talk to us
Get Proposal
Facebook Twitter Youtube
Get Proposal

Securing your web server in 10 steps

Securing a computer system is a rigorous task, especially when the system is connected to the Internet. Indeed, the global network is teeming with hackers who hinder the proper functioning of your systems. Here’s how to limit the possibilities.

1. Changing the SSH listening port

By default and conventionally, the Secure Shell or SSH listens on port 22. But this convention makes it easier for hackers. Thus, they immediately test this port if they want to access the server. This is why it is necessary to create a fake: move the listening port to another one. At least the automatic brute forces can’t do anything.

2. Only use TLS in administration

While you are administering your server, millions of hackers try to extract sensitive data such as your password, for example. It is therefore advisable to opt exclusively for TLS (Transport Layer Security) for administration. Encrypted data is impossible to crack.

3. Do not administrate anywhere

The local network can also be dangerous. Select the networks you trust to administer your servers. Avoid free WiFi, Internet cafes, …

4. Clean up malware on your PC

Malware such as viruses and Trojans can pass your login information to hackers. They will then use it to access your server just as easily.

5. Updating the server

It is necessary to keep all server software up to date to avoid the security holes already identified, especially the Linux kernel. The following article details Why update your linux in an emergency?

6. Maintain your own applications

Your own applications and programs on your servers must be maintained and regularly updated. These can also be the source of security breaches.

7. Your PHP settings

There are a few PHP settings that can threaten the security of your :

allow_url_fopen which allows you to treat all URLs as files. It can therefore be a way for an attacker to inject something into your servers. Disable it, especially if you are still on the old version of PHP 4.

allow_url_include which allows you to include URLs in your PHP code and run PHP scripts over them. It is strongly advised to disable it.

register_globals: a potential source for SQL injection or executing arbitrary code.

8. The Apache ModSecurity rules

This software firewall can analyze incoming HTTP requests and identify known exploits. It is therefore advisable to install and configure it properly.

9. Disable unnecessary services

You may have followed a tutorial to install your web server. However, you do not use, for example, MTA (Mail Transfer Agent) services or in other words you do not send emails via your web server. So it is more prudent to disable or even uninstall the responsible software.

10. Fail2ban and RKHunter

These two tools protect your servers from bruteforces and rootkits, the two favorite practices of hackers.

If you have followed the tutorial Turning a VPS into a Shared Hosting Server, you can skip some of these rules that have already been integrated into the tutorial itself.

Share this post

Recent Posts

About

Get a website for your company or project for only 5000php. The price is inclusive of (hosting + domain + website + email)

Display Features

• Hosting + domain for one year for free.
• Domain (name of your site) (com – net – org).
• 3 mobile banners to display products.
• 3 email addresses
• 5 pages of the site.
• Supports display on smartphones.
• Search engines support (Google – Yahoo – Bing).
• Contact us page, to communicate and request company services.

To communicate and get more information you can contact the following numbers Mobile or message on the page

https://www.i-webmasters.com
webdev@i-webmasters.com

Newsletter
Subscribe for our monthly newsletter to stay updated

Related Posts

Contact us today for a special promo discount!

Click now for our Exclusive Discount Promo!

i-webmasters logo

Copyright 2025 © All rights Reserved.

Facebook Twitter Youtube Instagram
Scroll to Top