Ransomware attacked my VPS. How can I secure my VPS in the future?

Ransomware attacked my VPS. How can I secure my VPS in the future?

comments (3)

  • Dan

    - 6 years ago

    Hello,

    You could add a firewall to protect your vps from unwanted ransomware.

  • Chris R

    - 6 years ago

    You could add a firewall like cloudflare and I believe that VPS Server has one as well. Also you are in control of the server- make sure your patches and updates are current as well. Without knowing the VPS type you are running it is hard to do anything but give you a generalization of what you should do from a practical security stance.

    Additionally- make sure youre using a remote backup - so you can wipe the server and restore from the last known complete safe backup then go about your security/patch/update routine.

  • the unkn0wn

    - 6 years ago

    It has nothing to do really with you not having a firewall, like for example cloudflare... Even thou it can help you against some other threats, you have probably been penetrated because of some vulnerable service that you had running in that machine.

    It could be because you haven't patched vulnerable (exploitable) service with latest updates. (...or maybe you have been 0-day-ed!)

    Or because the code you are running (in case of you writing your own 'webapps' , 'websites') is vulnerable due to poor considerations of existing attack vectors. For instance, SQL-injections, being one of the most common, combined with other bad SQL practices like using the root account (in a SQL-Injectable service), may lead to remote arbitrary code upload and execution (as root)...

    Also, if you dont follow good SSH practices (like disabling root login or password login instead of keys) you can end up being brute-forced (probably by some bot), allowing them to do whatever they want in your server.

    If you are developing, try to gain some basic understanding of the vectors... https://www.owasp.org/index.php/Category:Attack as you can see there are plenty of ways you can be attacked...

    Sometimes making manual backups are not enough due to constant updates in your data (files, db, ...) Even thou this can be a life-saver if you end up hacked (after following good security measures) So I would suggest is to set up some kind of scheduled remote backup so you dont end up loosing much of your data.

    Good luck ‡ (Remember : patch and secure services & follow good coding practices)