Hacking attacks are on the rise and if you want to protect your web servers from all sorts of hacking attacks and other potential threats, it is essential for you to understand first the facts regarding the vulnerability of these servers. It is only after understanding these facts that we can take proper measures to prevent any hacking event on your server and make sure that your servers do not fall prey to any malicious virus or threat. In this regard, server security is of utmost importance. Even if you have a great revenue generation idea for your website, you still essential to make sure that your servers are protected and there are no security issues by contacting security services. It is fair to say at this point that the significance of server security and security services cannot be overemphasized.
Securing a computer system is a rigorous task, especially when the system is connected to the Internet. Indeed, the global network is crawling with hackers that affect the functioning of your systems. Here is how to limit the possibilities.
- 1 1. Change the SSH listening port
- 2 2. Use only TLS in administration
- 3 3. Do not administer anywhere
- 4 4. Clean up malware on your PC
- 5 5. Update the server
- 6 6. Maintain your own apps
- 7 7. The parameters of your PHP
- 8 8. The Apache Mod Security Rules
- 9 9. Disable unnecessary services
- 10 Secure Your Database Server in 10 Simple Ways
1. Change the SSH listening port
By default and conventionally, the Secure Shell or SSH listens on port 22. But this convention makes it easier for hackers. Thus, they immediately test this port if they want to access the server. That’s why you have to create a feint: to shift the listening port to another one. At least the automatic brute force cannot do anything.
2. Use only TLS in administration
As you administer your server, millions of hackers attempt to extract sensitive data such as your password, for example. Thus, it is advisable to opt exclusively for Transport Layer Security (TLS) for administration. With encrypted data, impossible to crack.
3. Do not administer anywhere
The local network can also be dangerous. Select the networks you trust to administer your servers. Avoid free WiFi, cybercafes, …
4. Clean up malware on your PC
Malware such as viruses and trojans can transmit your login information to hackers. These will then use them to access your server as easily
5. Update the server
It is necessary to keep all the server software up-to-date to avoid security vulnerabilities already identified, especially the Linux kernel
6. Maintain your own apps
Your own Software applications and programs on your servers must be maintained and regularly updated. These can also be the source of security breaches.
7. The parameters of your PHP
There are some PHP settings that can threaten the security of your server:
- allow_url_fopen to treat all URLs as files. So it can be a way for a hacker to inject something into your servers. Disable it, especially if you are still on the old version of PHP 4.
- allow_url_include which allows you to include URLs in your PHP code and execute PHP scripts on it. It is strongly recommended to disable it.
- register_globals : a potential source of SQL injection or the execution of an arbitrary code
8. The Apache Mod Security Rules
This software firewall allows you to analyze incoming HTTP requests and identify known exploits. It is therefore advisable to install and configure it properly
9. Disable unnecessary services
You may have followed a tutorial to install your web server. However, you do not use, for example, the MTA (Mail Transfer Agent) services or in other words you do not send emails via your web server. So, it is safer to disable or even uninstall the responsible software.
Secure Your Database Server in 10 Simple Ways
- Strong Password Policy Execution
- Discard all Default Users and Demo-test Databases
- Change the Admin User Name
- User Privileges Need to be Restricted
- Disable Public Network Access to Database Servers
- Enforce SSL/TLS on Remote Connections and Restrict IP
- Check for Database Dumps in Public Locations
- Encrypt Your Application Files and Backups
- Web Application Firewall and Malware Scanner Should be used
- Always keep the Software Updated