=(ALL) ALL
again, hit cntrl -x, then y and then enter to exit and save the file
Now, all you need to do is run the following command to restart ssh services and you done (you may get booted out of ssh after you run this command)
Code:
service sshd restart
All set, you have no disallowed the root account to login through ssh.
To login to ssh to perform root functions, use the following steps.
SSH to your server using the username and password you created above, not root.
Next type the following command
This will bounce you up to root for the entire time you are logged in. Alternatively you can use sudo in front of any command to run just that command as root
For ex.
Code:
sudo nano -w somefile.txt
would open somefile.txt as the root user.
1.2 Changing the SSH port
The standard port for SSH is 22, and hackers are well aware of this fact. Changing the ssh port is a great way to avoid some common brute force hacking attempts and the like.
First ssh into your VPS (using the new account and password from above and then sudoing up to root)
Edit the ssh config file
Code:
nano -w /etc/ssh/sshd_config
Now, find the line labled
and change it to
where zxy is any 4 digit number you wish, (note this number)
hit cntrl + x to exit Nano, then hit y and then enter to save the file
Now, you need to open up this new port in your VPSs firewall. If you dont know how to do this already, dont attempt it before consulting support.
Simply open a support ticket, and we will have this port opened for you in half a jif, just make sure to include the port number you have set in the ticket.
Now, restart sshd with the folowing command, and your all set. Remember to change the ssh port in whatever client ssh program you use to connect to your VPS.
Code:
service sshd restart
Securing your new VPS
Linear Mode
