Web Hosting Talk : Web Hosting Main Forums : VPS Hosting : What security is needed on a VPS hosting a single personal site ?

[deodeep]

Hello everyone,

My personal blog has been getting quite a few hits recently, for a shared hosting environment to hold it. It runs Wordpress 2.3 and a customized theme. I use Gmail and hence the server's Email is not used.

Now, I plan to buy a VPS ( preferably a slice ) and am planning to move my site onto it. I'll be frank with you, I've never worked on a VPS before. So for the first week or two, I want to spend time customizing the VPS environment and securing it. Mine will be the only site hosted on it and a Control Panel, if any installed, will be Plesk.

I was going through the VPS Tutorials section of the site and really liked the tutorial on securing your VPS.
Now, I'd like to know what amount of security would be needed for my VPS ? What all should I be implementing to make sure my VPS is secure ?
Some tips / advices would be really appreciated.

Remember, I'll be hosting only my blog. I'll require FTP, SSH, PhpMyAdmin and Awstats running, other than the obvious services.

Could someone here guide me in the right way ?

Thanks and Regards,

Deep Deo.

[MegaByteHosting]

change ssh port to none standard port. Install pureftp. Keep you scripts upto date. Shut off mail service. Secure PHP as much as possible. This would be a good start I guess.

[minipro]

Have you considered going for a shared hosting a/c in someone else's VPS? How many hits do you get a day?

You can even go for a managed VPS rather than break your head over securing, updating, etc.

[deodeep]

@hsphereclub:
Thanks. You've answered the "what to do" part and I appreciate that. But could you, if possible answer the "how-to" part too ?

@minipro:
I did give it a thought. But I've always wanted to handle a VPS myself and learn new things. And well, for everything, there's always a first time. With Slice's backup solutions, I could very well restore the image if I mess up
Managed VPS are a tad costly.. though.

Thanks

[MegaByteHosting]

Quote:

Originally Posted by deodeep

@hsphereclub:
Thanks. You've answered the "what to do" part and I appreciate that. But could you, if possible answer the "how-to" part too ?

@minipro:
I did give it a thought. But I've always wanted to handle a VPS myself and learn new things. And well, for everything, there's always a first time. With Slice's backup solutions, I could very well restore the image if I mess up
Managed VPS are a tad costly.. though.

Thanks

I cant really help out much until you specify an OS and Control Panel.

[RossMAN]

Which VPS providers are you considering? Some offer semi or fully managed services.

Others might harden and secure your VPS for a one time fee.

[deodeep]

Oh. I plan to use Debian 4.0 along with Plesk 1 domain.

[MegaByteHosting]

You might find it easier and more secure to go with something like webmin for a control panel. Its easy to install and doesn't use much resources.

Also you could start out with installing APF firewall and brute force detect for ssh logins. I think this forum is not a great place to discuss your security setup if you know what I mean.

[RossMAN]

Quote:

Originally Posted by deodeep

@hsphereclub:
Managed VPS are a tad costly.. though.

Have you searched the VPS Hosting Offers forum?

SliceHost.com 256slice $20/mo
10GB/100GB/unmanaged

ZipServers.com VPS Plan 1 $29.95/mo
10GB/250GB/Plesk/Managed

For an extra $9.95 you receive an additional 150GB bandwidth, Plesk control panel and managed.

[deodeep]

I have tried webmin on my home server. Didn't really like it.
Also, I'll read about those things. I haven't specified an URL yet

@RossMAN
Well, I am just going to host one site on the VPS. I am particularly looking forward to buying a VPS and not something like (mt) because I want to learn things myself. I hope you understand
Hence, it doesn't make sense to me to add even those $10 extra for something which I won't need. Ofcouse, if I _do_ plan to host multiple sites and think of reselling, I have your advice on my mind and surely know where to look. Thanks

[Vinayak_Sharma]

Deep its better get a semi managed VPS from a provider where you get HyperVM to control your VPS and you also get LxAdmin for free along with it. LxAdmin is another control panel and it is one of the lightest control panel.

Now as of security, whether you are using this VPS for single personal site or multiple sites, security should be as tight as possible, secured updated OS, firewall, services not required should be closed, secured VAR and temp folders, non standard SSH port, un used ports should be closed there is lot to it and its not one time, security audit should be done on regular basis.

And yes upto date Wordpress script, or any other script that you use or going to use.

[Vinayak_Sharma]

Quote:

Originally Posted by hsphereclub

Shut off mail service

I will not recommend shutting off mail service, you need it for root's mails, moreover many applications will be sending you daily reports alerts etc from the server, so you need the service to run.

But yes you can configure your system to either close SMTP for outer world or you can configure it to relay mails only for local users.

I am not very much familiar with wordpress, but I think it also uses/needs mail service to send out mail, but yes if wordpress has the feature to use SMTP for outgoing mails, you can use google's SMTP.

[deodeep]

Thank you Vinsar.