Dedicated servers are great for large websites accepting significant numbers of visitors at the same time. The problem with dedicated servers is they’re open to hackers and anyone else who might want to manipulate it.
Security mainly revolves around being able to keep on top of things. In the months and years after getting a dedicated server, it’s easy to become complacent, and this is when hackers tend to strike.
Take note, many of these tips will also apply to other types of server.
1. Choose a Good Service Provider
Research has proven time and time again consumers will often base their purchasing decisions off of the web host a site uses. There are good names and bad names in the industry. The good names elicit a positive responsive, and everyone else elicits responses ranging from indifference to fear.
If you want to get better conversions, use a web host which has good reviews. They get good reviews because of the security of their services. Security is a huge factor in customer choices, so it’s only natural hosts which pay more attention to security will have better reputations.
2. Turn on Automatic Updates
Once you’ve chosen the right web host, you’ll be ready to get started. The first thing you should do is turn on the option for automatic updates. It’s common sense. Most people will not remember to install their updates manually. Ideally, this would be automatically selected for every account.
Updates don’t just change the way servers work. They mainly provide updates to security. Online threats evolve every day. Hackers find loopholes in previous security systems, and news spreads fast. With every update, this is reset. It’s a constant game of cat and mouse. Automatic updates enable you to stay ahead of the game.
3. Secure Your PHP
PHP scripts are commonly used by developers to make things. Unfortunately, if you don’t know a great deal about the security of PHP it’s a notoriously easy language to crack. This is because PHP isn’t programmed to work for just you. It’s designed to work for anyone who wants it to work.
Let’s elaborate on this. If you have anything which looks like a URL in your code, a user can host this txt file elsewhere. The PHP will automatically open a network connection to wherever the user has hosted the file.
They’ve now cracked your website and they can change your code accordingly. Anything hosted on your dedicated server is at risk if you don’t change your PHP code. The easy way to do this is to add the following two pieces of code, to avoid them looking like URLs:
- Allow_url_include = 0
- Allow_url_fopen = 0
Most service providers won’t have this implemented by default. Some developers want to be able to allow external network connections in by hosting their files elsewhere.
3. Validate Any Input
Any changes to the code or information on your server should be inspected by the server. If your server doesn’t validate new information, it will automatically give the stamp of approval to anyone who changes something. Your server should be working for you. It shouldn’t become complicit in its own downfall.
Validate the input on your server to ensure you aren’t attacked by spam bots or SQL injections.
We’re not going to explore all the code you need to look at to properly validate input on your server, but the main principle is to use placeholders in your code. Let’s say you use a universal placeholder called ‘?’. Your code would tell the server only things marked by a ‘?’ can be modified. Anything else is automatically disabled, unless the administrator decides to change something.
4. User Privileges
Anyone with the ability to access your server should have as few privileges as possible, especially if you haven’t met them regularly in person. You never know what people might do.
Moreover, this is a story of numbers. The more people who have executive privileges on your server the harder it is to track down the source of any problems. If there are only two people with sufficient privileges, with one of them being you, you automatically know who’s to blame.
5. Isolating Websites
Most dedicated servers will host more than a single web entity. There’s a fierce battle between dedicated hosting and shared hosting, but what they both have in common is user isolation.
The goal of user isolation is to make each site on the server execute independently. It severs the connections between each entity. If one site suffers from a hack attack, the others will be safe and sound. You won’t have to worry about the same hacker gaining access to everything else.
It’s quite a difficult thing to install, and it’s well beyond the scope of this current article. As a starting point for your research, you should consider using suPHP and SuExec. The two control panels Plesk and cPanel can help you do this without the hassle, though. Make sure your hosting provider offers them.
6. Strong Passwords
Passwords are relatively easy to break these days. Brute force attacks and more sophisticated techniques dreamed up by hackers have been developed all with the aim of breaking into your secure areas.
See your password as the front door. None of the above tips are worth a dime if you can’t develop a strong password.
Firstly, make sure the password consists of both letters and numbers. Try to make the numbers and letters appear throughout the beginning and middle of the password. Hackers know people have a tendency to put the numbers at the end of the password.
Make it relatively long. It doesn’t have to be over 20 characters, but something around 15 is optimal. Upper and lower case letters make passwords even more difficult to crack.
The problem with more complex passwords is people think they won’t be able to remember them. And you aren’t supposed to remember them. This is why such long and difficult passwords are so valuable. A trick to protecting your password, and remembering it, is to write it on a piece of paper and store it in your desk drawer.
This technique defends your password against any online threat. Furthermore, if anyone does come across it they won’t know what the password is for.
7. Anti-Virus and Anti-Spyware
We won’t spend too much time on this. Just make sure your anti-virus and anti-spyware software is fully updated. The server provider can only do so much to defend your dedicated server. If your security isn’t up to the correct standards, there’s nothing they can do and you only have yourself to blame should a hacker break through your system.