Docs / Guides
Securing your Linux VPS in 10 minutes
SSH keys, firewall, fail2ban and automatic updates — the minimal hardening that prevents 99% of compromises and abuse reports.
Minute 0–3: SSH
Add your SSH key, then disable password authentication in sshd_config. Internet-wide scanners brute-force every fresh IP within hours of boot — keys make that attack surface zero. Keep root login key-only or create a sudo user, your call.
Minute 3–7: firewall and fail2ban
Enable ufw, allow only the ports you serve (22, 80, 443 for a typical web box), deny the rest. Install fail2ban with defaults — it bans IPs that hammer SSH and is the single highest-value package per minute of setup.
Minute 7–10: updates and the payoff
Enable unattended-upgrades for security patches. That's it. This boring checklist is also abuse prevention: most abuse reports against honest users come from compromised servers running open relays and proxies the owner never knew about. Ten minutes of hardening keeps your server yours.