DocsSecuritySecuring Your Server
Security 10 min read

Securing Your Server

Essential security hardening steps for your dedicated server.

Securing Your Server

Follow these essential security practices to protect your Cd hosting dedicated server.

1. SSH Hardening

Disable Root Login

Edit /etc/ssh/sshd_config:

bash
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3

Use SSH Keys

bash
# Generate SSH key pair (on your local machine)
ssh-keygen -t ed25519 -C "[email protected]"

# Copy public key to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@your-server-ip

Change SSH Port

bash
# In /etc/ssh/sshd_config
Port 2222

# Restart SSH
systemctl restart sshd

# Update firewall
ufw allow 2222/tcp
ufw delete allow OpenSSH

2. Automatic Security Updates

bash
apt install unattended-upgrades -y
dpkg-reconfigure -plow unattended-upgrades

3. Fail2Ban

Protect against brute-force attacks:

bash
apt install fail2ban -y

Create /etc/fail2ban/jail.local:

ini
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
bash
systemctl enable fail2ban
systemctl start fail2ban

4. Two-Factor Authentication

bash
apt install libpam-google-authenticator -y
google-authenticator

5. Regular Backups

bash
# Create a backup script
#!/bin/bash
DATE=$(date +%Y%m%d)
tar -czf /backups/server-backup-$DATE.tar.gz /var/www /etc /home
find /backups -mtime +30 -delete

Add to crontab for daily backups:

bash
0 2 * * * /root/backup.sh

Related Articles

SSL/TLS Certificates

Install and manage SSL certificates for encrypted connections.

5 min
Need help? Chat with us!