Whats the problem?
In the current day and age anyone can build a Linux server. A Google search and a YouTube tutorial and suddenly you have a device that hosts a webpage. It is honestly amazing and it is wonderful to live in a time where anyone can learn about Linux and host a server within minutes. Do any of these tutorials tell you how to secure your server?
Very few of the tutorials I found warned of the risk of not securing your device. Therefore I set out to test and see just what sort of risk someone would be taking by following a tutorial and ignoring security.
How do you test that?
I set up my server to log every attempt to access my server in var/log/auth.log. After 48 hours of leaving my server up I went back and counted how many access attempts my server had using the command “wc -l /var/log/auth.log” which counts the total number of lines in a file.
After 48 hours I had 77,695 access attempts. The first day my device went nearly unnoticed with just around 10,000 access attempts. Then in the second day my device really gained attention. It peaked at nearly 6 access attempts per second.
The device went nearly unnoticed for the first day. The second day was when several bots started to take notice. Of the attempts 64% were brute force attempts to login via ssh using logins such as Admin and root. 22% were attempts to log into services such as databases that may be stored on the device. The other 14% were attempts to make use of vulnerabilities.
What can you do?
First thing to do is regular software updates. Most Linux distributions have regular updates to patch vulnerabilities. You can have the most secure system in the world, but if there is a software vulnerability for your device you may as well be an open target.
Second bit of advice is have a secure login. This means coming up with a unique login id and a password that combines upper case, lower case, and special characters. What I suggest to most is come up with a phrase and change letters out for numbers and add some special characters to the end. A good example of this is: Th15Pa55w0rdDoesn’tSuck!! As seen below this example is not likely to be cracked anytime soon.
Finally if you do not use it then loose it. If you have software that does not need to be running on your server disable it. If you have ports that are open and you are not using then close them with a service like Uncomplicated Firewall (UFW). UFW is a great solution as it can also block IP’s that make too many unsuccessful login attempts.
Stay tuned as we will be providing more detailed guides for securing your Linux servers soon. In the mean time I would check YouTube for securing Linux servers as there are many very helpful guides there.