When you receive your VPS from Laws Hosting, the first thing to do is to think of its use. What will you be using it for? What software will you be installing (be aware, we do not allow certain software on VPS's, see our Terms)?
1. Protect your logins - Ideally, the first thing to do is change your SSH port. Also, use a strong secure password and limiting SSH access to the necessary users. The ‘root’ account has full control over the entire server, so allowing direct logins as ‘root’ via SSH is one of the biggest security risks. You do not want hackers to take over your VPS - they will try to brute force your VPS’s ‘root’ password.
2. Update Your Software – Keeping ALL software up-to-date is an important tasks of securing your VPS. Vulnerabilities are found in linux applications, services and scripts, new fixed versions are being released very quickly. Installing the updates on your server is recommended.
3. Protect your server – Network firewalls, application firewalls, brute force detection and any other form of protection. Take time and research various measures you can take with your operating system.
4. Monitor everything – A VPS administrator has to be be proactive. Do not wait until your web host contacts you alerting a problem. Unlike shared hosting, this may not happen until it is too late. Setup system monitors and keep an eye on your VPS.
5. Backup – Backup your VPS regularly and be prepared for the worst. Test your backups to make sure they actually restore properly.
6. Disable Unnecessary Services – All Linux distributions usually have many services/daemons configured to start every time you start the server. The more services running on your server, the more ports are being open to potential external break-ins. Disabling unnecessary services can improve the security of your server and even the overall server performance.
When you think about the huge responsibility a VPS needs, it can be daunting, but manageable if you have the right tools and a fair education on the topic.