Top 4 essential tips for a new VPS
We’re going to walk you through the essential steps to getting your new VPS ready for common hosting services. Our top 4 tips for setting up a new VPS:
- Hosting mail? Look up your IP reptuation!
- Firewalls… always firewalls
- DNS stuff: rDNS/PTR and Name Servers
- Restrict Access via ACLs (Access Control Lists / Firewall)
IP Reputation
This one is good to do generally, but is *mostly* only important if you’ll be hosting email.
Due to limited IPv4 space, it’s inevitable that your server’s IP address has been used by another tenant previously, probably even recently. And it’s plausible that the IP reputation was damaged by a prior tenant. To check the IP reputation, we often recommend tools like dnsbl.info.
Enter your server’s IP and if any flags appear, visit that blacklist’s website to find their de-listing tool. Be sure to read the directions carefully and follow them to the letter to ensure your IP is unblocked as quickly as possible.
Configure your Firewall
Most Linux distributions, like CentOS 7+ and Ubuntu come with command line controlled firewalls. On CentOS 7 that utility is firewalld and on Ubuntu it’s ufw.
Whatever you do, do not disable that firewall (unless you’re replacing it with another)! It will protect you from the numerous hacking attempts that occur throughout the Internet on a regular basis. Instead, learn how to open ports in that firewall just for the services that you need. For example, here’s the reference guides for the most common firewall types:
firewalld
(default on Suse and RedHat-based distributions like CentOS and AlmaLinux)- How to open a port
- List all open ports:
firewall-cmd --list-all
- Reload config:
firewall-cmd --reload
ufw
(default on Ubuntu)- Opening ports with UFW
- List all open ports:
ufw status numbered
csf + lfd
(free command line replacement with optional UI)- Plesk Firewall (good option if using Plesk Control Panel as it provides a UI)
- Replaces OS included firewalls
- How to manage Plesk Firewall rules
- Imunify360 (good option all around, but paid)
- Replaces OS included firewalls
- How to manage Imunify360 firewall rules
We recommend Plesk Control Panel and Imunify360’s security layer, such that you use only Imunify360 for all firewall (and security) management. If you opt for Plesk without Imunify360, use Plesk Firewall. If you don’t have Plesk at all, you can still use Imunify360 (with a paid license) or any of the above command line solutions like firewalld, ufw, csf + lfd.
DNS: rDNS and Name Servers
There’s a lot to consider when it comes to DNS in general, but when it comes to the initial setup of your VPS, there’s just two key components:
Hostname and rDNS
If, for example, your VPS hostname is vps12.myserver.ws then you should go to wherever your DNS is managed and be sure to set that subdomain (vps12) to point to the VPS IP address.
Wait an hour or longer after setting your hostname to point to the VPS IP, then login to our Client Centre and choose settings beside your VPS service. Here you will see the option to set the rDNS record so that your IP ‘reverse’ points to your hostname! Where it says “Primary IP”, look for the “Edit rDNS” option, click the button, then it *should* auto fill your hostname in the provided field. Click Save. You may then need to refresh the page to see your changes.
Name Servers
If you’ll be hosting your own DNS management services on the VPS (like the DNS configuration options in Plesk), then you’ll need to have your own name servers registered. You can see how this works here, but the short version is that the name servers tell users of a domain where the DNS is hosted so that the DNS server can – in turn – direct those users to the right places (whether email, web, or other stuff).
And so, you’ll need to have name servers created to host DNS on the server. Here’s how to create your own branded name servers.
Restrict Access / ACLs
While our firewall suggestions above will help to ensure only ports that are open can be accessed, that does leave unrestricted access to services on those ports unless otherwise configured.
If you’re using a control panel like Plesk or cPanel, you can configure them to limit admin logins to specific IPs. Here’s how to restrict admin access with Plesk. This way admin login access cannot be exploited unless:
- The hacker also gains access to one of your IPs, or
- There’s a flaw in the ACL system in Plesk (which is why keeping your Plesk updated is also super important!)
Similarly if you’ve got a website set up on your VPS that only your office needs access to, you can configure it to only be accessible to your office’s IP range so it’s not even available for hackers to attempt attacks against. If you’re using Plesk here’s how to do that for a single website.
Got more top tips you think we missed? Hit us up below with your suggesions!
Posted in News & Info
About Websavers
Websavers provides web services like Canadian WordPress Hosting and VPS Hosting to customers all over the globe, from hometown Halifax, CA to Auckland, NZ.
If this article helped you, our web services surely will as well! We might just be the perfect fit for you.
Thanks for the post.