How to Secure and Harden a VPS (CentOS/Ubuntu) Print

  • 1

This tutorial will show you on how to secure and harden your Ubuntu or CentOS VPS.

A Linux VPS

Protecting from Brute Force Attacks

One of the common mechanism used by a hacker to take control your online business is by initiating brute force attacks against the server and web platform like WordPress, Joomla, etc.

This can be dangerous if not taken seriously. There is two popular program you can use to protect Linux from brute force.

SSH Guard

SSHGuard monitors the running services from the system log files and blocks repeated bad login attempts.

Initially, it was meant for SSH login protection, but now it supports many others.

  • Exim
  • Sendmail
  • Dovecot
  • Cucipop
  • UWimap

You can get SSHGuard installed with the following commands.


apt-get install SSHGuard


rpm -ivh sshguard-1.5-7.1.x86_64.rpm


Fail2Ban is another popular program to protect SSH. Fail2Ban automatically update the iptables rule if failed login attempt reaches the defined threshold.

To install Fail2Ban in Ubuntu:

apt-get install fail2ban

and to install in CentOS:

yum install epel-release
yum install fail2ban

SSH Guard and Fail2Ban should be sufficient to protect SSH login. However, if you need to explore more then, you may refer the following.

Disable Password-based Authentication

If you log in to your server from one or two computers, then you can use SSH key based authentication.

However, if you have multiple users and often log in from multiple public computers the, it might be troublesome to exchange key every time.

So based on the situation, if you opt to disable password-based authentication, you can do it as following.

Note: this assumes you have already setup SSH key exchange.

  • Modify /etc/ssh/sshd_config using vi editor
  • Add the following line or uncomment it if exist
PasswordAuthentication no
  • Reload the SSH Daemon

Regular Backup

Backup is your friend! When nothing works then the backup will rescue you.

Regular Update

Keeping your VM OS up-to-date is one of the essential tasks to ensure your server is not exposed to any latest security vulnerabilities.

In Ubuntu, you can use apt-get update to ensure latest packages are installed.

In CentOS, you can use yum update

Don’t leave opened ports

Keeping unwanted opened ports like an inviting attacker to take advantage. If you are just hosting your website on your VM then most likely you need either port 80 (HTTP) or 443 (HTTPS).

Was this answer helpful?

« Back

Powered by WHMCompleteSolution