This post aims to cover the points I currently think are important if you are running your own web server.
I would place a monthly reminder in your calendar to run updates on your server. This is a task that can maybe be automated, but, I haven't found a good way yet. You should run these commands:
sudo apt-get update sudo apt-get upgrade sudo apt-get dist-upgrade
Tips For Basic Operational Security
You should not allow the public to access your parts of the web server with statistics, i.e. Webalizer. I've seen viagra sites just ping your site to get their URL appearing in your statistics, which in turn then gets Googled and ranked.
If you are going to install a tool like phpMyAdmin, which I wouldn't, then you should make sure only your IP can access the server or/and increase the security by password protecting the directory using "Basic Auth".
If you use WordPress then you should have a security addin to help harden your site. I use "ShieldSecurity" which I like and would recommend. I find it alarming to see that after 420 days of operating my site there have been 20'000+ logins blocked.
Pentest Your Site
Luckily there are tools out there that you can try for free. If you have an online shop, this is the best 50$ you could invest ever! Head on over to https://pentest-tools.com and check your site.
If you see any High-Risk warnings, you must take immediate action. In this example, I was surprised myself, as I had done the apt updates and upgrades on my Ubuntu server. Well, they have a six-month release cycle. Critical bug fixes do make it sooner but still take time. The solution to this is the Personal Package Archive (PPA). This is a repository, provided by Canonical (the company behind Ubuntu) and allows developers and enthusiasts to offer up-to-date versions of software to all Ubuntu users.
sudo add-apt-repository ppa:ondrej/apache2
sudo apt update
sudo apt upgrade
Before adding any old PPA I would suggest first investigating them a little. In this case Ondrej you'll find listed on the list of maintainers https://packages.ubuntu.com/cosmic/apache2
Web Server Logs
Seeing evidence in the logs that hackers are trying to hack doesn't mean you have been hacked. I would venture a look every now and then. For an apache server they are typically found under the /var/logs/apache2 directory..
If you're on AWS like me, you will need to Putty or SSH on to the server and navigate to where the log files are found. Maybe you have a lot of log files too, but don't worry I have a trick to help you scan them.
The following command can scan the GZ compressed files for keywords. In this example its wp-admin area.
find -name access.log.\*.gz -print0 | xargs -0 zgrep "wp-admin"
You can see someone is testing the server if they can run the setup wizard.
A surefire indication you have hackers probing or even hacked your server is seeing loads of entries with URLs ending .RU like this
General keywords I might look for in my logs include
Want to learn to dig deeper, then have a look at the following blog "Looking for hacking activity in Apache Logs"
When you add ShieldSecurity it will guide you through setup using its wizard. Two important features are automated updates, which ensures your WordPress is running using the latest patches and the login protection. I choose to add the Google ReCapture