Phone  (866) 435-5642      Email  [email protected]
Live Chat   Live Chat     |     Register     |     Login
There are upcoming maintenance events which may impact our services. Learn more

How To: Secure and Configure your VPS or Dedicated server Print

  • 188

How to secure your dedicated or VPS server. Please not that this is only the vary basics!

First, lets configure APF (advanced personal firewall)
Step 1: login to SSH, and become the root user
Step 2: enter the following command: wget
Step 3: enter the following command: tar -xvzf apf-current.tar.gz
Step 4: cd apf-0.9.5-1/ or whatever the latest version is.
Step 5:Run the install file: ./
You will receive a message saying it has been installed

Installing APF VERSION HERE: Completed.
Installation Details:
  Install path:         /etc/apf/
  Config path:          /etc/apf/conf.apf
  Executable path:      /usr/local/sbin/apf
  AntiDos install path: /etc/apf/ad/
  AntiDos config path:  /etc/apf/ad/conf.antidos
  DShield Client Parser:  /etc/apf/extras/dshield/

If you have cPanel, do the following:
Step 1: nano /etc/apf/conf.apf
Step 2: Find Common ingress (inbound) TCP ports
Step 3: Change the following:
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500"
# Common ingress (inbound) UDP ports

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]

# Common egress (outbound) TCP ports
# Common egress (outbound) UDP ports

If you have DirectAdmin do the following:
Step 1: nano /etc/apf/conf.apf
Step 2: Find Common ingress (inbound) TCP ports
Step 3: Change the following:
EG_TCP_CPORTS: (incoming) 21,22,25,53,80,110,143,443,1853,1821,1867,1903,1913,1924,1925,1976,




EG_ICMP_CPORTS: (outgoing)

Step 6: start the firewall: /usr/local/sbin/apf -s

Step 7: After everything is fine, change the DEV option
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.

nano /etc/apf/conf.apf


Step 8: now finally enter the following command: chkconfig --level 2345 apf on

Configuring BFD (Brute Force Detector)

Step 1: Login to SSH as root
Step 2: Execute the following command:
Step 3: tar -xvzf bfd-current.tar.gz
Step 4:
cd bfd-0.9 or latest version
Step 5:
Run the install file: ./
You will receive a message saying it has been installed

.: BFD installed
Install path:    /usr/local/bfd
Config path:     /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

Step 6:
nano /usr/local/bfd/conf.bfd
Step 7:
Enable brute force hack attempt alerts:

Find: EMAIL_USR="root" CHANGE TO: EMAIL_USR="[email protected]"

Save the changes: Ctrl+X then CTRL+Y

Step 8: /usr/local/sbin/bfd -s

Disable Telnet
To disable telnet, SSH into server and login as root.
At command prompt type: nano-w /etc/xinetd.d/telnet
change disable = no to disable = yes
Save and Exit
At command prompt type: /etc/init.d/xinetd restart

Secure /tmp

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:
# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:
# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:
# mount -o remount /tmp

You can test it runnig a script on /tmp partitio, if you get "permission denied" it is fine!

Was this answer helpful?

« Back

Powered by WHMCompleteSolution

Questions? We're ready to help.

Call us now: (866) 435-5642

Copyright © 2001-2023 H4Y Technologies LLC
Follow us:   Facebook   Facebook
Back to Top