How to Secure Your Website on Linux?
When it comes to securing your website or API server, it is a tedious task that you would have never thought about it such as regularly checking your server’s weakness by port scanning, OWASP Top 10, and system vulnerability.
So you can easily find and fix some potential problems and prevent malicious attacks as early as possible.
OWASP Top 10 is the top 10 risk in a web application. You need to validate your website properly and avoid these common attacks.
This article will provide you with some common and easy approaches to secure your Linux so that you can focus on developing features for your websites.
- Hosted Scan
- Port Scan
- Update Security package
- Port Scan
- OWASP Top10
- System Vulnerability
First, you need to understand what is the weakness of your system.
You can utilize HostedScan.com below to regularly check your domain name of the website in the port scan, OWASP Top 10, and system vulnerability.
HostedScan requires public read access only, and will never make any modifications to your servers. Scans are external…
Basically, this website can help you to
- finding some unused ports in your Linux
- checking potential risk in OWASP Top 10
- checking system vulnerability
- If you find any opening port without using it, close those unused services completely. Because this can prevent brute force attacks.
- Remember don’t expose SSH Port 22 to the public. Instead, you can set it up in a different port or utilize a firewall to restrict the retry times like fail2ban.
- It’s better to open ports when needed like HTTP in Port 80 and HTTPS in Port 443 while others should be closed.
- If you find any risks above the medium level in OWASP Top 10 or system vulnerability, it’s recommended to fix them as soon as possible.
You can check your system by scanning your port number. Once you find out some ports that are open and not used, remember to close them and stop their related services accordingly.
- Install port scan tool
sudo install nmap
- Execute Port Scan command to scan Port from 1 to 65535
nmap -p 1-65535 -T4 -A -v [Target IP]
- This tip is as same as the previous one but you can check the opening port by command line.
- While in the previous tip, you need to use 3rd Party Services.
The fundamental rule to improve the security of your Linux is your system only opens necessary ports for your services.
I strongly recommend you set up restrictions on port 22 to avoid being attacked by SSH Brute Force.
One solution to protect SSH Brute Force is you can utilize DenyHost to automatically parse SSH Log and set up firewall rules by detecting malicious IPs.
The other solution is you can restrict the log-in times like 3 times of failure to ban the users.
Update Security package
Update your system with the latest security packages to reduce exposure to system vulnerabilities.
Install this package if it isn’t already installed using
sudo apt-get install unattended-upgrades
To enable it to type
sudo dpkg-reconfigure unattended-upgrades
and select "yes".
Scan and check your system regularly with the following antivirus software.
- Install Virus
sudo apt-get install clamav
- Update Virus code
- Scan system
sudo clamscan --remove=yes -i -r ./
Congratulation! You have learned how to
- check your Linux’s weakness by hosted scan or port scan,
- protect your system by firewall and antivirus,
- strengthen your system by automatically updating the security package.
You can utilize those tips mentioned above for any kind of website or API server to ensure the high security of your services.
That’s all, folks. If you liked this story, please show your support by 👏 this story. Thank you for reading!
You might be interested in
How to create a Serverless Cron Job in AWS Batch?
AWS Batch is a managed service to allow you to run batch jobs on AWS like big data analyzing or updating data in MYSQL.
How to reverse engineer Unity3D Games?
Before writing this article, I thought Unity’s games were much safer than some browser games built by Java Script…
8 Tips to secure WordPress and avoid XML-RPC Attack
In this post, we will provide some tips to protect your WordPress and avoid XML-RPC attacks and explore how to use some…
Follow Game Tech Tutorial for the latest tutorials: