Hostxpeed Security Best Practices Checklist
Complete security checklist to harden your Hostxpeed VPS based on industry standards.
Security
Harden your server and protect your data.
How to Install Let's Encrypt SSL
Install free SSL certificate for your website using Let's Encrypt.
How to Enable Automatic Security Updates
Configure unattended upgrades to automatically install security patches.
How to Enable SSH Key Authentication
Set up SSH key-based authentication for passwordless and more secure logins.
How to Enable Fail2ban
Protect your VPS from brute force attacks by setting up Fail2ban intrusion prevention software.
How to Set Up a Firewall with UFW
Secure your VPS by setting up UFW (Uncomplicated Firewall) on Ubuntu/Debian.
How to Change SSH Port from 22
Enhance security by changing the default SSH port to a non-standard port.
How to Respond to Security Breach
Step-by-step incident response plan for compromised VPS.
How to Check If Email/Password Leaked
Quickly verify if your credentials have been compromised in data breaches.
How to Set Up Dark Web Monitoring
Monitor if your credentials appear on dark web breaches using HaveIBeenPwned API.
How to Analyze Honeypot Logs
Extract attacker IPs, commands, and patterns from honeypot logs.
How to Set Up Honeypot
Deploy a honeypot to detect and analyze attackers.
How to Get Security Reports via Email
Email daily or weekly security reports to your admin address.
How to Schedule Weekly Security Scan
Automate security scans to run weekly using cron.
How to Set Up Vulnerability Scanning
Automate vulnerability scanning with OpenVAS or Greenbone.
How to Patch Vulnerabilities
Apply security patches to fix known vulnerabilities.
How to Check for CVE Vulnerabilities
Scan your system for known CVEs using built-in tools.
How to Enable FIPS Mode
Enable FIPS 140-2 validated cryptography on your VPS.
How to Set Up SSH Certificate Authority
Implement SSH CA for scalable key management.
How to Revoke SSH Key
Remove a compromised or unused SSH key from authorized_keys.
How to Rotate SSH Keys
Regularly change SSH keys to improve security posture.
How to Set Up Centralized SSH Key Management
Manage SSH keys centrally using LDAP, SSH CA, or tools like Teleport.
How to Log All sudo Commands
Configure sudo to log every command executed with sudo.
How to Allow User to Run Specific Commands
Grant sudo rights for only specific commands to a user.
How to Create sudoers File
Create a custom sudoers file for specific user/command permissions.
How to Restrict sudo Access
Limit sudo privileges to specific groups or commands.
How to Restrict Cron Jobs to Root Only
Allow only root to create or edit cron jobs on your system.
How to Blacklist USB Storage
Prevent USB storage devices from being used on the server.
How to Disable Unused Kernel Modules
Blacklist unnecessary kernel modules to reduce attack surface.
How to Check SELinux Logs
Read SELinux denial messages for troubleshooting.
How to Enforce SELinux
Turn on full SELinux enforcement after fixing denials.
How to Put SELinux in Permissive Mode
Temporarily disable SELinux enforcement for troubleshooting.
How to Set Up SELinux
Enable SELinux on CentOS/Rocky/AlmaLinux for enhanced security.
How to Set Up AppArmor
Enable and configure AppArmor to restrict program capabilities.
How to Isolate Users with Containers
Use Docker or LXC to isolate user environments for security.
How to Set Up cgroups for Security
Use control groups to isolate and limit system resources for processes.
How to Limit Memory Usage per User
Set memory limits for users to prevent DoS conditions.
How to Limit CPU Usage per User
Prevent users from exhausting CPU resources using cgroups or ulimit.
How to Check for Cryptominers
Detect cryptocurrency mining malware on your VPS.
How to Check for Reverse Shell
Detect reverse shell connections on your VPS.
How to Kill Suspicious Processes
Terminate malicious or unwanted processes safely.
How to Monitor Suspicious Processes
Identify and investigate unusual processes running on your VPS.
How to Set Up Login Lockdown
Restrict login attempts and lock out attackers using plugins or system tools.
How to Block XML-RPC Attacks
Disable or restrict XML-RPC in WordPress to prevent DDoS and brute force attacks.
How to Protect wp-admin (WordPress)
Secure WordPress admin area using .htaccess or Nginx rules.
How to Disable Directory Browsing
Prevent web servers from listing directory contents.
How to Hide PHP Version
Prevent disclosure of PHP version to improve security through obscurity.
How to Remove Server Signature
Hide server version information from HTTP responses.
How to Set Up CSP Headers
Implement Content Security Policy to prevent XSS and data injection attacks.
How to Block XSS Attacks
Prevent cross-site scripting attacks using security headers and WAF.
How to Block SQL Injection Attacks
Protect your web applications from SQL injection using WAF rules.
How to Set Up Web Application Firewall (WAF)
Comprehensive guide to setting up a WAF using ModSecurity or Cloudflare.
How to Install ModSecurity for Apache
Set up ModSecurity WAF on Apache web server.
How to Install ModSecurity for Nginx
Install ModSecurity Web Application Firewall (WAF) for Nginx.
How to Block Port Scanning
Automatically block IP addresses that perform port scans on your VPS.
How to Detect Port Scanning
Identify port scanning attempts using fail2ban or manual log analysis.
How to Close Unused Ports
Close unnecessary open ports using UFW or iptables.
How to Monitor Open Ports
Check which network ports are open on your VPS and what services are listening.
How to Set Up Account Lockout Policy
Implement account lockout policy using faillock (modern alternative to pam_tally2).
How to Lock User After Failed Attempts
Automatically lock user accounts after repeated failed login attempts using pam_tally2.
How to Set Up Password Expiry
Force users to change passwords periodically using chage command.
How to Enforce Password Policy
Set up password complexity requirements using PAM.
How to Generate Strong Passwords
Create secure passwords using command-line tools.
How to Set Up HSTS
Enable HTTP Strict Transport Security to force HTTPS connections.
How to Auto-Renew SSL Certificate
Ensure your Let's Encrypt SSL certificates renew automatically.
How to Set Up SSL for Control Panel
Secure your Hostxpeed control panel with Let's Encrypt SSL certificate.
How to Encrypt Backup Files
Secure your backups using GPG or OpenSSL encryption.
How to Encrypt Disk (LUKS)
Encrypt additional disk volumes using LUKS on your VPS.
How to Set Up IPSec
Configure IPSec VPN using StrongSwan on your VPS.
How to Set Up OpenVPN
Install and configure OpenVPN server on your Hostxpeed VPS.
How to Set Up VPN on VPS (WireGuard)
Install and configure WireGuard VPN on your Hostxpeed VPS for secure remote access.
How to Use Port Knocking
Hide your SSH port behind a sequence of connection attempts (port knocking).
How to Set Up Rate Limiting for SSH
Limit SSH connection attempts per IP to prevent brute force.
How to Block Brute Force Attacks
Multiple strategies to block brute force attacks on your VPS.
How to Set Up SSH Login Alert via Email
Configure SSH to send email alerts on successful logins using PAM.
How to Set Up Login Alerts
Get email notifications whenever someone logs into your VPS.
How to Monitor Failed Login Attempts
Track failed login attempts using system logs and fail2ban.
How to Monitor File Changes
Use auditd or inotify to monitor critical file changes in real-time.
How to Set Up Auditd
Install and configure Linux Audit Daemon for system call monitoring.
How to Check AIDE Reports
Interpret and act on AIDE integrity check reports.
How to Set Up Intrusion Detection (AIDE)
Install AIDE (Advanced Intrusion Detection Environment) to monitor file integrity.
How to Set Up Daily Virus Scan
Automate daily virus scans using ClamAV and cron jobs.
How to Check for Unattended Upgrades
Verify that automatic security updates are working correctly.
How to Fix Security Warnings
Address common security warnings identified by Lynis audit.
How to Run Security Audit
Perform a comprehensive security audit using Lynis on your VPS.
How to Install Lynis Security Audit
Install Lynis security auditing tool for compliance testing and system hardening.
How to Run RKHunter Scan
Execute a thorough rootkit scan using RKHunter on your Hostxpeed VPS.
How to Install RKHunter (Rootkit Hunter)
Install Rootkit Hunter to scan for rootkits, backdoors, and local exploits.
How to Remove Malware
Steps to manually or automatically remove detected malware from your VPS.
How to Scan for Malware
Use ClamAV to scan your VPS for malware, viruses, and suspicious files.
How to Install ClamAV Antivirus
Install ClamAV open-source antivirus engine on your Hostxpeed VPS.
How to Set Up 2FA for SSH
Add two-factor authentication to SSH for enhanced security using Google Authenticator.
How to Disable Password Authentication
Force SSH key authentication only by disabling password logins.
How to Disable Root Login via SSH
Prevent direct root login over SSH to improve security.
How to Unban IP in Fail2ban
Remove an IP address from Fail2ban ban list to restore access.
How to Ban IP Permanently
Permanently ban an IP address using Fail2ban or manual iptables rules.
How to Configure Fail2ban for SSH
Customise Fail2ban settings for SSH protection, including ban time and retry limits.
How to Reset UFW to Default
Reset UFW firewall to factory default settings, removing all custom rules.
How to Deny Specific IP
Block a specific IP address using UFW firewall on your Hostxpeed VPS.
How to Allow Specific IP in UFW
Allow a specific IP address through UFW firewall for secure access.