There are a few cases in which your VPS could become a target for unauthorized use, particularly for abusive purposes, such as compromised VPS security, use of outdated or nulled applications as well as weak or exposed passwords.
When your VPS becomes a vehicle for abusive activity, it not only impacts your server's performance but also puts your IP reputation at risk, potentially leading to service suspensions in accordance with our Terms of Service. Therefore, it's strongly advised to follow security measures that can protect your VPS and act immediately if you notice any unusual behavior.
General prevention measures
The following measures are applicable to prevent vulnerabilities - make sure to follow them:
Maintain up-to-date operating systems, CMS, plugins, scripts, and applications
Avoid installing nulled or cracked operating systems, scripts, or applications
Set up strong passwords
Always use secured connections (HTTPS)
Configure recommended permissions for core files based on your CMS requirements
Regularly scan your system for malware with tools like Malwarebytes, ClamAV, or Rootkit Hunter
Install trusted security plugins on your websites according to your CMS
Implement tools like Fail2Ban to block IPs attempting multiple incorrect logins on your VPS
Safeguard SSH connections through port modification, deactivating root SSH access, utilizing private keys over passwords, etc.
Deactivate any unused ports and services for both inbound and outbound traffic
Below, you can find the most common types of abuse; expand each section for additional steps you can take:
Outgoing spam from your VPS
Outgoing spam from your VPS
If there are unfamiliar outgoing messages from you, it may indicate that your VPS is being misused to send spam. To counter this, ensure that:
Malware or phishing
Malware or phishing
An infected website can be exploited to host and distribute malware from your VPS and host phishing websites. If your website is WordPress-based, refer to this comprehensive tutorial: WordPress Malware Removal Guide.
Illegal/copyrighted content
Illegal/copyrighted content
Malicious actors might exploit your VPS to host illegal content, including copyrighted material. To avoid this, content scanning mechanisms like ClamAV should be implemented to identify and remove any illegal content.
For copyrighted content, you can perform metadata analysis and manual reviews.
Crypto mining
Crypto mining
An unusually high resource usage (CPU) on your VPS by a process you don't recognize can point to unwanted mining activity.
To fix it, terminate the offending process and remove the script or program from your server. Next, take the measures in the previous section to remove any vulnerabilities on your VPS.
Botnet participation/DDoS attacks
Botnet participation/DDoS attacks
Malicious actors could hijack your VPS to become part of a larger botnet, allowing them to coordinate and control multiple compromised systems and use them to launch DDoS attacks. To prevent this:
Continuously monitor for unusual network behavior and spikes in traffic
Regularly audit your system for unauthorized processes or connections
Set up your firewalls to block any suspicious traffic
Use a DDoS protection service, such as Cloudflare
By adhering to these preventive measures, you can significantly mitigate the likelihood of abusive activity originating from your VPS.