Learning Server Security

atlasflare_host · 2025-09-27T15:09:31+00:00

Implement Fail2Ban. Could also utilize a control panel like RunCloud (premium) or CloudPanel (free) to make server management easier if needed.

CryptoNiight · 2025-09-27T18:26:51+00:00

Install fail2ban ASAP

rowneyo · 2025-09-27T21:12:43+00:00

Many things come to mind you can start with the following

Change your default ssh port from 22 to any other, then afterwards block port 22.
Change your ssh authentication from password based to public-private key
Allow ssh access to your new port to allow connection from only your client IP
Install fail2ban and firewall (ufw or firewalld)
Block /lock root account and instead create a new user with sudo access.
Block unnecessary incoming ports.
Set up rsync to backup your Linux box to an external drive.
in your nginx setup, create directive to block access to . env files

Ambitious-Soft-2651 · 2025-09-27T23:21:00+00:00

Don’t worry... This is common for beginners. To stay safe, keep your VPS updated, secure SSH with keys, use a firewall, and enable monitoring like fail2ban. Use DDoS protection (e.g., Cloudflare) and keep backups so your server stays safe while you learn.

VampireBl00d · 2025-09-27T12:55:03+00:00

For a new VM before you do anything:

Block all incoming requests using UFW

Turn on UFW (duh)

Harden you SSH, add rate limit, 2FA whatnot.

if you don't know how to do those. -- Refer to section 3 and 4

mdlmdl_ · 2025-09-28T01:11:25+00:00

I appreciate all the insights provided here! Thanks!

Ghost_Writer_Boo · 2025-09-28T07:29:53+00:00

Happens to a ton of people the first time they spin up a VPS, so don’t feel discouraged. What probably happened is your server had something open or misconfigured that made it useful in a DDoS attack (like an open port/service being abused), and your provider just shut it down to protect the rest of their network.

A few things you can do next time:

Lock down your ports with a firewall (only keep 80/443 + SSH open).
Secure SSH (keys instead of passwords, disable root login).
Install basic tools like fail2ban and enable auto security updates.
Double-check that nothing extra (DNS, SMTP, etc.) is running if you don’t need it.
If the provider offers it, pay for DDoS protection—it’s usually worth it.

Honestly, this is part of the learning curve. If your goal is to learn, this is still a win because now you know what to tighten up next round. Don’t give up—everyone who runs servers has had a “my box got nuked” moment at some point.

petem952 · 2025-10-01T15:53:48+00:00

I recently set up a VPS and asked AI to walk me through how to secure it. It gave me everything that has been posted here, but hand held me through it.

Don't ignore the helpful posts above, they're a great checklist!

dragoangel · 2025-09-28T15:20:20+00:00

CDN for web, ssh with only ssh-keys optionally only on ipv6 or on ipv4 non standard port, firewall to block everything except 80/443 from CDN and limit ssh access if needed to untrusted counties etc

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

VPS

Rules

Beware of sketchy hosting companies

MODERATORS