Tag: vps security

🔐 Easily Change Your Windows RDP Port with a One-Click Script

Leave a Comment on 🔐 Easily Change Your Windows RDP Port with a One-Click Script

One-Click Windows RDP Port Changer Script 🖥️

Managing a Windows VPS often requires securing RDP (Remote Desktop Protocol) access. One of the most effective and simplest ways to harden your Windows Server is to change the default RDP port (3389). But doing it manually via the registry and firewall can be tedious and risky.

That’s why we at Hosteons created an open-source, one-click PowerShell script that simplifies the process.

👉 GitHub RepoWindows RDP Port Changer Script

✅ Features

  • Changes RDP Port via Windows Registry
  • Updates Windows Firewall to allow the new port
  • Enables RDP if it’s currently disabled
  • Fully open-source and free under the MIT License
  • Supports Windows Server 2012/2016/2019/2022

📦 How to Use

  1. Login to your Windows VPS as Administrator.
  2. Open PowerShell.
  3. Run the script directly:
iwr -useb https://raw.githubusercontent.com/hosteons/Windows-RDP-Port-Changer-Script/main/rdp_port_changer.ps1 | iex
  1. Enter your desired RDP port when prompted.

⚠️ Important: Make sure your port is not blocked by external firewalls (such as cloud provider rules). Also, ensure you have console/VNC access in case the new port is misconfigured.

🤖 Automation Friendly

This script can be integrated into automation flows for server provisioning or batch management. Perfect for sysadmins managing multiple Windows VPS instances.

🔐 Why Change Your RDP Port?

  • Reduces brute-force attacks from bots scanning port 3389
  • Hides your RDP service from default port scanners
  • Adds an extra layer of obscurity in your defense

👨‍💻 Contribute or Report Issues

This is an open-source script. Feel free to fork, improve, or report issues on GitHub:

👉 https://github.com/hosteons/Windows-RDP-Port-Changer-Script

📣 About Hosteons

Hosteons is a VPS and dedicated server provider offering services in multiple global locations. We’re committed to open-source and providing useful automation tools for system administrators and developers.

🔐 Secure Your VPS Like a Pro: 6 Simple Firewall Rules That Block 90% of Attacks

Leave a Comment on 🔐 Secure Your VPS Like a Pro: 6 Simple Firewall Rules That Block 90% of Attacks

Running a VPS gives you full control — but it also comes with responsibility. Whether you’re hosting with a budget VPS or a high-performance Ryzen VDS from Hosteons, security should always be a top priority.

Automated bots and malicious actors are constantly scanning servers looking for open doors. The good news? With just a few simple firewall rules, you can block 90% or more of common attacks — no advanced security knowledge needed.

🚧 Step 1: Deny All by Default

Your firewall should start from a “zero trust” position. Block all incoming traffic unless explicitly allowed.

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

This is the safest starting point for VPS security.

✅ Step 2: Open Only the Ports You Need

For most users, these are the essential services:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT   # SSH
iptables -A INPUT -p tcp --dport 80 -j ACCEPT   # HTTP
iptables -A INPUT -p tcp --dport 443 -j ACCEPT  # HTTPS

If you’re using a custom SSH port, be sure to update that here.

🛡️ Step 3: Rate-Limit SSH to Stop Brute-Force Attacks

SSH is the most frequently targeted service. Add a rate-limiting rule to block repeated login attempts:

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP

This prevents bots from guessing passwords through brute force.

🧼 Step 4: Drop Invalid or Malicious Packets

Invalid packets are often used in scanning or attack attempts. Drop them:

iptables -A INPUT -m state --state INVALID -j DROP

This helps prevent certain types of kernel-level exploits and misbehavior.

🔁 Step 5: Allow Loopback and Established Connections

Let your server communicate with itself and continue existing sessions:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Without these, things like internal services and return traffic might break.

👀 Step 6: (Optional) Block Ping (ICMP)

Ping isn’t harmful by itself, but attackers use it to detect live servers. You can hide yours:

iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

Note: avoid this if you use ping-based monitoring tools.

💡 Bonus: Use CSF for Easier Firewall Management

Not comfortable with command-line tools? Hosteons VPS plans fully support CSF (ConfigServer Security & Firewall)— a beginner-friendly, feature-rich firewall system with:

  • Easy interface via DirectAdmin
  • Built-in brute-force detection
  • Country-level blocking
  • Port scan detection
  • Daily logs and alerts

Perfect for users who want simplicity without sacrificing power.

🔄 Don’t Forget to Save Your Rules

After setting your rules, make sure they persist after a reboot.

On Ubuntu/Debian:

iptables-save > /etc/iptables/rules.v4

On CentOS/RHEL:

Use iptables-save along with persistent packages, or configure firewalld.

🔐 VPS Security Starts with You

Whether you’re running a personal blog, game server, or production site on a VPS from Hosteons, implementing basic firewall rules should be your first line of defense.

These 6 rules are easy to set up and highly effective. For extra protection, consider:

  • Enabling fail2ban
  • Using SSH keys instead of passwords
  • Running regular security updates

At Hosteons, we offer high-performance, SSD-powered KVM VPS and Ryzen VDS backed by robust network security and full root access — so you’re always in control.

🔒 Ready to launch your secure VPS?

👉 Explore our VPS plans now

🛡️ Fail2Ban, CSF, or Cloudflare WAF — Which One Should You Rely On?

Leave a Comment on 🛡️ Fail2Ban, CSF, or Cloudflare WAF — Which One Should You Rely On?

A Practical Guide to Choosing the Right Security Layer for Your Server or VPS

Whether you’re managing a VPS, running a web hosting business, or just hosting your own website, server security is non-negotiable. With rising brute-force attacks, bots, and exploits, tools like Fail2BanCSF (ConfigServer Security & Firewall), and Cloudflare WAF are becoming essential — but which one should you rely on?

At HostEONS, we deal with hundreds of VPS and server deployments daily, so here’s our practical take on when, why, and how to choose between Fail2Ban, CSF, and Cloudflare WAF.

🔐 Overview of Each Tool

🔄 

Fail2Ban

 — Lightweight Intrusion Prevention

Fail2Ban scans log files (SSH, Exim, Apache, etc.) and bans IPs that show malicious signs — like too many failed logins.

Best For:

  • SSH protection
  • SMTP brute-force protection
  • Login abuse monitoring
  • Simple automated banning

Strengths:

✅ Lightweight

✅ Easy to configure

✅ Works well on low-resource VPS

Limitations:

🚫 No web-level protection (can’t stop Layer 7 attacks)

🚫 Only reacts after suspicious activity is detected

🔥 

CSF (ConfigServer Security & Firewall)

 — Full Linux Server Firewall Suite

CSF is a complete security suite for Linux servers. It’s an advanced iptables frontend and includes features like login tracking, port scanning detection, and real-time alerts.

Best For:

  • VPS or dedicated servers (especially with cPanel/DirectAdmin)
  • In-depth server firewall management
  • Advanced port, connection, and user-level restrictions

Strengths:

✅ Deep integration with server control panels

✅ Country-level IP blocking

✅ Brute-force login protection (LFD)

Limitations:

🚫 Steeper learning curve

🚫 Can be overkill for small websites or single-app environments

☁️ 

Cloudflare WAF

 — Cloud-Based Web Application Firewall

Cloudflare WAF operates at the DNS and CDN level, filtering HTTP/S traffic before it even reaches your server.

Best For:

  • Websites with public traffic (WordPress, eCommerce, etc.)
  • Preventing Layer 7 attacks, XSS, SQLi, bots
  • Blocking traffic from abusive geolocations or agents

Strengths:

✅ Stops threats before they hit your server

✅ Rate limiting & bot protection

✅ Managed rulesets + custom WAF rules

✅ Easy IP whitelisting/blacklisting

Limitations:

🚫 Doesn’t protect non-HTTP services (e.g., SSH, SMTP)

🚫 Limited without a paid plan (WAF only on Pro and higher)

💡 So… Which One Should You Rely On?

Use CaseRecommended Tool(s)
Websites (e.g., WordPress, Magento)✅ Cloudflare WAF + CSF
SSH & SMTP protection on VPS✅ Fail2Ban or CSF
Multi-tenant hosting (cPanel, DA)✅ CSF (with LFD & alerts)
Low-resource VPS or LXC container✅ Fail2Ban (lightweight & simple)
Enterprise DDoS and bot protection✅ Cloudflare WAF + Fail2Ban combo

🧠 Best Practice: Use Them Together!

You don’t always need to pick just one. In fact, combining these tools gives multi-layered protection:

🔹 Fail2Ban = Stop brute-force at service level

🔹 CSF = Manage your full server firewall & alerts

🔹 Cloudflare WAF = Block web-based attacks before they hit your server

💬 At HostEONS, many of our customers run all three — and we actively help configure them via ticket support.

🛠️ What We Recommend at HostEONS

  • For most Linux VPS and web hosting environments, we recommend:
    • ✅ Fail2Ban + CSF for local security
    • ✅ Cloudflare WAF for external filtering and global protection
  • We also offer Cloudflare integration and managed firewall assistance upon request.

Looking for help securing your VPS?

📩 Open a Support Ticket

🔗 Related Services at HostEONS

  • 💻 KVM VPS Hosting
  • 🛡️ DDoS protection via Cloudflare
  • 📦 DirectAdmin shared hosting with CSF pre-installed
  • 💬 One-click install scripts for Fail2Ban and firewall rules

🛡️ KernelCare vs Manual Kernel Updates: What’s Best for Your VPS Security?

Leave a Comment on 🛡️ KernelCare vs Manual Kernel Updates: What’s Best for Your VPS Security?

When it comes to securing your VPS, keeping the Linux kernel up to date is one of the most critical but often overlooked tasks.

At HostEONS, we’re frequently asked:

Should I use something like KernelCare or stick with manual kernel updates?

Here’s a clear breakdown to help you decide what works best — especially if you’re managing your own VPS.

🔧 What Is KernelCare?

KernelCare is a live patching service for Linux systems. It applies security updates to the kernel without requiring a reboot, making it perfect for environments where uptime is essential.

Benefits include:

  • 🔄 Automatic patching of kernel vulnerabilities
  • ⏱️ No downtime or reboot required
  • ☁️ Ideal for high-availability or production systems

🔁 What Are Manual Kernel Updates?

Manual updates are the traditional way of updating your Linux kernel:

  1. Check for kernel updates (yum, apt, etc.)
  2. Install updates
  3. Reboot to apply the new kernel

While it’s free and gives you full control, there are trade-offs.

Pros:

  • 💰 No additional cost
  • 🧰 Ideal for non-critical or dev environments
  • 🔍 Full visibility over what’s being installed

Cons:

  • ⚠️ Requires scheduled reboots
  • 🕒 Vulnerable during the patch gap
  • 🔁 Easy to forget if not automated

⚔️ KernelCare vs Manual Updates – A Quick Comparison

FeatureKernelCareManual Updates
Reboot Required❌ No✅ Yes
Setup Effort✅ Minimal⚠️ Moderate
Ideal Use Case24/7 live systemsDevelopment or staging VPS
Cost💲 Paid service✅ Free
Downtime Risk❌ Zero⚠️ Possible downtime

🏆 What Does HostEONS Use?

While we don’t offer KernelCare as an addon for VPS customers, we do use KernelCare internally on our shared hosting infrastructure.

Why? Because it lets us:

  • Maintain 100% uptime on shared servers during security updates
  • Keep customers safe without surprise reboots
  • Respond faster to critical kernel vulnerabilities

🔐 What Should VPS Users Do?

Since HostEONS VPS plans are unmanaged, kernel security is your responsibility. We recommend:

  • Use Manual Updates if you’re comfortable managing reboots and scheduling updates
  • Set Reminders or use tools like unattended-upgrades (for Debian/Ubuntu) or yum-cron (for CentOS)
  • Always reboot after a kernel update to stay protected

🧠 Bonus Tip

If you’re running mission-critical apps on your VPS and want live patching, you can install KernelCare yourself. It supports most mainstream distros and is easy to manage — just make sure to review the licensing and fees on their official site.

💬 Final Thoughts

There’s no one-size-fits-all answer, but the key is not to skip kernel updates. Whether you patch manually or use a service like KernelCare, staying updated protects you from vulnerabilities that attackers love to exploit.

🖥️ VPS Hosting by HostEONS:

  • Budget VPS: https://hosteons.com/kvm_vps.php
  • Ryzen VPS: https://hosteons.com/ryzen_premium_vps.php
  • VDS (7950X): https://my.hosteons.com/store/ryzen-7950x-based-hybrid-dedicated-server

Why You Should Use a Private VPN on Your Own VPS While Traveling

Leave a Comment on Why You Should Use a Private VPN on Your Own VPS While Traveling

When you’re traveling — whether for work, study, or leisure — using public Wi-Fi networks is often unavoidable. Airports, hotels, cafes, and coworking spaces all offer connectivity, but often at the cost of privacy and security.

While many people turn to commercial VPNs to protect their connection, the best and most secure option is to run your own private VPN on a VPS.

In this post, we’ll explain why that matters and how you can get started using a VPS from Hosteons.

🔐 Why Privacy Matters More When You Travel

When you use public networks, your data is at risk from:

  • 🕵️‍♂️ Network sniffing and man-in-the-middle attacks
  • ❗ Fake Wi-Fi hotspots
  • 👁️ ISP or network logging and censorship
  • 🚫 Location-based content restrictions

VPNs solve this by encrypting your traffic and routing it through a trusted server — but who controls that server matters a lot.

🤔 The Problem with Public/Commercial VPNs

While commercial VPNs are better than nothing, they come with some caveats:

  • ❌ Shared IPs — may be flagged, banned, or blacklisted
  • ❌ Limited trust — you’re trusting a third-party company with your traffic
  • ❌ Logs and data retention — not all “no-log” policies are actually enforced
  • ❌ Performance throttling — many commercial VPNs limit speeds or locations
  • ❌ Overcrowded servers — inconsistent speeds and high latency

In short, you’re still handing over your traffic to someone else.

✅ Why a Private VPN on Your VPS is Better

Setting up a VPN on your own VPS solves most of these issues — and gives you full control.

✨ Benefits of Running a VPN on Your Own VPS:

  1. Full Control
    • You own and configure the server — no third-party snooping.
  2. Dedicated IP Address
    • No one else shares your IP, reducing chances of blacklisting or captchas.
  3. Custom Configuration
    • Choose your encryption, protocol (WireGuard, OpenVPN, etc.), DNS, and firewall rules.
  4. Faster Speeds
    • Avoid the bandwidth bottlenecks common with commercial VPNs.
  5. Consistent Access While Abroad
    • Appear to be at “home” and access region-specific services like banking or Netflix.
  6. Bypass Local Censorship or Firewalls
    • Secure access even in restrictive countries.
  7. Affordable
    • VPS plans from Hosteons start at just $1.75/month — often cheaper than VPN subscriptions.

🌐 Recommended VPN Protocols

You can install and run any of the following on your Hosteons VPS:

  • WireGuard – Lightweight, fast, and secure. Great for mobile.
  • OpenVPN – Highly configurable and widely supported.
  • Shadowsocks / V2Ray – Ideal for bypassing censorship in restricted regions.
  • IPSec / L2TP – Good compatibility with built-in OS VPN support.

Need help? Check out our tutorials for in our knowledge based articles for various types of VPN and Proxy on Hosteons.

🧭 VPS Locations for Best Travel VPN Experience

Choose your VPS location based on:

  • Your home country (to access region-locked services)
  • neutral/nearby country for lower latency
  • High-bandwidth regions (like Germany, or Los Angeles)

Hosteons offers VPS in multiple locations globally, with inbound unmetered bandwidth and IPv6 support.

🔐 Bonus Tip: Add Your Own DNS & Firewall Rules

Once you’ve set up your private VPN:

  • Use custom DNS servers like NextDNS or AdGuard
  • Set firewall rules to block tracking domains or limit open ports
  • Enable kill switches on mobile and desktop to avoid leaks

🧰 What You’ll Need to Get Started

  • Hosteons VPS (1 CPU, 512MB+ RAM is enough for VPN)
  • A domain (optional, for easier connection)
  • Basic Linux knowledge or follow one of our setup scripts
  • Your laptop or mobile devices

🚀 Ready to Travel Securely?

Don’t rely on sketchy free VPNs or overcrowded commercial services. Take control of your online privacy and performance with a self-hosted VPN on your own VPS.

🔗 Explore Hosteons VPS plans starting at just $1.75/month:

👉 https://hosteons.com

Need help setting it up? We’re always here → https://my.hosteons.com

Basic Tutorial to Secure an Ubuntu VPS

Leave a Comment on Basic Tutorial to Secure an Ubuntu VPS
Secure Ubuntu VPS
Secure Ubuntu VPS

Securing your Ubuntu VPS is essential for protecting data, ensuring stability, and preventing unauthorized access. Here’s a straightforward guide on some basic yet effective steps to secure an Ubuntu VPS.

1. Update Your System

Start by updating your system to ensure all software is up-to-date with the latest security patches.

sudo apt update && sudo apt upgrade -y

2. Create a New User and Disable Root Login

For security, avoid using the root account directly and create a new user with sudo privileges.

  1. Create a new user: sudo adduser yourusername
  2. Add the user to the sudo group: sudo usermod -aG sudo yourusername
  3. Switch to the new user: su - yourusername
  4. Disable root login by editing the SSH configuration file: sudo nano /etc/ssh/sshd_config Find the line:
   PermitRootLogin yes

Change it to:

   PermitRootLogin no
  1. Restart SSH to apply changes:
    sudo systemctl restart ssh

3. Enable Firewall (UFW)

Ubuntu’s Uncomplicated Firewall (UFW) provides a straightforward way to manage firewall settings.

  1. Allow SSH access: sudo ufw allow OpenSSH
  2. Enable the firewall: sudo ufw enable
  3. Check the status:
    sudo ufw status

Optionally, if you’re hosting a web server, allow HTTP and HTTPS traffic:

sudo ufw allow http
sudo ufw allow https

4. Change the Default SSH Port

Changing the SSH port can add an additional layer of security against automated attacks.

  1. Open the SSH configuration file: sudo nano /etc/ssh/sshd_config
  2. Find the line: #Port 22 Uncomment and change 22 to your desired port, e.g., 2222: Port 2222
  3. Restart SSH to apply changes: sudo systemctl restart ssh
  4. Don’t forget to allow the new SSH port through the firewall:
    bash sudo ufw allow 2222/tcp

5. Disable Password Authentication and Enable SSH Key Authentication

Using SSH keys instead of passwords enhances security.

  1. Generate an SSH key pair on your local machine: ssh-keygen -t rsa -b 4096
  2. Copy your public key to your VPS: ssh-copy-id -p 2222 yourusername@your_server_ip
  3. Disable password authentication for SSH: sudo nano /etc/ssh/sshd_config Find the line: PasswordAuthentication yes Change it to: PasswordAuthentication no
  4. Restart SSH:
    sudo systemctl restart ssh

6. Install Fail2ban

Fail2ban monitors login attempts and blocks IPs with repeated failures, protecting against brute-force attacks.

  1. Install Fail2ban: sudo apt install fail2ban -y
  2. Start and enable Fail2ban: sudo systemctl start fail2ban sudo systemctl enable fail2ban
  3. Configure Fail2ban by creating a local jail file: sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  4. Modify settings as needed: sudo nano /etc/fail2ban/jail.local You can adjust the ban time, retry limits, and monitored services.
  5. Restart Fail2ban:
    sudo systemctl restart fail2ban

7. Install and Configure Automatic Updates

Automatic updates reduce the risk of security vulnerabilities by ensuring software remains current.

  1. Install the unattended-upgrades package: sudo apt install unattended-upgrades -y
  2. Enable automatic updates:
    sudo dpkg-reconfigure --priority=low unattended-upgrades

8. Regular Backups

Always keep regular backups to quickly recover in case of an attack or data loss. Many hosting providers, like Hosteons, offer backup solutions, making it easy to automate and restore from snapshots or backups.

Summary

By following these steps, you enhance the security of your Ubuntu VPS against common threats. Regular updates, secure login configurations, a robust firewall, and monitoring tools like Fail2ban all contribute to a safer and more reliable server environment. With these basics covered, your VPS will be better protected against potential attacks.