Best Security Practices for Self-Hosted Servers


#1

This Topic is dedicated to absolutely must-have security practices for webservers. Best recommendations will be added to the OP.

Here are a few from my side:

  1. Use SSH keys instead of SSH Password
  2. Disallow HTTP access (Move to HTTPS)
  3. Close down all the ports that you don’t need (Generally all except 22/80/443)
  4. Set up ping monitoring from downtime monitoring service
  5. Always stay latest (Update at least twice a month and immediately upon a vulnerability disclosure)

As we all know, nobody is safe on the internet. However, we can try to be on the lesser prone to be victimized side.


#2

One that I can recommend is to run a local firewall. Try gathering data for the most common server providers and block out access to all of those IP/Ranges as those are most commonly known to be either VPN or Botnet users trying to get into your machine or DDoSing you.


#3
  • If I completely block HTTP may be redirect won’t work? (Loss of backlink)

#4

completely blocking http will also cause other issues (Including problems with operation of ACME based SSL engines e.g. certbot)