Virtual private servers (VPS) are not dedicated servers. You are not responsible for an entire physical machine, but a VPS still requires some of the same security hardening that you would expect from a full server. The following are some basic security tips for VPS beginners.
1. Secure your SSH service – SSH is a window into your server. It gives you direct access to the command line and all of the power that it brings. That also means, however, that anyone else potentially has access to it and the power that it brings. This is a high stakes security issue, and if you are new to VPS systems, you need to spend some time learning how to make SSH as secure as possible.
2. Be careful with web server permissions – Whatever user runs your web server, whether it is “nobody”, “apache”, or any other name, it must not have access to sensitive areas containing private data, passwords, etc. In order to ensure that, you need to be mindful of the permissions you set and the files your web server has ownership over. If something only needs read access, do not liberally give it write/execute as well.
3. Keep up with security updates – You have probably heard this one before, but I will say it again because it is something that cannot be overemphasized. Many of the problems server administrators encounter are due to software vulnerabilities. If your software is up to date and has all of the current security patches, you greatly reduce that risk. You can run updates manually on a routine basis or even configure your VPS to apply automatic updates.
Your VPS is an affordable way to move from shared hosting to a more flexible and powerful environment, but with that power comes a greater responsibility. Stay abreast on security issues and treat your VPS just as you would treat a dedicated server.