You may be under the impression that your server will never be the target for malware. It may contains no data of any value to anyone. Your server may only host a few personal backups and no website. As far as you are concerned, your server has no public footprint.
What many people don’t realize is that malware uses automatic scanners that are constantly scanning the internet on ALL public IP addresses. As soon as they find an IP address that responds in ANY form, they start trying to get in. Usually by attempting thousands of guesses on username and passwords.
Once they gain entry, they use your server as a staging point to launch their campaigns. These may be junk-mail/spam floods or Denial of Service attacks. Running botnets or Malware responders or setting up Phishing sites. These could look like your internet banking site, but are designed to capture and harvest personal data, PIN info and account numbers. Bitcoin miners are the other popular applications. These will use all your resources and leave you wondering where all that CPU and RAM went to. These unscrupulous people want to use your server as an anonymous staging point to make their criminal activity untraceable, or use its resources free of charge.
You could have your IP address Blacklisted (no mail will be accepted from your server). In extreme cases, your hosting provider could have ALL their IP addresses blacklisted. They and all their other clients could even have a case against you, as this negligence in security could cause many others on the same network to lose revenue. Your server could become slow and unresponsive, potentially losing you customers.
What to do
Keep a keen eye on your server. Secure it as much as you can, even pay a security specialist a once off fee if you do not have access to the skills. Follow our “Secure your server” articles. Install a monitoring system which alerts you when something changes (i.e. Tripwire on Linux).
If you do discover an intrusion, or your service provider alerts you to abuse committed by your server, shut down all services. (assuming your provider has not already done so) Block ALL outbound connections except those that are part of an existing link (iptables – RELATED, ESTABLISHED) for example your ssh connection. Above all, do what it takes to keep your server secured. Run regular updates. Keep your code simple – it does not help coding on the bleeding edge if it will break at the first update. Allow only the minimum access needed to your server.
Happy Hosting 🙂