Essential security tips for servers

In this tutorial you will find out some of the necessary steps to secure you VPS or dedicated server.

1. First thing you need to do is to change your root password. Connect to server with SSH and type:

passwd

Then type in your new password, press enter, and retype it again.

2. It's not safe to allow root user to login throught SSH. So you need to create a new user:

useradd user_name

Then set the password for this user with:

passwd user_name

3. Now let's go to SSH settings.

Open file by typing:

nano /etc/ssh/sshd_config

And find/change following:

PermitRootLogin no
X11Forwarding no
AllowUsers user_name
Port 10000

It's important to change your SSH port to higher number (for example 10000).

4. Configure iptables:

iptables-save > /etc/iptables.rules
nano /etc/iptables.rules

Example rules:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/8 -i ! lo -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT #Change this port to SSH server's port
-A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ACCEPT
COMMIT

Be careful to change your SSH port to the one you set in sshd_config, otherwise you wouldn't be able to log in to SSH server.

Import rules to iptables:

iptables-restore < /etc/iptables.rules

5. Set new iptables rules to reset during reboots:

sudo nano /etc/network/interfaces

...
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules
...

6. And now reload SSH server:

sudo /etc/init.d/ssh reload

These are only essential steps to secure you server. Your server should now be a little bit more secure, but there is no such thing as 100% security.

Setting Charset on an Apache Server

How to demand from an Apache Server to serve pages with a specific encoding?

You will ask this question sooner or later if you are making web sites. Probably sooner if you are dealing with non-ASCII characters.

There are a lot of charsets in the world, from ones that support most languages to ones that are very specific. In web development business UTF-8 is a standard, specially on non-english web sites. It's not that big of a problem on HTML sites, but it can be a hell of a mess if you have server with first encoding, PHP with second encoding and MySQL with completely different encoding.

In this post, I will show you how to tell Apache to use specific charset (in our examples I'll use UTF-8).

The easiest way to set encoding is by following meta tag in HTML:

<meta http-equiv="content-type" content="text/html; charset=UTF-8">

But this is not always enough. So to be sure you need to specify charset in the Apache configuration file or in .htaccess.

You can use one of the following methods:

<FilesMatch "\\.(htm|html|css|js|php)$">
ForceType 'text/html; charset=UTF-8'
</FilesMatch>

or

AddType 'text/html; charset=UTF-8' html

or

AddCharset UTF-8 .html

or

AddDefaultCharset UTF-8

I recommend last option because I had no problems what so ever with it so far. It always works fine. (Other should too.)