Server Security for Beginners: 6 Essential Steps

  • March 23, 2026, 01:20:17
Giteqa

Greetings, friends!

When you rent your first VPS — whether it's a powerful Ryzen-based server or a budget option — the most important thing to think about is protection, not software installation. As soon as your server goes online, thousands of bots start probing it for weaknesses. If you don't take care of server security immediately after launching it, you may end up with a major headache. If a bot gains access to your server, it can do a lot of damage: send out spam, launch other bots, and much more. This is why server security is paramount.

In this article, I will break down 6 simple but critically important steps that will help you sleep soundly, knowing your server is under a reliable lock.

Step 1: Using SSH Keys instead of Passwords

Passwords are the weakest link in server protection. They are often used without considering that a weak password is direct access to the server for attackers. They can be cracked (brute-forced). At the same time, SSH keys are practically impossible to hack, making them the preferred option.

What to do:

  • Generate keys on your PC (via terminal or my favorite BitVise SSH client).

  • Copy the public key to the server into the ~/.ssh/authorized_keys file.

  • After verifying that the key works, disable password login in the configuration file /etc/ssh/sshd_config (set the parameter PasswordAuthentication no).

Why is this necessary? Even if a bot finds out your password, it won't be able to log in without the physical key file, which is stored only by you. For maximum security, it is recommended to disable remote access for the root user, but if you are renting a server, check with your hosting provider on how to do this.

I filmed a video on this topic, and you can watch it here:

Step 2: Changing the Standard SSH Port (22)

By default, SSH operates on port 22. 99% of automated attacks are directed specifically at it. Therefore, it is recommended to choose and use a different port.

What to do:

  • Open the configuration: sudo nano /etc/ssh/sshd_config.

  • Find the line #Port 22, remove the #, and change it to any number (for example, 2244).

  • Important: Open this new port in the firewall first, and only then restart SSH!

Bash
sudo ufw allow 2244/tcp
sudo systemctl restart ssh

Why is this necessary? You simply disappear from the radar of most basic scanner bots. It is also important that your port does not overlap with ports used by other applications; for example, you should avoid using port 8000.

Step 3: Configuring the Firewall (UFW)

Your server should be like a fortress: only the "gates" you actually use should be open.

What to do: If you followed my previous guide on proxies, you are already familiar with UFW. The principle is simple: close everything, open only what's necessary (SSH, 80/443 for websites, 1080 for proxies, and other ports as needed).

Bash
sudo ufw default deny incoming # Deny all incoming
sudo ufw default allow outgoing # Allow all outgoing
sudo ufw allow 2244/tcp # Your new SSH port
sudo ufw enable

Step 4: Installing Fail2Ban

This is the "bouncer" for your server. If someone enters the wrong password several times or tries to scan ports, Fail2Ban blocks their IP at the firewall level.

What to do:

Bash
sudo apt update
sudo apt install fail2ban -y

The standard settings are usually enough to get started. It will automatically begin protecting SSH. You can learn how to install Fail2Ban here:

I filmed this video on our hourly-billed server with minimal settings, and everything worked perfectly. It uses Ubuntu 24.04. You will also find all the commands in the video description.

Step 5: Regular Updates (Apt)

In 2026, vulnerabilities are discovered frequently, but "patches" are also released quickly. Outdated software is an open door for hackers.

What to do: Make it a habit to log into the server at least once a week and run:

Bash
sudo apt update && sudo apt upgrade -y

This will update the system kernel and all installed programs, closing security holes.

Step 6: Server Access via VPN

The best solution for protecting your server and, for example, your website's admin panel is to set a specific IP from which you can access it. From personal experience, most companies that truly care about security use this method alongside all the steps mentioned above. I cannot guarantee 100% protection, and neither can anyone else, but these steps significantly increase the security of your equipment.

FAQ: Briefly about the main things

  • Do I need an antivirus on Linux? For a standard server — rarely. The main thing is to monitor ports and keep the system updated.

  • What if I block myself? In the MivoCloud panel, there is always access via console (VNC), or you can contact tech support for help. If you rent a server from another provider, you will need to check with their tech support.

  • Is this suitable for any VPS? Yes, these steps are universal for Ubuntu and most other systems. The core idea is to configure the firewall and install applications that block unauthorized traffic.

  • How can I maximize my security? One option a good programmer can set up is two-factor authentication. For example, Steam Guard provides a code that changes every 20-30 seconds; only by entering the code can you log in. A similar method can be configured specifically for your application or website.

Conclusion

Security is not a one-time action but a long and quite laborious process. Without it, however, you risk losing customer trust and suffering financial losses. Spending 15-30 minutes on these 6 steps will save you a lot of nerves in the future. Remember: it's better to set up keys once than to one day find that your server is sending out spam.

Author - Anatolie Cohaniuc

vps security linux ubuntu cybersecurity Server Migration

Categories

Tags

vps web Cloud Server dedicated server database mysql security linux Windows Server apache free panel isp config debian programming language wordpress vpn hosting ubuntu centos RDP directadmin game server gaming vps multiplayer cpanel Public Cloud brainy vestacp ssl install lamp lamp lamp to centos mariadb php manage rdns rdns reverse dns add domain vestacp install vestacp vestacp vps hosting panel minecraft server hypervisor install proxmox Proxmox shutdown openvpn ajenti Centos control panel ispmanager parallels plesk panel restrict rdp centos stream arch linux hyper-v virtualbox vmware xen kvm rsync proxy Monitoring business finance Chat cms link site control panel blog CockroachDB Nmap Cloud storage Development analytics editor container scam phishing viruses tips ddos e-commerce online store free crypto backup support customer support IP telephony blockchain mail git logs screenshot system administrator NodeJS JavaScript Automation kubernetes forum IoT crm aws management media tags NVME streaming c# trading Clientexec whmcs hestiacp hestia Dedicated storage vps storage marketing youtube tiktok cyberpanel DMCA content CDN Big data Apache spark upscale upgrade Downtime Ryzen Intel Processor 3d cache AMD Grand Theft Auto Gaming Panel vds cs counter strike Bandwidth traffic Plesk obs VScode Visual Studio Testing RAM PowerShell Designer figma mautic vnc Tiger vnc remote connection cybersecurity nvme ssd video card server management IPv4 IPv6 Networking Internet Protocol Dual Stack NAT / CGNAT ISP wonder cms Flat-file CMS Fastest CMS Wonder CMS installation Lightweight CMS Website Speed Database Optimization Caching Performance Tuning Redis WebP Format Server Migration Website Transfer Database Migration Website Backup Craft CMS Content Management System PHP 8.3 Composer PHP как создать свой прокси сервер как сделать свой прокси сервер how to create your own proxy server setup private proxy server SOCKS5 proxy with authentication Dante server configuration Ubuntu 24.04 proxy setup