1.Summary
For most beginners, after installing the system on a server, they often think "everything is done" and can directly start deploying websites or building projects. In reality, it’s far from that simple. Many new servers are more vulnerable to attacks right after the system installation — brute force attacks, being targeted by scanners, or even being infected with malicious mining scripts. You might wonder why a freshly set up server is targeted when nothing has been done on it.
The most common reason is simple: a public IP address + default ports + default configurations make it an easy target for scanners. Attackers can automatically scan these “exposed” servers, waiting for any vulnerabilities they can exploit.
Today, I’m going to share five key actions you should take. These aren’t optimizations; they’re life-saving security measures. Whether you're setting up a simple blog or testing a small project, you must take these steps.
2.Immediately Change the Default Login Password
This is the first and foremost security measure. Why? Think about it — the root password for a newly installed system is very easy to brute-force. Attackers can scan your server, find the open SSH port (usually port 22), and start trying default passwords. The first few hours after your server goes live are the peak period for brute force attempts. So, the first thing you should do is change the default password.
How to do it?
Log into your server.
If you're using the root user, run the command
passwd.The system will ask you to enter a new password twice.
Password recommendation:
At least 12 characters
A mix of uppercase and lowercase letters, numbers, and special characters
Avoid easily guessable information like birthdays, phone numbers, or the server's IP address
This simple step can block over 80% of basic attacks, so it's worth spending 30 seconds on it.
3.Disable Remote Root Login
Just changing the password isn’t enough. The root user is always the main target for attackers. To enhance security, you should also disable remote root login.
Steps:
Create a normal user and give it sudo privileges:
adduser username usermod -aG sudo usernameTest if the new user works:
su - username sudo lsAfter confirming the new user works fine, you can proceed to disable root login.
Even if an attacker can guess the password, they’ll only have access to a regular user’s privileges, making it much harder for them to continue the attack.
4.Disable Root SSH Login
Sometimes, simply creating a new user isn’t enough. You also need to adjust some SSH configuration details. By modifying the SSH configuration file, you can completely disable root remote login, further reducing the risk of brute force attacks.
Steps:
Open the SSH configuration file:
nano /etc/ssh/sshd_configFind the line
PermitRootLogin(if it doesn’t exist, add it) and change it to:PermitRootLogin noEnsure
PasswordAuthenticationis set toyes.Save and exit the configuration file, then restart the SSH service:
systemctl restart ssh
Important: Before disabling root login, make sure you can log into the server with the new user account. Otherwise, you may accidentally lock yourself out of the server.
5.Close Unnecessary Ports
You might think that if nothing is installed on the server, there should be no issues. However, many times, "nothing installed" actually means there are still unnecessary open ports, increasing potential security risks. You can check and close those ports by following these steps.
Steps:
Check open ports:
ss -tulnThe essential ports you should see include:
22 (SSH)
80 / 443 (for websites)
Use a firewall (UFW recommended) to manage ports:
ufw enable ufw allow 22 ufw allow 80 ufw allow 443Check firewall rules status:
ufw status
Ensure that only necessary ports are open, making it harder for attackers to find an entry point.
6.Keep the System Updated
You might think that once the system is installed, there’s no more risk. In reality, new systems often come with outdated security patches, leaving "backdoors" for attackers to exploit.
Steps:
For Ubuntu/Debian systems:
apt update && apt upgrade -y
For CentOS/Alma/Rocky systems:
dnf update -y
Keeping your system updated will help fix known vulnerabilities and reduce the risk of attack.
Frequently Asked Questions
Q1: I’m just using the server for a small test, do I really need to do all of this?
Yes! Attackers don’t care if you’re running a test project or a live one. They only care if your server is vulnerable.
Q2: Can I just rely on a complex password and not use a firewall?
Not recommended. Passwords alone cannot protect against the risks of exposed ports. A firewall is the lowest-cost, most effective defense.
Q3: If I install a control panel (like Baota or 1Panel), do I still need to do these steps?
Yes, a control panel addresses application-level issues, but these steps are related to system-level security configurations. They’re not the same thing.
Q4: Will disabling root login make server maintenance difficult?
No. Using a regular user and executing commands with sudo is safer and is the proper way to manage servers.
Q5: Will these steps make my server invulnerable to attacks?
No system is "100% secure," but these measures will significantly reduce the risk of automated and low-cost attacks.
7.Conclusion
Many people only realize the importance of security after their server gets hacked. The best approach is to implement security measures from the beginning. These five steps, while simple, can drastically reduce the risk of your server being attacked. Spend just 10 minutes on these tasks, and you’ll greatly lower the chances of being “randomly scanned.”