Skip to main content
All CollectionsVPSVPS Management
How to secure your VPS from abusive activity
How to secure your VPS from abusive activity

Prevent exploitation by malicious actors and take action against abusive activity originating from your VPS

Updated over 2 weeks ago

There are a few cases in which your VPS could become a target for unauthorized use, particularly for abusive purposes, such as compromised VPS security, use of outdated or nulled applications as well as weak or exposed passwords.

When your VPS becomes a vehicle for abusive activity, it not only impacts your server's performance but also puts your IP reputation at risk, potentially leading to service suspensions in accordance with our Terms of Service. Therefore, it's strongly advised to follow security measures that can protect your VPS and act immediately if you notice any unusual behavior.

General prevention measures

The following measures are applicable to prevent vulnerabilities - make sure to follow them:

  • Maintain up-to-date operating systems, CMS, plugins, scripts, and applications

  • Avoid installing nulled or cracked operating systems, scripts, or applications

  • Set up strong passwords

  • Always use secured connections (HTTPS)

  • Configure recommended permissions for core files based on your CMS requirements

  • Regularly scan your system for malware with tools like Malwarebytes, ClamAV, or Rootkit Hunter

  • Install trusted security plugins on your websites according to your CMS

  • Implement tools like Fail2Ban to block IPs attempting multiple incorrect logins on your VPS

  • Safeguard SSH connections through port modification, deactivating root SSH access, utilizing private keys over passwords, etc.

  • Deactivate any unused ports and services for both inbound and outbound traffic

Below, you can find the most common types of abuse; expand each section for additional steps you can take:

Outgoing spam from your VPS

If there are unfamiliar outgoing messages from you, it may indicate that your VPS is being misused to send spam. To counter this, ensure that:

  • Your website forms are protected with tools like reCAPTCHA and disallowing edits to the destination address

  • PHPmailer or emailing from port 25 on your websites is disabled if you are not using contact forms

Malware or phishing

An infected website can be exploited to host and distribute malware from your VPS and host phishing websites. If your website is WordPress-based, refer to this comprehensive tutorial: WordPress Malware Removal Guide.

Illegal/copyrighted content

Malicious actors might exploit your VPS to host illegal content, including copyrighted material. To avoid this, content scanning mechanisms like ClamAV should be implemented to identify and remove any illegal content.

For copyrighted content, you can perform metadata analysis and manual reviews.

Crypto mining

An unusually high resource usage (CPU) on your VPS by a process you don't recognize can point to unwanted mining activity.

To fix it, terminate the offending process and remove the script or program from your server. Next, take the measures in the previous section to remove any vulnerabilities on your VPS.

Botnet participation/DDoS attacks

Malicious actors could hijack your VPS to become part of a larger botnet, allowing them to coordinate and control multiple compromised systems and use them to launch DDoS attacks. To prevent this:

  • Continuously monitor for unusual network behavior and spikes in traffic

  • Regularly audit your system for unauthorized processes or connections

  • Set up your firewalls to block any suspicious traffic

  • Use a DDoS protection service, such as Cloudflare

By adhering to these preventive measures, you can significantly mitigate the likelihood of abusive activity originating from your VPS.

Did this answer your question?