I recently set up a Linode running Debian Etch, and everything is going fine so far. But I'm concerned about security, and am looking for general advice for improving it on my site.

I recently hosted a VPS web site on another provider, who shall remain nameless (OK, it was Startlogic :->). I had a phishing site break-in, so I began using longer passwords, and SSH for all my file transfers. But the break-ins continued. Startlogic wasn't able to track down the problem, which is one of the reasons why I switched to Linode.

I installed mod-security on my Apache2 server. What else should I do to improve security? The Linode Wiki lists several security tips at http://www.linode.com/wiki/index.php/Security_Tips , but there's a caveat there saying "Not much of this will actually help you." Hmm . . .

Specifically, I'm looking for advice about phishing sites, email security, and blog security -- and on how best to optimize mod-security.

Thanks for any suggestions!

- Chris M.

* Don't use the same passwords everywhere
* Create seperate user accounts for almost everything (ref rule 1)
* Limit those user accounts, strictly.
* Use pubkey auth for all ssh logins, disallow root, (ref rule 3), allow logins only from a small range of IP (try to get a static from your ISP), only allow your user to login via ssh from your IP address.
* Limit your external servers, learn /etc/hosts.allow and /etc/hosts.deny
* Learn IPtables, or setup an easy bash interface.
* Install one of the hundred brute-force/dictionary attack blockers (fail2ban, denyhosts, etc)
* Seperate your mysql users and only give them rights enough on their own databases to do just they things they need to do.
* Use good and well tested software, bleeding edge isn't always the best choice.

Anything else to add?

Thank you for the very useful suggestions!

- Chris M.

I've only been "hacked" once, and that was by a friend of mine that had limited shell access and when the vmsplice local exploit came out. I hadn't heard the news yet, left for a few days. I had an email from him when I got back, stating he "hacked" me, updated my kernel (I was using Arch then, so he had to learn pacman), rebooted my server remotely, logged back in and tried the exploit again to make sure it didn't work.

So far so good then.