I had a message from hetzner abuse today saying that there is malware on my server.
Does anyone have any tips to protect my server in the future? I know this is a whole technical area that would take me months to learn, but does anyone have a list of the basics i need to do on my server to ensure as much as possible is covered? then i can research the things you mention and implement them.
I saw a lot of people recommending hetzner here but didn’t realise how much you needed to do to secure it haha
I have been using multiple private vps over the last 4 years and not once have I had it hacked.
So without writing a long long reply…
Security 101 - this applies to every PC and not just a server as well
Don’t click on links you don’t know
Don’t download/open files you haven’t checked using virustotal
Don’t run scripts/apps you are not 100% sure have no malicious script (a python script wouldn’t flag up in the antivirus but it could have a backdoor which you wouldn’t know about)
Use antivirus - BitDefender, nod32, kaspersky - all cost less than 50$ per year and will protect you even if you don’t follow all of the above (most likely, it’s possible that some malicious scripts can slip through it’s filters but unlikely if you keep it up to date)
edit: oh and almost forgot - have a long secure password for your VPS including the CAPS, lower, 123 and !$%^. Ideally 10+ characters as VPS are often targeted to be cracked and used for blackhat stuff like carding etc.
I belive that if you use all at the same time that could lead to issues of them blocking each other when finding a file etc. I belive @BruceSilduk just wanted you to have a choice of Antivirus Software
no, just pick one and use it. But not all are equal - malwarebytes for example is very popular but it is known not to pick up as much as say bitdefender or nod32 would. But then again, antivirus is there to be an extra layer of security, as long as you’re cautious you won’t need to worry about getting malware in the first place.
And yes, this is a very known vulnerability issue with VPS systems, I don’t think any of them come with the bruteforce as default.
However, a decent password will keep you safe for very long I keep my passwords like this:
M%2vx081^sWz
and it would take this long to bruteforce it
Now lets pick something like most users pick
dude587
from trusted external sources, CERT-Bund received information on
IP addresses geolocated in Germany which are most likely hosting
a system infected with malware.
Please find below a list of affected systems on your
network. Each record includes the IP address of the affected system,
a timestamp (UTC) and the name of the related malware family.
If available, the record also includes the source port, destination IP,
destination port and destination hostname for the connection most
likely triggered by the malware to connect to a command-and-control
server.
Most of the malware families reported here include functions for
identity theft (harvesting of usernames and passwords) and/or
online-banking fraud.
I keep my passwords like this:
