If you have a DV/VPS from Media Temple you may want to take some steps to save yourself a lot of hassle down the road. In this age of web connectivity ease of access to the internet is often taken for granted. While this makes most people’s lives easier, it also makes life for hackers and script kiddies easy too.
One of the things Media Temple does not tell you, is that you need to take additional steps to secure your DV beyond its initial configuration. This is especially important if you enable root access and developers tools. Once root access is enabled your server is vulnerable to port scans, and dictionary type attacks.
Take these steps to eliminate the vulnerability and you will save your self a lot of headache from your server becoming compromised.
Step 1 USE A STRONG PASSWORD!!!! Dictionary type attacks use common names/terms to guess at what your login and password might be. Once the attacker knows what user name is in use. They can then proceed to attempt to guess a password. Never, ever use a password that is someone’s name, place, or event that could be guessed. Stick to passwords that contain letters, numbers, and even symbols a password that looks like !33$#me2x works way better than carmen.
Step 2. Configure Firewall rules. Log into your Plesk admin panel, then from the desktop page click on modules in the left navigation pane. You should see an option appear in the context window for Firewall. In the default configuration the firewall does not block much at all. Pay special attention to the SSH option. I have my DV set to only allow traffic from my IP block, while denying all other IP traffic. In an example of the rule I use. I allow 18.104.22.168/24 what this does is allow all traffic from the IP block of addresses including addresses 22.214.171.124 to 126.96.36.199. I did it this way in case my IP address changes.
Step 3. Block all non-essential services. If you are not using them turn them off or block them. Just be careful about which ones you block. You just might lock yourself out of your own server. Or a function such as email or web page serving may stop functioning.
Here is a snapshot of how my FW look, Click to view in full size.
As of this writing I have a support ticket in with Media Temple. I cannot for the life of me figure out how to implement the IP address blocking on the Plesk Admin interface. This should also be restricted in my opinion, but you could easily get locked out of your server and be unable to make any changes to the firewall configuration.
One thing to keep in mind if you do manage to somehow get locked out. You can reset your firewall rules to a default configuration by logging into Media Temples account center, selecting the DV admin and selecting advanced recovery tools. From there you can select an option to restore the firewall to a default configuration.
Here is some additional great advice from my friend and rum lover Aaron Saray. “There are all kinds of things that could be suggested. One of the biggest things I do on a VPS is disable root ssh. I make a user to log in with, and then they must sudo or su any action. Also, I like to create additional certificates to log in with my SSL connection”.