In this article you'll find an overview of all security related articles for VPSs in our knowledge base. This includes information about what you can do to secure your VPS, but also what we do (e.g. DDoS protection).
One of the most important tips we can give you for securing your server (and what you host on it), is to keep it up-to-date. Frequently check for and install updates for your OS, software, hosted CMS-systems and its themes / plugins if applicable (e.g. WordPress).
Minimal measures
You can go as far as you want with the security of your VPS, but to limit risks, we recommend at least the following security measures:
General
- Use unique passwords
- Be aware of the risks of phishing
- Enable 2FA for the TransIP control panel (and any other party where you can use it)
- Use a password manager
- Do you see that your CPU is fully loaded for an extended period (note: the limit is 100% per CPU core of your VPS) or the network of your VPS in the TransIP control panel? Then there is a high probability that your server is infected with malware or a virus
- Especially with multiple VPSs, use a VPN server and private network so that you can restrict allowed traffic to IP addresses of your private network and VPN.
- When starting a new installation of your VPS, begin with its security rather than the final use case.
- Update your VPS regularly; preferably set up automated security updates.
- Use a firewall.
Linux
- Handle credentials safely (for example, in scripts).
- Take all measures under the heading ‘Linux - Bruteforce /SSH’.
- The Fast Installs process allows you to deliver your VPS ready-to-use for a number of operating systems with an SSH key configured and any configuration changes such as a changed SSH port (via a Cloud-Init file).
Windows
- Change your Remote Desktop Port
- Use an Active Directory when working with multiple users who require separate rights
General
DDoS
Linux - bruteforce / SSH
You can also restrict SSH access to your own IP addresses using IP whitelisting. For this, see our Firewall documentation below.
Updating a Linux VPS
In our article about the most important security aspects of keeping a server secure, we explain how to update various Linux distributions.
For updating a VPS with a control panel, see the specific DirectAdmin, Plesk and cPanel sections of this article.
Linux Anti-Virus
Firewall
- The VPS Firewall in the TransIP control panel
- Firewalld CentOS Stream, AlmaLinux & Rocky Linux
- Uncomplicated Firewall (UFW) Debian & Ubuntu
- pfSense firewall installation
- Enabling and interpreting Windows Firewall logging
VPN
DirectAdmin
Plesk
cPanel
Windows
- Securing the Remote Desktop port
- Restricting Remote Desktop access to specific IP adresses
- Using an Active Directory (recommended for managing users and groups)
- Using a Remote Desktop Gateway
- Monitoring Active Directory Events
SSL
- SSL in DirectAdmin
- SSL in Plesk
- SSL in cPanel
- SSL in Windows IIS
- SSL in Apache
- SSL in HA-IP / HA-IP Pro
Vulnerabilities monitored by TransIP
We automatically scan all VPSs hosted with TransIP for the vulnerabilities listed below.If we discover that any of these services is vulnerable on a VPS, we'll send you an e-mail with a link to the article explaining how to secure the service. If the service is not secured after an indicated period of time, the port will be blocked for the specific VPS in our firewall.
- Securing your NTP server
- Securing your SNMP server
- Securing the RPC portmapper service
- Securing the LDAP service in Windows Server
- Securing OpenDNS resolvers
- Securing the Memcache service
- Securing the NetBIOS service
- Securing the SSDP port
Abuse reports / Infected VPSs
WordPress
Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach us via the ‘Contact Us’ button at the bottom of this page.