Security advisory for vps or dedicated server owners!

Tweet

The following basic steps are recommended and shall be followed by all the vps or dedicated server owners. Please note that if you have opted for vps or dedicated server with Plesk or Cpanel control panel then it may include on-call technical support depending on your plan purchased. However kindly note that it does not includes pro-active server monitoring or hardening as that is a support intensive service and required dedicated staffing time thus can be provided on request basis and as support addon plan at custom quote. If you require any such support addon then feel free to contact us via email at support@webji.services

If you have a web hosting vps or dedicated server with us and your package includes on-call support then once a Quarter, you can request our team to follow these steps on your server to ensure better security of your server. However, you need to send request via email to support@webji.services for the same.

On Windows Servers 

• Ensure Windows firewall is ON.
• Changing RDP port to 2231 instead of default 3389 so after that you need to access server RDP as xx.xx.xx.xx:2231 instead of using IP only as remote desktop hostname.
• Ensure all Windows OS updates are properly patched
• Ensure Plesk Panel is upto dated.
• Mail Server Security - SMTP connector related => SMTP localhost Relay disabled (so that only smtp authentication based email can be generated from server), Spoofing is allowed to authenticated users only. 
• Ensure any Wordpress cms are upto dated on server (your developer shall do that)
• Ensure Windows Defender is enabled with realtime and ransomeware protection - if available as per Windows OS version.
• Highly recommend to opt for webroot Endpoint Protection antivirus (paid antivirus addon - contact support@webji.services if required)
• Ensure outdated web applications are not used or update them on regular basis. (your developer shall do that)
• Ensure Plesk is having RBLs in mail server settings: zen.spamhaus.org;bl.spamcop.net;b.barracudacentral.org
• Ensure Plesk is having Password "Strong" as minimum password security required set.
• Make sure your server is having remote backup addon purchased on it so that to ensure automatic backups to remote server.
• Ensure Plesk do have atleast configuration only backup set on weekly basis to ensure server can be restored quickly via plesk configuration only backup even there is no free storage on your server for full backup to store.
• Changing your RDP and Plesk admin password to random secure one.
• Clearing your server's Windows OS temporary files and restarting all the services once done for once.
• Disk defrag to ensure optimal server performance.

On Linux Servers 

• Ensure Plesk Firewall / CSF firewall is ON.
• Ensure all OS updates are properly patched
• Ensure Plesk Panel is up to dated.
• Ensure Fail2Ban is active to prevent hacking attempts
• Changing SSH port to 2231 instead of default 22
• Turn off Perl/Python for the website if these languages are not used as well as do no use mod_perl/mod_python (your web developer shall do that via plesk)
• Avoid PHP handler served as Apache module – not a secure practice (your developer shall ensure that in plesk for all sites)
• Mail Server Security - Make sure in tools & settings of plesk to have yes mark to https://p23.p4.n0.cdn.getcloudapp.com/items/z8uLA9jb/3b529bb7-30ff-4580-90cd-92382e74a1d5.jpeg?v=b8bc5628755b551d0736ae6153b0f044 and make sure to keep uncheck this option https://p23.p4.n0.cdn.getcloudapp.com/items/mXuY8NgX/9e9e6244-656e-4dcc-a0ca-d9f85718a99d.jpeg?v=5453845efe69ae22d18758d38db06f3b 
• Ensure any Wordpress cms are upto dated on server (your developer shall do that)
• Highly recommend to opt for Immunify+ antivirus (paid antivirus addon - contact support@webji.services if required)
• Ensure outdated web applications are not used or update them on regular basis. (your developer shall do that)
• Ensure Plesk is having RBLs in mail server settings: zen.spamhaus.org;bl.spamcop.net;b.barracudacentral.org
• Ensure Plesk is having Password "Strong" as minimum password security required set.
• Make sure your server is having remote backup addon purchased on it so that to ensure automatic backups to remote server.
• Ensure Plesk do have atleast configuration only backup set on weekly basis to ensure server can be restored quickly via plesk configuration only backup even there is no free storage on your server for full backup to store.
• Changing your SSH and Plesk admin password to random secure one.

Its better to follow above noted steps for all servers atleast once a quarter or as per your preferences. If your server plan does not include on-call technical support then you can get a custom onetime quote on demand by sending us email at support@webji.services.