How do you properly secure a VPS against hackers and brute-force attacks?

[shivam]

I'm setting up a new VPS and want to make sure I secure it properly from day one before the automated bots start scanning it.

I've already taken care of the standard basics:

• Disabled root login and password authentication (SSH keys only)
• Changed the default SSH port
• Set up a basic UFW firewall to block everything except the essentials

Beyond these foundational steps, I'd love to hear how you handle the rest of your security setup.

I would appreciate any insights or routines to keep your servers secure. Thanks!

 

[praweenkiorala]

You already covered the important basics. I would just add Fail2Ban or CrowdSec, keep auto security updates on, close anything you don’t use, and take regular off-server backups.
Also keep an eye on SSH/auth logs. Changing SSH port is fine, but updates, firewall, SSH keys, backups, and monitoring are what really matter.