Tag: linux security

Firewall vs WAF: Which One Does Your Website Need?

Leave a Comment on Firewall vs WAF: Which One Does Your Website Need?

When it comes to securing your website or VPS, two terms often come up: Firewall and WAF (Web Application Firewall). While they sound similar, they serve different purposes. Choosing the right one—or knowing when to use both—is crucial for protecting your applications and data from cyber threats.

In this article, we’ll break down the differences, benefits, and best use cases for Firewalls and WAFs.

✅ What is a Firewall?

firewall is a network security system that filters incoming and outgoing traffic based on predefined rules. It operates at the network and transport layers (Layer 3 and Layer 4 of the OSI model).

What it does:

  • Blocks unauthorized access to your VPS or network
  • Controls which IP addresses, ports, and protocols can communicate
  • Prevents brute-force attacks and scans

Types of Firewalls:

  • Host-based (e.g., UFW, Firewalld)
  • Network-based (hardware or cloud)

Example: Blocking all ports except 80 (HTTP), 443 (HTTPS), and SSH.

✅ What is a WAF (Web Application Firewall)?

Web Application Firewall protects web applications by filtering HTTP/S traffic. It operates at the application layer(Layer 7 of the OSI model) and is designed to prevent attacks like:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • File Inclusion Attacks
  • OWASP Top 10 vulnerabilities

How it works:

  • Analyzes HTTP requests before they reach your application
  • Blocks malicious patterns in URL, headers, or payload
  • Can be deployed as a reverse proxy (e.g., Cloudflare, AWS WAF)

✅ Firewall vs WAF: Key Differences

FeatureFirewallWAF
LayerNetwork (Layer 3/4)Application (Layer 7)
Protection FocusIPs, Ports, ProtocolsHTTP/S requests and app vulnerabilities
BlocksUnauthorized access, brute forceSQL Injection, XSS, Web Exploits
DeploymentServer or Network LevelApplication or CDN Level

✅ Do You Need Both?

Yes, in most cases.

  • Firewall ensures your VPS isn’t exposed to unnecessary ports or traffic.
  • WAF adds another layer by inspecting HTTP/S traffic for malicious patterns.

Think of it like this:

  • Firewall = Lock on your front door
  • WAF = Security guard checking IDs at the entrance

✅ Best Practices for VPS Security

  • Enable a firewall on your VPS using UFW or Firewalld.
  • Install Fail2Ban to protect against brute-force attempts.
  • Use a WAF service like Cloudflare for application-layer protection.
  • Keep your apps and OS updated to avoid zero-day vulnerabilities.
  • Take regular backups for quick recovery.

✅ Hosteons VPS Security Advantage

At Hosteons, all VPS plans are designed for security:

  • Full root access to configure UFW, CSF, or any firewall
  • 10Gbps network ports for fast, secure connectivity
  • Compatible with Cloudflare WAF and other security tools

👉 Explore plans:

Final Thoughts

A firewall and a WAF are not competitors—they complement each other. Use both to achieve comprehensive protectionfor your VPS and websites.

How to Protect Your VPS Against Ransomware Attacks

Leave a Comment on How to Protect Your VPS Against Ransomware Attacks

Ransomware attacks have become one of the most dangerous cybersecurity threats in recent years. These attacks encrypt your data and demand a ransom for its release, causing downtime, financial losses, and sometimes permanent data loss.

If you’re running a VPS, you are a target—but with the right security practices, you can significantly reduce the risk. In this guide, we’ll show you how to protect your VPS from ransomware attacks.

✅ 

What is Ransomware and Why Target VPS?

Ransomware is malicious software that encrypts your files or system, rendering them unusable until a ransom is paid. VPS servers are attractive targets because:

  • They often host business-critical applications
  • Many users fail to apply security updates
  • Weak configurations leave them exposed to attacks

Top Ways to Secure Your VPS from Ransomware

✅ 

1. Keep Your System Updated

Unpatched systems are the most common entry point for attackers.

Update your VPS regularly:

sudo apt update && sudo apt upgrade -y   # For Debian/Ubuntu
sudo dnf update -y                      # For CentOS/AlmaLinux

✅ 

2. Use Strong SSH Security

  • Disable root login
  • Use SSH keys instead of passwords
  • Change the default SSH port

Example:

PermitRootLogin no
PasswordAuthentication no
Port 2222

Restart SSH:

systemctl restart ssh

✅ 

3. Enable a Firewall

Limit access to essential ports only.

For Ubuntu/Debian:

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

✅ 

4. Install Fail2Ban

Block brute-force attempts:

sudo apt install fail2ban -y    # Debian/Ubuntu
sudo dnf install fail2ban -y    # CentOS/AlmaLinux

✅ 

5. Use Real-Time Malware Protection

Install tools like ClamAV or Maldet to detect malicious files:

sudo apt install clamav -y

✅ 

6. Secure Web Applications

  • Keep CMS platforms like WordPress up to date
  • Use strong admin passwords
  • Install security plugins and WAF (Web Application Firewall)

✅ 

7. Enable Regular Backups

Backups are your best defense against ransomware. Even if your server is compromised, you can restore your data without paying a ransom.

Options:

  • Use Hosteons’ VPS backup service
  • Use remote backup tools like rclone or rsync

✅ 

8. Implement Principle of Least Privilege

Only give necessary access to users and apps. Avoid running unnecessary services.

✅ 

9. Monitor Your VPS

Set up monitoring tools like:

  • fail2ban logs
  • UFW logs
  • Host-based Intrusion Detection Systems (HIDS) like OSSEC

Hosteons VPS Security Features

All Hosteons VPS plans are built for security and performance:

  • KVM Virtualization for complete isolation
  • 10Gbps Ports for high-speed secure connections
  • Full Root Access to configure your own security stack
  • IPv6 Ready
  • Affordable Plans starting at $2.99/month

👉 Order a VPS today:

Final Thoughts

Ransomware is a growing threat, but with regular updates, strong security practices, and backups, your VPS can stay protected. Don’t wait until it’s too late—secure your VPS now.

How to Secure a VPS Right After Deployment – Checklist for 2025

Leave a Comment on How to Secure a VPS Right After Deployment – Checklist for 2025

Deploying a VPS is the first step to building your online presence, hosting applications, or running business-critical services. But if you don’t secure it immediately after deployment, your server could become an easy target for hackers and automated bots.

Here’s a step-by-step security checklist for 2025 to harden your VPS from the start.

✅ 

1. Update Your System

Outdated packages and kernels are the biggest vulnerabilities.

Run these commands right after login:

sudo apt update && sudo apt upgrade -y   # For Ubuntu/Debian
sudo dnf update -y                      # For CentOS/AlmaLinux

✅ 

2. Create a New User and Disable Root Login

Never use the root account for day-to-day operations.

adduser youruser
usermod -aG sudo youruser

Edit the SSH configuration:

sudo nano /etc/ssh/sshd_config

Change:

PermitRootLogin no

Restart SSH:

systemctl restart ssh

✅ 

3. Set Up SSH Key Authentication

Passwords can be brute-forced. Use SSH keys instead.

Generate keys on your local machine:

ssh-keygen -t rsa -b 4096

Copy your public key to the VPS:

ssh-copy-id youruser@server_ip

Disable password login in /etc/ssh/sshd_config:

PasswordAuthentication no

Restart SSH again.

✅ 

4. Change the Default SSH Port

Bots scan port 22 for vulnerabilities. Change it to a non-standard port (e.g., 2222):

sudo nano /etc/ssh/sshd_config

Set:

Port 2222

Restart SSH:

systemctl restart ssh

✅ 

5. Enable a Firewall

Use UFW for Ubuntu/Debian:

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

For CentOS/AlmaLinux (Firewalld):

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

✅ 

6. Install Fail2Ban

Protect against brute-force attacks:

sudo apt install fail2ban -y    # Debian/Ubuntu
sudo dnf install fail2ban -y    # CentOS/AlmaLinux

Enable and start Fail2Ban:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

✅ 

7. Disable Unnecessary Services

Check running services:

systemctl list-unit-files --type=service --state=enabled

Disable what you don’t need:

sudo systemctl disable service_name

✅ 

8. Enable Automatic Security Updates

On Ubuntu/Debian:

sudo apt install unattended-upgrades -y

On CentOS/AlmaLinux:

sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic.timer

✅ 

9. Install a Malware Scanner

Use ClamAV for basic malware scanning:

sudo apt install clamav -y

✅ 

10. Backup Regularly

Security is not complete without backups. Use tools like:

  • rsync
  • rclone
  • Cloud backups from your Hosteons VPS panel

Pro Tip:

Hosteons offers an Initial VPS Setup Script that secures your server instantly with best practices:

👉 GitHub Script

👉 Full Guide

Final Thoughts

Securing your VPS should never be an afterthought. With these 10 steps, you can minimize vulnerabilities and keep your server safe from evolving cyber threats in 2025.

🛡️ Ready to get started?

Order a reliable VPS now: Hosteons VPS Plans

🔐 Automatically Install Fail2Ban with Smart Jail Detection on Your VPS (Script by Hosteons)

Leave a Comment on 🔐 Automatically Install Fail2Ban with Smart Jail Detection on Your VPS (Script by Hosteons)

Here’s a complete WordPress blog post draft to promote your Fail2Ban Auto-Installer script from GitHub:

🔐 Automatically Install Fail2Ban with Smart Jail Detection on Your VPS (Script by Hosteons)

At Hosteons, we’re committed to making server security easier for everyone. Whether you’re running a small VPS or managing a fleet of Linux servers, protecting against brute-force attacks is critical.

That’s why we’ve created a Fail2Ban Auto-Installer Script that not only installs Fail2Ban but also auto-detects and enables jails for common services like SSHApache, and Nginx — all in one click.

👉 GitHub Repository:

https://github.com/hosteons/Fail2Ban-Auto-Installer-With-Jail

✅ Key Features

  • Installs Fail2Ban on UbuntuDebianAlmaLinux, and CentOS
  • Detects installed services (e.g., sshd, nginx, apache) and enables jails accordingly
  • Skips jails for services not found on the system
  • Handles log file paths intelligently based on distro
  • Verifies and restarts Fail2Ban only if configuration is valid
  • Smart checks if Fail2Ban is already installed
  • Minimal and safe — logs errors clearly

🧠 How It Works

When you run the script:

  1. It detects your Linux OS flavor.
  2. Installs Fail2Ban (if not already installed).
  3. Checks if apache, nginx, or sshd is active.
  4. Adds only the appropriate jails with correct log paths.
  5. Restarts Fail2Ban and confirms its status.
  6. Provides clear output so you know it’s working.

This ensures Fail2Ban doesn’t fail due to missing log files or services — a common issue in manual configurations.

📥 How to Use

  1. Download the script:
wget https://raw.githubusercontent.com/hosteons/Fail2Ban-Auto-Installer-With-Jail/main/fail2ban_auto_installer.sh
chmod +x fail2ban_auto_installer.sh
./fail2ban_auto_installer.sh
  2. That’s it. The script handles the rest!

🚀 Need a Secure VPS?

This script runs perfectly on our KVM VPS and Ryzen VPS plans. Visit hosteons.com to explore secure hosting powered by NVMe SSD and DDoS protection — with native support for IPv6, WireGuard VPN, and more.

🔗 Related Resources

One-Click Linux Malware & Rootkit Scanner Using ClamAV and RKHunter

Leave a Comment on One-Click Linux Malware & Rootkit Scanner Using ClamAV and RKHunter

Secure Your Linux VPS in One Click with Our Rootkit & Malware Scanner

Running a VPS or dedicated server? One of the most overlooked but critical steps is making sure your system is free of rootkits and malware.

To simplify this task, we at Hosteons have released a free and open-source script that automatically installs, updates, and runs malware and rootkit scans using two of the most trusted tools in the Linux ecosystem:

  • ClamAV – an open-source antivirus engine
  • RKHunter – a rootkit scanner that checks for backdoors, local exploits, and suspicious files

🔧 What the Script Does

  • Detects your Linux distribution (Ubuntu, Debian, CentOS, AlmaLinux)
  • Installs ClamAV and RKHunter
  • Automatically updates malware and rootkit signature databases
  • Fixes common errors like WEB_CMD=”/bin/false” in RKHunter config
  • Runs full ClamAV scan
  • Executes a complete RKHunter rootkit check
  • Compatible with minimal or fresh VPS installations

📥 Download and Run

Run the following commands to download and execute:

curl -O https://raw.githubusercontent.com/hosteons/linux-malware-scanner/main/scan.sh
chmod +x scan.sh
sudo ./scan.sh

Or get the full packaged ZIP with README and LICENSE:

👉 Download from GitHub

📋 Output and Logs

  • ClamAV scan will output infected files (if any)
  • RKHunter will show warnings and potential issues
  • All actions run with user confirmation and are fully transparent

⚠️ Note

This script is non-destructive – it only scans and reports. It does not automatically delete or quarantine any files. Always review flagged files before taking any action.

🎯 Why Use This?

  • Ideal for hosting providers and system admins
  • Perfect for VPS users looking for a quick, effective scan
  • Good first step after initial OS setup

🙌 Contribute or Report Issues

You can fork, improve, or report bugs directly on GitHub:

🔗 https://github.com/hosteons/linux-malware-scanner

Basic Security Guide for AlmaLinux 9

Leave a Comment on Basic Security Guide for AlmaLinux 9
Almalinux Security
Almalinux Security

Securing your server is a critical task for any system administrator, developer, or business owner. AlmaLinux 9, as a stable and robust RHEL-based distribution, offers great tools and features that make it an excellent choice for hosting websites, applications, or services. In this tutorial, we’ll walk you through basic security measures you can implement to keep your AlmaLinux 9 server secure.

1. Update Your System

The first and foremost step in securing your system is ensuring that it’s up-to-date with the latest security patches.

Command:

sudo dnf update -y

This command updates all installed packages to their latest versions, closing any known vulnerabilities.

2. Create a Non-Root User

Running your system as the root user is risky, as any command executed with root privileges can make sweeping changes to the system. Instead, create a non-root user and use sudo for administrative tasks.

Command:

sudo adduser yourusername
sudo passwd yourusername
sudo usermod -aG wheel yourusername

Now you can switch to this new user with:

su - yourusername

3. Configure a Firewall Using firewalld

AlmaLinux 9 comes with firewalld, a dynamic firewall management tool that provides a simple way to manage firewall rules.

Start and enable firewalld:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Check the status of the firewall:

sudo firewall-cmd --state

Allow or deny services/ports:
For example, to allow SSH (port 22):

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

4. Enable SELinux (Security-Enhanced Linux)

SELinux provides an additional layer of security by controlling access to files, processes, and ports.

Check SELinux status:

sestatus

If it’s disabled, enable it by editing /etc/selinux/config:

sudo nano /etc/selinux/config

Set SELINUX=enforcing, then reboot the server:

sudo reboot

5. Install and Configure Fail2Ban

fail2ban is a service that helps protect your server from brute-force attacks by banning IP addresses that show malicious signs.

Install fail2ban:

sudo dnf install fail2ban -y

Start and enable the service:

sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Configure fail2ban:
Create a local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the file to enable the SSH jail:

sudo nano /etc/fail2ban/jail.local

Set [sshd] parameters like:

[sshd]
enabled = true

6. Disable Root Login via SSH

To further secure SSH access, prevent direct root logins.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and set:

PermitRootLogin no

Restart the SSH service:

sudo systemctl restart sshd

7. Set Up Automatic Updates

You can automate security updates with the dnf-automatic tool.

Install dnf-automatic:

sudo dnf install dnf-automatic -y

Configure automatic updates:
Edit the configuration file /etc/dnf/automatic.conf to set:

apply_updates = yes

Enable the service:

sudo systemctl enable --now dnf-automatic.timer

8. Install and Configure an Intrusion Detection System (IDS)

For added security, consider installing an IDS like AIDE (Advanced Intrusion Detection Environment).

Install AIDE:

sudo dnf install aide -y

Initialize the AIDE database:

sudo aide --init
sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

Run a manual check with:

sudo aide --check

Conclusion

By following these basic security steps, you’re well on your way to securing your AlmaLinux 9 server. These measures provide a solid foundation for system hardening and mitigating potential threats. As always, security is an ongoing process, and regular audits and updates are crucial for long-term protection.

Feel free to share your own security tips or ask questions in the comments!