My web hosting server has been receiving a few brute forcing attacks this past week. So i decided to secure the server a little more than what it already was. None of the bruteforces were successful, but it’s always good to be on your guard.
1. Disable root user login from SSH
On a shell, login as root and do the following:
useradd -g wheel iamtherealroot //You may change iamtherealroot to something else
passwd iamtherealroot //Set a difficult password
visudo //Update the lines
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
Save the file and make sure you can su – root when logged in as iamtherealroot..else you may risk being locked from using root ever!
vi /etc/ssh/sshd_config
Update the lines
PermitRootLogin no
Service sshd restart
2. Change the SSH port to something else other than port 22
Changing the ssh port to something else will help make the attacker have to look for the open port on your server for ssh. It is usually good practice to change it.
vi /etc/ssh/sshd_config
Change port number 🙂
3. Use a more strict cpHulk setting from WHM
4. Disable your system compilers
Go to Security Center from WHM -> Compiler Access. If your settings are as the screenshot below, you are still good to go 🙂 Why that? It prevents your users to use C compilers which could be used for harmful purposes.
5. Enable a firewall
Always remember not to allow access to any ports of your server, but only to specific ones which are currently being used. For example, if port 80, 21, SSH port, 25, 443, 110.. all that depending on the services that you are running on your machine.
