🛡 How to Protect VPS from Hacking and Brute Force
Securing your VPS is critical. Below are the essential steps to protect your server from brute-force attacks and unauthorized access. These recommendations are suitable for both beginners and experienced administrators.
🔐 1. Disable Root Login via SSH
This reduces the risk of brute-force attacks on the root account.
sudo nano /etc/ssh/sshd_config
# Find the line
PermitRootLogin yes
# Change to
PermitRootLogin no
# Then restart SSH
sudo systemctl restart ssh
🔁 2. Change Default SSH Port
Most brute-force bots target port 22. Changing it helps avoid automated attacks.
sudo nano /etc/ssh/sshd_config
# Change Port 22 to something else:
Port 2222
sudo ufw allow 2222
sudo systemctl restart ssh
🧱 3. Install and Configure Fail2Ban
Fail2Ban blocks IP addresses showing suspicious behavior (e.g., repeated failed logins).
sudo apt install fail2ban -y
sudo systemctl enable fail2ban --now
For basic setup, edit the following file:
sudo nano /etc/fail2ban/jail.local
🔑 4. Use SSH Key Authentication
Generate and upload your SSH key to the server:
ssh-keygen
ssh-copy-id user@your-server-ip
🔒 5. Configure UFW Firewall
Limit open ports to essential services only:
sudo ufw allow 2222/tcp
sudo ufw allow 80,443/tcp
sudo ufw enable
📌 Other Tips
- 📅 Regularly update your system:
sudo apt update && sudo apt upgrade - 🧑💻 Remove unused users and services
- 🧠 Use strong passwords and enable 2FA
If you need help securing your VPS — contact Bit.Hosting support. We'll help you set up protection!