How to Secure Your Cloud Server Hosting

Opting for a cloud server versus a cPanel-managed VPS means greater control over your Linux operating system (OS). While you can modify Cloud Server DNS records in Account Management Panel (AMP), it’s your responsibility to implement further security measures. While cPanel administrators use Web Host Manager (WHM) features to harden servers, you’ll need to decide what to install to suit your needs.

This starts with ensuring you select the right server OS for your needs.

  • Are you used to managing cPanel with RPMs and CentOS commands? Maybe stick with CentOS.
  • Do you need the latest features and software versions – stable or not? Check out Ubuntu.
  • Do you prioritize stability and minimalism? Try Debian.

You can re-OS your cloud server at any time with with InMotion Cloud Server Hosting.

Configure a Firewall

Some OSs don’t include a preinstalled firewall application. Check to see if UncomplicatedFirewall (UFW) or Firewalld are installed. If not, install one of them, or ConfigServer Security & Firewall (CSF), and only open the ports you need.

If you have a complex server environment requiring many open ports, consider using Nmap to audit your setup.

Secure SSH

While configuring your firewall, consider changing your default SSH port from 22 to protect against brute force SSH login attacks. Also, create a regular user account so that you’re not using root access unless needed. In many cases, it’s better to use the normal user account and sudo when administrator privileges are required. This makes access log auditing easier by minimizing the expected activity for the root user account.

Install an SSL Certificate

cPanel servers rely on AutoSSL to maintain Comodo-signed, domain-validated (DV) SSL certificates. Without server management software, you’ll need to manage SSLs manually or with external tools. There are many websites that will create SSL for you (e.g. SSLforFree.com) but we cannot speak for their reputation. We recommend installing Certbot to produce and automate SSLs. Then ensure all traffic is forced to port 443 (HTTPS).

Security HTTP Headers and Subresource Integrity (SRI)

Valid HSTS header for a domain

Security HTTP headers and SRI assist your SSL with protecting your visitors privacy and from cross-site scripting (XSS). Start with Strict-Transport-Security (HSTS) to enforce SSL usage within browsers and Referrer-Policy to sterilize user input to analytics software. Then slowly work on Content-Security-Policy (CSP).

Submitting your website for preloading at Hstspreload.org isn’t required or recommended for websites that aren’t pro-actively maintained. It’s still a good practice to use the web application to check your HSTS header.

Backups

You can maintain server snapshots in AMP. However, you cannot restore individual files from a snapshot. Therefore, create and verify server backups at least monthly. We’ve covered how to create backups using the tar and zip commands. If you use Webmin, Vesta Control Panel, or another server management suite, learn how to create, verify, and download server backups manually and automatically. The redundancy ensures you always have a way to create and restore backups.

Cloud Server Updates

Ensure all installed software is updated. If any software you use can’t alert you of available of updates via email or log entry, follow the developer’s official social media account(s) or RSS feed. If you need assistance with upgrading your server OS, contact Managed Hosting.

DNS Security

Add Domain Name System Security Extensions (DNSSEC) to your server, or enable DNSSEC with Cloudflare, to validate your websites to internet users with secure DNS resolvers.

Do your authoritative nameservers and domain top level domain (TLD) support DNSSEC? InMotion Hosting nameservers and a long list of popular TLDs support DNSSEC including .com, .net, and .org. Contact your domain registrar for more information.

Consider an Anti-Virus Scanner

Does your web application allow users to upload files? If so, you should have an AV scanner check those files for malware signatures upon upload and periodically afterwards as changes occur. We recommend ClamAV or ImunifyAV FREE.

Training

There are many free cybersecurity training platforms and vulnerability assessment tools available to help you learn more about securing your website, or Linux in general.

I recommend starting with cybersecurity awareness training from DoD Cyber Exchange.

Technical Support

Managed Hosting specializes in custom server-level configurations and optimizations. Ask Live Support about Launch Assist to help you get started and your allotted Managed Hosting time.

Community Support Center is the place to engage the community for support, alternatives, and additional assistance. Remember, the forum is not a live chat support medium and InMotion administrators do not have access to your hosting account. For immediate assistance with support and billing, contact our 24/7 Live Support.

Was this article helpful? Let us know!