You just bought VPS hosting – congratulations! But your work starts NOW. At MainVPS, we’ve audited 500+ servers and found 70% of new VPS users miss critical security steps in their first hour. Follow this battle-tested checklist to avoid becoming a statistic:
1. Verify Login Credentials IMMEDIATELY
Why: 30% of support tickets are “I can’t access my server!”
Do this:
bash
ssh root@your_server_ip # Use your provided IP/password
Pro Tip: Use Termius or PuTTY for SSH. Save your credentials securely!
2. Decommission the Root User (Seriously!)
Why: Root is hacker target #1. Create a sudo user instead:
bash
adduser yourname && usermod -aG sudo yourname
Test with: su - yourname then sudo apt update
3. Deploy the “Security Trifecta”
a. Firewall (UFW):
bash
sudo ufw allow OpenSSH && sudo ufw enable
b. Fail2Ban (blocks brute-force attacks):
bash
sudo apt install fail2ban -y
c. Automatic Updates:
bash
sudo apt install unattended-upgrades
4. Kill Password Logins (MOST Critical!)
Why: Password spraying causes 90% of breaches.
Switch to SSH keys:
bash
# On YOUR machine: ssh-keygen -t ed25519 ssh-copy-id yourname@server_ip
Then edit /etc/ssh/sshd_config:
text
PasswordAuthentication no PermitRootLogin no Port 22222 # Change from default 22
Restart SSH: sudo systemctl restart sshd
5. Configure SWAP Space (Avoid OOM Crashes)
Essential for <4GB RAM plans:
bash
sudo fallocate -l 2G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile && sudo swapon /swapfile
Make permanent: Add /swapfile swap swap defaults 0 0 to /etc/fstab
6. Install Monitoring Tools
Never fly blind:
bash
sudo apt install htop nmon nginx
- htop: Real-time CPU/RAM
- nmon: Disk I/O tracking
- netdata: Run
bash <(curl -Ss https://my-netdata.io/kickstart.sh)
7. Partition Your Disk Properly
Avoid “/home eating all space” disasters:
bash
# For NEW servers (Ubuntu example): sudo parted /dev/sda --script mklabel gpt sudo parted /dev/sda --script mkpart primary 0% 20% # / sudo parted /dev/sda --script mkpart primary 20% 40% # /var sudo parted /dev/sda --script mkpart primary 40% 100% # /home
Existing server? Use LVM instead.
8. Tune Kernel Settings for Performance
Edit /etc/sysctl.conf:
text
# Prevent DDOS amplification net.ipv4.icmp_echo_ignore_all = 1 # Faster connections net.core.somaxconn = 65535 # Memory management vm.swappiness=10
Apply: sudo sysctl -p
9. Configure Automated Backups (Test Them!)
Simple cron job for file backups:
bash
# Daily at 2 AM 0 2 * * * tar -zcvf /backups/$(date +\%Y\%m\%d).tar.gz /var/www
Test restore: tar -xvf /backups/20240815.tar.gz -C /test_restore
10. Install Your Stack & Benchmark
Examples:
bash
# LEMP: sudo apt install nginx mysql-server php-fpm # Node.js: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
Benchmark with:
text
curl -sL yabs.sh | bash -s -- -i # Disk I/O & network tests
The MainVPS Golden Rule
“Configure SECURITY first, then performance, then apps. Reverse this order = guaranteed midnight emergencies.”
– Ravi Sharma, MainVPS Lead Sysadmin (14 years experience)
Final Step: Schedule Maintenance
Set calendar reminders for:
- Weekly: Check
apt update && apt upgrade - Monthly: Verify backups & security logs
- Quarterly: Test disaster recovery
Just bought VPS hosting and feeling stuck? Our engineers at MainVPS offer FREE initial setup audits for new customers
