How to protect a server from hacking?

Created:

2017-01-15 21:23:43 UTC

Modified:

2017-08-08 13:24:45 UTC

2

Was this article helpful?


Have more questions?

Submit a request

How to protect a server from hacking?

Applicable to:

  • Plesk for Linux

Question

How to protect a server from hacking?

Answer

Here are general recommendations what to do if a server has been compromised:

  • Change ALL passwords.
  • Allow SSH access via keyfile.
  • Make sure to activate all security functions to prevent new hacks, including SELinux.
  • Use Web Application Firewall .
  • Switch off Perl and Python unless really used and never use mod_perl as well as mod_php .
  • Disable unused services and modules.
  • Always use WordPress Toolkit Security Check to implement security best practices.
  • Install Datagrid VCTR to scan for vulnerabilities.
  • Install VirusTotal Website Check to scan websites using multiple anti-virus engines
  • Install Fail2Ban to block hack attempts.
  • Periodically scan the server for viruses. Applications list can be obtained here .
  • Monitor activity on your server actively.
  • Switch PHP handlers for domains to a higher supported versions.
  • Do not use PHP handler served as Apache module since it is not secure.
  • Make sure that WordPress installations are up-to-date and security settings are enabled.
  • Make sure that all installed application are up-to-date.
  • Filter all unused ports using firewall. Ports that are used by Plesk can be found here .

Have more questions? Submit a request
Please sign in to leave a comment.