Do you have a dedicated server or VPS? One of the most overlooked things is server security. Right now there’s most likely a hacker trying to gain entrance into your server and you won’t even know about it. Hackers will scan your server for open ports and launch brute force attacks where they will attempt to gain root access to your server by flooding it with usernames and passwords eg: “root” and guessed passwords. To be more efficient they launch these attacks from multiple servers and ip addresses. Have you ever noticed unexplained high loads / poor performance on your server? You could be the victim of a brute force attack.

Hackers also like to try and access email accounts and they will flood your POP server with well known usernames like “info” or “admin” or “support” along with guessed passwords. They can launch “dictionary” attacks where they attempt to see if your password is a common “dictionary” word. Again, they will pummel your POP server from multiple servers and ip addresses in the form of a brute force attack.

The solution is to install a firewall. A firewall stops the “bad guys” before they can do damage or gain access to your server. For example, you can configure how many failed logins (eg wrong usernames and/or passwords) are allowed before the person’s IP address is blocked. In my case after 3 failed login attempts the firewall automatically bans the IP address.

As I write this I am receiving emails from my various servers notifying me of blocked login attempts. Right now an IP address from Germany is trying to gain access to several of my servers simultaneously and they have been banned after 3 failed attempts. They are attempting to access email accounts using guessed usernames and passwords. “535 Incorrect authentication data (set_id=admin)” So they are using the username “admin” and then trying to guess the password.

This points out how crucial it is when selecting passwords that you make them impossible to guess. If you use a password like “password” (yes people actually use that) or “123456″ or “qwerty”  then of course a hacker is going to try those first. So if your email account “admin” has password “password” then any hacker will be able to get into your account. A very strong password would be like this @aghE94%UW488 and would be next to impossible to guess even with a brute force attack. (Use a password manager like Roboform to remember complex passwords like this for you).

A firewall can also block people who are scanning your server for open ports in an attempt to gain access to your server through a port that shouldn’t be open. A firewall will close any ports that are not in use or should not be open to outside traffic.

I use a software firewall called ConfigServer Security & Firewall. It is available for several different Linux distributions and you can get it free of charge or by donation. I was absolutely shocked after I installed it how many login attempts it was blocking. My overall server loads have decreased and my uptime has increased.

It seems there is no end to bad guys out there trying to break into people’s servers. If you don’t protect yourself sooner or later someone will hack into your server or the accounts hosted on it and this could result in data loss, security breaches or worse.

 

Filed under: Web and Server Security

Like this post? Subscribe to my RSS feed and get loads more!