What steps can be taken to prevent a hacker attack on a server (hosting)?
I am in dire need of assistance. Let me clarify that I am not knowledgeable in this subject area. Recently, all the websites on the hosting (vps server) were hacked and used for mass mailing, resulting in the flooding of all the sites. The tech support team identified suspicious files, which we promptly deleted and restored all the sites to their previous year's versions. Moreover, we changed passwords and restricted access to only authorized IP addresses in the .htaccess file. However, during the night, one of the sites displayed a 403 error.
 
What actions can be independently taken or done jointly with technical support, without the involvement of a specialist?

Steps you can consider taking to help prevent hacker attacks on a server:

1. Keep the software up to date: Regularly update the server's operating system, hosting platform, and all installed software to ensure that security patches are applied and vulnerabilities are minimized.

2. Use strong passwords: Ensure that all passwords, including those for server login, database access, and content management systems, are complex, unique, and hard to guess. Consider using a password manager to generate and store strong passwords securely.

3. Enable a firewall: Configure a firewall to filter incoming and outgoing network traffic, allowing only necessary connections. This helps protect against unauthorized access attempts.

4. Implement intrusion detection/prevention systems: Consider using software or services that monitor network traffic and system logs for suspicious activities and automatically block potential threats.

5. Utilize access controls: Restrict access to administrative functions and sensitive directories by allowing only authorized IP addresses or using tools like two-factor authentication.

6. Regularly backup data: Create regular backups of your website and server data and store them securely off-site. If attacked, you can restore your site to a pre-attack state.

7. Scan for malware: Regularly scan your server for malware using reputable antivirus and malware detection tools.

8. Educate employees/users: Train your staff or users about best practices for online security, such as avoiding clicking on suspicious links or downloading attachments from unknown sources.



There are several measures you can take to enhance the security and resiliency of your server. Here are some key strategies:

1. Implement strong authentication: Enforce secure passwords, multi-factor authentication, and limit administrative access only to authorized personnel. Regularly update and rotate passwords to minimize the risk of unauthorized access.

2. Keep software up to date: Regularly patch and update server software, including the operating system, web server, application framework, and any other software components. Outdated software may contain vulnerabilities that attackers can exploit.

3. Use a robust firewall: Install a reliable firewall to filter network traffic and protect your server from unauthorized access attempts. Configure it to only allow necessary protocols and ports, and regularly review and update firewall rules.

4. Employ intrusion detection and prevention systems (IDPS): Implement IDPS technology to detect and block malicious activities in real-time. This can help prevent attacks like DDoS (Distributed Denial of Service) or SQL injection attacks.

5. Secure remote access: If remote access to your server is required, use secure protocols such as SSH (Secure Shell) and disable insecure protocols like Telnet. Implement IP whitelisting or VPNs (Virtual Private Networks) for remote access, and monitor log files for any suspicious activity.

6. Regular backups: Perform regular backups of your server's data and configurations. Store backups offsite or on a separate system to ensure they are not compromised in case of an attack. Regularly test the restoration process to ensure backups are reliable.

7. Monitor server logs: Continuously monitor server logs for any unusual or suspicious activities. Analyzing logs can provide early detection of attacks or indications of ongoing compromises, allowing you to respond promptly.

8. Use encryption: Encrypt sensitive data both at rest and during transit. Enable SSL/TLS encryption for web traffic, and employ disk encryption to protect data stored on the server.

9. Implement a strong access control policy: Use role-based access control (RBAC) to restrict user permissions and limit access to sensitive resources. Regularly review and update user accounts and access privileges as needed.

10. Security awareness training: Educate your staff about best practices for security, such as identifying phishing attempts or suspicious email attachments. Encourage employees to report any potential security incidents promptly.

It seems like the OS itself is being hacked on a VPS. You're focusing on websites - maybe you're not looking in the right place.
Update the operating system (by the way, which one are you using?). If there's a possibility to temporarily stop the server and if you have all the backups, it might be better (and quicker) to install a fresh OS from a clean image obtained off the site, and then restore the backups.

In general, what you need is a competent administrator, not just a website specialist, but someone who understands system security. You might not have to hire them permanently, but rather give them a one-time job of installing the OS, configuring security, and managing the websites. However, don't be too stingy with it, because you don't want to encounter the same problem again in a couple of weeks.

Ensure all software and components, such as operating systems, Apache, Nginx, PHP, CMS, and CMS plugins, are kept up-to-date.

Consider relocating CMS admin panels to non-standard URLs to increase security measures; additionally, restrict access to these panels.

Implement measures to prevent the execution of PHP code in directories where it should not exist, particularly if there is a risk of user files being uploaded.

Restrict permissions for the web server user to prevent unauthorized reading or writing of directories that should be off-limits.