When a fresh VPS machine has been created and is available to you, Chromeis recommends following fundamental configurations before it is taken live in production.
- Give the new baby a name—some configurations and logs refer to the server name, so it is best to give it a name.
- Set the time zone right - you may find it confusing sometimes to read the logs, otherwise.
- You might already know who will access it as root/administrator or directly via the control panel. This means you're safe to block SSH access from many countries. This will safeguard your server and narrow down the exposure to threats.
No harm in blacklisting/blocking all countries except the ones you reside in. Take precaution while performing this action as you may be locked out if you block the country you're performing these tasks from.
If you have a static IP, you can whitelist your IP and block all other channels. - Generate an API token to access via API alone and block direct SSH access. This will further tighten security and prevent the usual access method by limiting it to your private access key.
- While you may feel you have completely secured root access, applying 2FA to ensure multi-factor authentication before someone penetrates your server is a good idea.
- Tighten up email security:
in Mailserver Configuration option in cPanel - please do not use this if your server is underpowered.
Apply SMTP Restriction and keep it enabled.