A 2 secret to strengthen the security of your hosting

Started by Nicholas, Aug 02, 2022, 07:29 PM

Previous topic - Next topic

NicholasTopic starter

In the initial stages of starting an online project, the first priority is the development of ideas and program code. When everything starts working steadily, the site is filled with information and the first visitors come to it. At first everything goes well, and few people think about the safety of the site. Indeed, who needs a young, unknown site?

Everything is changing rapidly, and even young projects fall into the database of spammers and abusers. It may seem that the undivided attention of a hаcker all night long is required to break into a resource. In fact, none of them will even know that your site exists, because everything is automated:

robot spiders trawl the vastness of the Internet and enter domains into the database
robotic scanners analyze the technical parameters of the site and the source code of pages to determine the hosting name and the site engine used, if you have installed a popular CMS
robot hаckers go through known weaknesses for the installed software
The success signal goes into a database and is sorted in descending order of importance

How to protect yourself


1. IP restriction.
On the first step we will restrict by IP-address the login to the control panel. We can specify in the hosting settings that you can log in from one or more IP addresses. The important thing to know here is that IP addresses change. Your home computer, 3G smartphone and work will have three different IP addresses. There are static (permanent) and dynamic (changing) IP addresses. Usually a dynamic address is used, unless a static one was purchased separately. Therefore, even when you are at home, you can have different IP addresses at different times.
It is important to understand which addresses you are going to add to the restrictions, so that you yourself are not left without access when you change IP. There are two ways out of this situation:
Enter the address range if only the last digit changes, for example, after a router reboot.
Log in via VPN.

2. SSH access
Dedicated, VPS servers and some virtual hosting sites allow you to connect to the server management terminal via SSH protocol. To connect you need a terminal program, one of the most famous and supported is called PuTTY. To initialize the terminal, you need to enter the server IP address and the port. The default for SSH is port 22, but it is recommended to change the port to an arbitrary number (impossible to do on shared hosting), to make penetration more difficult.
In the standard version it is enough to enter a login and password, but for a more secure login it is customary to use encrypted access keys. Two keys are generated: public and private:
The public (PUBLIC) key stays on the server
the PRIVATE key is kept by you.
Data exchange is only possible with the private key which can be protected by a password. The private key can completely replace the password, then in the settings of the server OpenSSH must be disabled password request, login will occur only with the key. This is even convenient, since you do not need to enter a password, but also imposes special requirements for the security of the device from which the login to the terminal, and where the private key is stored. It is better to set an optional password on the private key, it will be an additional barrier to an attacker who can copy the key, because its size is only a few kilobytes.

  •