{"id":4190,"date":"2023-09-07T10:33:15","date_gmt":"2023-09-07T14:33:15","guid":{"rendered":"http:\/\/www.hostdime.com\/blog\/?p=4190"},"modified":"2024-07-17T16:07:57","modified_gmt":"2024-07-17T20:07:57","slug":"bare-metal-server-security","status":"publish","type":"post","link":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/","title":{"rendered":"How to Increase Your Bare Metal Server Security"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png\" alt=\"dedicated server security\" width=\"500\" height=\"364\" class=\"aligncenter size-full wp-image-16613\" srcset=\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png 500w, https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24-300x218.png 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/p>\n<p>Server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses. <a href=\"https:\/\/www.hostdime.com\/bare-metal-servers\/\">HostDime&#8217;s bare metal servers<\/a> undergo a rigorous security check before and during deployment to give clients peace of mind. You can check out our extensive security audit in detail below.<\/p>\n<p>But first, there are additional ways to beef up your server&#8217;s security, whether you are a HostDime client or not. Perform these steps to reduce your server&#8217;s risk of attack:<\/p>\n<p>&nbsp;<\/p>\n<p><center><\/p>\n<h2>How to Increase Your Bare Metal Server Security<\/h2>\n<p><\/center><\/p>\n<p>1. Change the SSH (Secure Shell) Listen Port on the server to a port different than 22. This prevents automated brute-force attacks from even beginning to guess usernames and passwords on the server.<\/p>\n<p>2. Use only TLS (Transport Layer Security) protected interfaces for server administration. TLS encrypts the traffic between your server and your computer. This prevents hackers from capturing login information so they can execute an attack. Our servers offer TLS-protected access, but it may not be on by default.<\/p>\n<p>3. Use only trusted networks and computers to administer your server.<\/p>\n<p>4. Ensure all systems used to administer the server are free from malware, as malware gives attackers access information for your server&#8217;s admin interfaces as it is used, even if it&#8217;s sent encrypted over the network.<\/p>\n<p>5. Always keep an eye out for the latest fixes and releases for all active scripts. Monitor the developers whose scripts you are running to be aware of patches and other tweaked releases.<\/p>\n<p>And now, on to HostDime&#8217;s own server security audit.<\/p>\n<p>&nbsp;<\/p>\n<p><center><\/p>\n<h2>HostDime&#8217;s Bare Metal Server Security Audit<\/h2>\n<p><\/center><\/p>\n<p><strong>Point 1: Check kernel version.<\/strong> The Linux kernel is the core system program of all Linux systems. HostDime&#8217;s talented technicians always check your kernel version to make sure there are zero exploitable vulnerabilities. If any kernel vulnerabilities are discovered, the update process will happen immediately and HostDime will contact you to schedule a reboot.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 2: Check PHP settings.<\/strong> There are several PHP settings that we advise be disabled on servers that do not require them:<\/p>\n<p><em>\u201callow_url_fopen\u201d<\/em>: This setting allows PHP to treat any URL as if it were a file. This poses a security risk for certain PHP applications that incorrectly sanitize &#8220;include&#8221; and &#8220;fopen&#8221; statements.<\/p>\n<p><em>\u201callow_url_include\u201d<\/em>: Almost no PHP applications require \u201callow_url_include\u201d be enabled. Therefore it is recommended that \u201callow_url_include\u201d always be disabled. Once \u201callow_url_include\u201d is disabled, users can enable \u201callow_url_fopen\u201d if needed.<\/p>\n<p><em>\u201cregister_globals\u201d<\/em>: This setting allows global PHP variables to be set at runtime through a URL. Having it enabled could allow attackers to modify arbitrary PHP variables. This can lead to SQL injections, arbitrary code execution, and other exploits for vulnerable PHP applications. Therefore the normal recommendation is that \u201cregister_globals\u201d be disabled.<\/p>\n<p>In addition to these three PHP settings, the technicians also recommend that other vulnerable PHP functions be disabled. In doing so, the effectiveness of PHP shells and other PHP-based malware is reduced. The list of functions generally recommended that users disable are the following:<\/p>\n<p><em>dl, exec, shell_exec, system, passthru, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, pfsockopen, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 3: Check Apache mod_security ruleset.<\/strong> Apache mod_security is a software firewall which scans incoming HTTP requests for known exploits. HostDime maintains an internal ruleset for many known exploits and always checks to ensure that the latest ruleset is installed on a server prior to deployment. To ensure your server is always using the latest ruleset, HostDime can configure your server to update the ruleset every day.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 4: Check CSF\/LFD configuration.<\/strong> CSF\/LFD is a software firewall suite that supports automated brute force detection and prevention, process tracking, SYN flood protection, and a wide range of other automated security features. By default, HostDime installs and configures CSF\/LFD on all standard Linux servers.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 5: Check system binaries.<\/strong> HostDime runs a full web server security audit on the binary package versions, such as BIND, apache, and udev, to ensure everything is up-to-date and not vulnerable to any known exploits.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 6: Configuration partition mounting options.<\/strong> HostDime changes configuration on partitions to lessen risk of filesystem-based attacks and to reduce I\/O overhead.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 7: Disable typically unneeded services.<\/strong> HostDime disables services not commonly used to ensure the security of the server.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 8: Deploy initial security-focused configurations.<\/strong> HostDime deploys initial security-focused configurations for MySQL, Exim, cPanel, Plesk, FTP, SSH, and PHP.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 9: Install RKHunter.<\/strong> RKhunter is a program designed to scan your server for known rootkits and detected modified system binaries. We install RKHunter and initialize its state database.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Point 10: Install BusyBox.<\/strong> HostDime installs Unix tools file BusyBox, &#8220;The Swiss Army Knife of Embedded Linux&#8221;.<\/p>\n<p>&nbsp;<\/p>\n<p>Good luck out there. As always, for any questions you may have, <a href=\"https:\/\/chat.hostdime.com\" target=\"_blank\" rel=\"noopener noreferrer\">hit us up on chat<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.<\/p>\n","protected":false},"author":13,"featured_media":16613,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,8],"tags":[],"class_list":["post-4190","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dedicated-servers","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Increase Your Bare Metal Server Security<\/title>\n<meta name=\"description\" content=\"Dedicated server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Increase Your Bare Metal Server Security\" \/>\n<meta property=\"og:description\" content=\"Dedicated server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\" \/>\n<meta property=\"og:site_name\" content=\"HostDime Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/hostdime\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-07T14:33:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-17T20:07:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"364\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jared Smith\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jared Smith\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\"},\"author\":{\"name\":\"Jared Smith\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/#\/schema\/person\/fdc19f9386316cd19f8eebb64a223503\"},\"headline\":\"How to Increase Your Bare Metal Server Security\",\"datePublished\":\"2023-09-07T14:33:15+00:00\",\"dateModified\":\"2024-07-17T20:07:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\"},\"wordCount\":829,\"publisher\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png\",\"articleSection\":[\"Dedicated Servers\",\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\",\"url\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\",\"name\":\"How to Increase Your Bare Metal Server Security\",\"isPartOf\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png\",\"datePublished\":\"2023-09-07T14:33:15+00:00\",\"dateModified\":\"2024-07-17T20:07:57+00:00\",\"description\":\"Dedicated server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage\",\"url\":\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png\",\"contentUrl\":\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png\",\"width\":500,\"height\":364,\"caption\":\"dedicated server security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hostdime.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Increase Your Bare Metal Server Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/#website\",\"url\":\"https:\/\/www.hostdime.com\/blog\/\",\"name\":\"HostDime Data Center Blog\",\"description\":\"Hyper Edge, Purpose-Built Data Centers\",\"publisher\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hostdime.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/#organization\",\"name\":\"HostDime\",\"url\":\"https:\/\/www.hostdime.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2019\/04\/pldooampldeadoii.png\",\"contentUrl\":\"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2019\/04\/pldooampldeadoii.png\",\"width\":150,\"height\":150,\"caption\":\"HostDime\"},\"image\":{\"@id\":\"https:\/\/www.hostdime.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/hostdime\",\"https:\/\/x.com\/hostdime\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.hostdime.com\/blog\/#\/schema\/person\/fdc19f9386316cd19f8eebb64a223503\",\"name\":\"Jared Smith\",\"description\":\"Jared Smith is HostDime's Director of Marketing and the author of the HostDime Blog. Email Jared for guest blogging opportunities on your website or this one.\",\"sameAs\":[\"http:\/\/hostdime.com\/blog\"],\"url\":\"https:\/\/www.hostdime.com\/blog\/author\/jared-s\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Increase Your Bare Metal Server Security","description":"Dedicated server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/","og_locale":"en_US","og_type":"article","og_title":"How to Increase Your Bare Metal Server Security","og_description":"Dedicated server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.","og_url":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/","og_site_name":"HostDime Blog","article_publisher":"https:\/\/www.facebook.com\/hostdime","article_published_time":"2023-09-07T14:33:15+00:00","article_modified_time":"2024-07-17T20:07:57+00:00","og_image":[{"width":500,"height":364,"url":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png","type":"image\/png"}],"author":"Jared Smith","twitter_misc":{"Written by":"Jared Smith","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#article","isPartOf":{"@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/"},"author":{"name":"Jared Smith","@id":"https:\/\/www.hostdime.com\/blog\/#\/schema\/person\/fdc19f9386316cd19f8eebb64a223503"},"headline":"How to Increase Your Bare Metal Server Security","datePublished":"2023-09-07T14:33:15+00:00","dateModified":"2024-07-17T20:07:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/"},"wordCount":829,"publisher":{"@id":"https:\/\/www.hostdime.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png","articleSection":["Dedicated Servers","Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/","url":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/","name":"How to Increase Your Bare Metal Server Security","isPartOf":{"@id":"https:\/\/www.hostdime.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage"},"image":{"@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png","datePublished":"2023-09-07T14:33:15+00:00","dateModified":"2024-07-17T20:07:57+00:00","description":"Dedicated server security is vitally important for businesses to avoid exposing sensitive data and protecting themselves against viruses.","breadcrumb":{"@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#primaryimage","url":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png","contentUrl":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2024\/07\/Security_24.png","width":500,"height":364,"caption":"dedicated server security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hostdime.com\/blog\/bare-metal-server-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hostdime.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Increase Your Bare Metal Server Security"}]},{"@type":"WebSite","@id":"https:\/\/www.hostdime.com\/blog\/#website","url":"https:\/\/www.hostdime.com\/blog\/","name":"HostDime Data Center Blog","description":"Hyper Edge, Purpose-Built Data Centers","publisher":{"@id":"https:\/\/www.hostdime.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hostdime.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.hostdime.com\/blog\/#organization","name":"HostDime","url":"https:\/\/www.hostdime.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hostdime.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2019\/04\/pldooampldeadoii.png","contentUrl":"https:\/\/www.hostdime.com\/blog\/wp-content\/uploads\/2019\/04\/pldooampldeadoii.png","width":150,"height":150,"caption":"HostDime"},"image":{"@id":"https:\/\/www.hostdime.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/hostdime","https:\/\/x.com\/hostdime"]},{"@type":"Person","@id":"https:\/\/www.hostdime.com\/blog\/#\/schema\/person\/fdc19f9386316cd19f8eebb64a223503","name":"Jared Smith","description":"Jared Smith is HostDime's Director of Marketing and the author of the HostDime Blog. Email Jared for guest blogging opportunities on your website or this one.","sameAs":["http:\/\/hostdime.com\/blog"],"url":"https:\/\/www.hostdime.com\/blog\/author\/jared-s\/"}]}},"_links":{"self":[{"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/posts\/4190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/comments?post=4190"}],"version-history":[{"count":21,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/posts\/4190\/revisions"}],"predecessor-version":[{"id":16615,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/posts\/4190\/revisions\/16615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/media\/16613"}],"wp:attachment":[{"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/media?parent=4190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/categories?post=4190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostdime.com\/blog\/wp-json\/wp\/v2\/tags?post=4190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}