Every user has the responsibility to protect the server against cyber threats. In this chapter, we present several essential security measures that we recommend implementing as soon as possible.

1 Change Your Password

As mentioned in chapter 1, you should change the password for your Customer Control Panel as soon as you log in for the first time. The same should apply to the password of your server itself as well as other tools like control panel and others.

A) My Server Runs on Windows

Press the Windows button + R to open the Run window. Type
cmd

The command line terminal should now appear. Type a command in the following format:
net user

For examples and tips on security, visit:

changing-windows-administrator-password-easy

B) My Server Runs on Linux

To grant you all the necessary admin rights, always enter the command sudo -i at the beginning of every session:
sudo -i

This command will give you the rights of a power user, so you don’t have to write the command sudo at the beginning of every command line.

Connect to your server via SSH as described in chapter 2. Then type in this command:
@server:~#passwd

The system will prompt you a new password.

2 Install Antivirus Software and Configure a Firewall

Don’t underestimate virus protection, especially if there are any non-admin users with access to your server. For commercial websites and applications, the antivirus is crucial. Based on our previous experience, we can recommend the following software:

Bitdefender GravityZone, Comodo, Kaspersky, ESET

Double-check your firewall settings and follow the best practices for your Windows or Linux server.

3 Change Your SSH Port

The default SSH port is 22. We recommend changing these settings as soon as possible, because the default port makes you vulnerable to primitive brute force attacks.

Remember, all security measures described here are done on your server, not on your local computer. Therefore, instructions in this section already assume you’re connected to your server, as described in chapter 2.

A) Change Your Port in Linux

To grand you all the necessary admin rights, always enter the command sudo -i at the beginning of every session:
sudo -i

This command will grant you the rights of a power user, so you don’t have to write the command sudo at the beginning of every command line. To change your SSH Port, follow the instructions:

Connect to your Contabo server as instructed in chapter 2.2.

Now you have to access and edit sshd_config file. Let’s use the vi text editor in this case:
vi /etc/ssh/sshd_config

Find the line containing Port 22.

Replace the number with any value from 1024 to 65536 (command “I” in the vi editor). If there is a hashtag symbol next to “Port”, erase it.

Save and exit the sshd_config file (type command “:wq” in the vi editor).

Restart the SSH service using:
systemctl restart ssh

Don’t forget to adjust your firewall depending on your Linux version. For instance, in case you use Debian or Ubuntu with a default UFW firewall, type:
ufw allow /tcp

Find instructions for different distributions here.

B) Change Your Port in Windows

Launch the Registry editor by typing in the Windows search box:
regedit

The registry editor that has just opened should look like this picture:

Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Find PortNumber entry.

Click Edit > Modify, and then click Decimal.

Type the new port number, and then click OK.

Close the registry editor and restart your computer.

Important: Don’t forget to allow the new port in your Windows Firewall. To access the port settings, open your firewall settings and go to: Inbounds rules > New Rule > Port

Follow official documentation for detailed information, including PowerShell commands.

Once you want to establish a RDC connection (as described in chapter 2.x) to the server using non-standard port it is necessary to specify the port which should be used. This can simply be done by adding a colon and the new port. For example: 73.xxx.xxx.xxx:4567 (To connect Port 4567).

4 Use SSH Key Authentication

A) Linux

Linux servers are by default secured by a password. This type of authentication is not ideal from a security standpoint, and we recommend using SSH key authentication instead. Start by opening the command line on your personal computer. At this stage, you’re not connected to your server. Run this command:
ssh-keygen -t rsa

Depending on your version of Linux, your system either automatically creates a new file or asks you to name the new file. Linux will ask you to enter optional passhrase for additional security. We recommend using this option. Linux will now generate so-called random art picture that looks like:

Source: https://newbedev.com/what-s-the-purpose-of-the-randomart-image-for-user-not-host-ssh-keys

Notice that a pair of keys was generated:

Your private key has been saved in
Your public key has been saved in <FILE_NAME>.pub.

Your public key needs to be uploaded to your server while the private key stays on your computer. You can upload the same public key on multiple servers. Let’s move the public key to your server:
ssh-copy-id@

In case you already change your port as described in 5.4, use the option -p:
ssh-copy-id -p@

Now you can connect to your server in a much safer way!

Read our in-depth SSH Keys tutorial to learn how to disable traditional passwords altogether, how to transfer your keys via FTP or how to properly test the connection.

That’s it! Note that in case you’re about to reinstall your operating system using Customer Control Panel, you can easily set-up the SSH key before installation:

B) Windows

In case your local computer runs on Windows, an easy solution is using PuTTY (see chapter 2.1) in combination with PuTTYgen. Follow instructions for PuTTYgen from the official website:

Once you install the PuTTY on your machine, you can easily run PuTTYgen. Go to Windows -> Start Menu -> All Programs -> PuTTY -> PuTTYgen

PuTTY key generator dialog box will appear on your screen:

  1. You will find a “Generate” button in that dialog. Clicking on it will lead to generating the keys for you. We recommend you to set a unique “Key Comment” to be able to identify the Key later.
  2. Now you will need to add a unique key passphrase in the Key passphrase and Confirm passphrase field. It is important that you can remember the passphrase at a later point in time since it is required to load the private key (equal to a password.
  3. Click on the “Save Public Key” and “Save Private Key” buttons to save your public and private keys at safe location.
  4. You will see the text starting with ssh-RSA in the Public key for pasting into OpenSSH authorized keys file field which is located at the top of the window. Copy that entire text to your clipboard by pressing ctrl+c since you need to upload the Public Key to your server.
  5. Connect to your server via SSH (as explained in Chapter 2)
  6. Check if the directory ~/ssh is already present. If this is not the case, create it by executing the following command:
    mkdir ~/.ssh
  7. Open a text editor like vi to open the text file with:
    vi ~/.ssh/authorized_keys
  8. Paste the public key which you have copied to your clipboard (6) into the file and save the file.

Now, you can use newly created SSH keys to log in with PuTTY (chapter 2.2). ). To set-up your keys in Putty, go to the settings and continue to Connection > SSH > Auth. Notice the last field on the bottom “Private key file for authentication”:

Everything is now ready for you to use PuTTY in a more secure way.

Read our in-depth SSH Keys tutorial to learn how to disable traditional passwords altogether, how to transfer your keys via FTP or how to properly test the connection.

That’s it! Note that in case you’re about to reinstall your operating system using Customer Control Panel, you can easily set-up the SSH key before installation:

5 Perform frequent updates and backups

Updating your system regularly will prevent attackers from using flaws in your operating system. Don’t forget to check if the new version is compatible with your custom software, so the functionality of your current tools remain intact.

A) Linux

Open your Terminal and run this command to update package index files:
sudo apt-get update

Then upgrade your version of the operating system using this command:
sudo apt-get upgrade

B) Windows

Open the start menu.

Click on the settings icon.

Click on ‘Update & Security

Click the ‘Check for updates‘ button.

Back up your system regularly

Every customer should regularly backup the data saved on the server for security reasons. Note that Contabo is not performing backups of your files as we don’t have access to your data in the first place.

Be particularly careful before executing any major changes, such as reinstalling your operating system via Customer Control Panel – similar actions will erase all data on your drive.

Published On: juli 13th, 2022 / Categories: Uncategorized /

Subscribe To Receive The Latest News

Curabitur ac leo nunc. Vestibulum et mauris vel ante finibus maximus.

Add notice about your Privacy Policy here.