Bobcares

Server Management and Monitoring – 5 tips to do it right

by | May 21, 2018

These days you can get a server from AWS or Azure in as little as 15 minutes.

And not surprisingly, many business owners now use a VPS or Cloud instance to host their website or business apps.

The trouble is, these servers are sold as “unmanaged” instances, and the burden of Server Management & Monitoring falls on the server owner.Of course, not all server owners are experts in Linux or Windows server management, and that often leads to occassional performance, or security issues.

Here at Bobcares, we have a 24/7 Emergency Server Support service, in which we receive hundreds of support requests from server owners who either had their websites hacked, IP blocked, and so on.

Many customers ask us, “What can we do to prevent this from happening again?

Well, this article is the answer to that. Read on.

 

1. Strong foundation – Harden and optimize your server as soon as you get it

There are a hundred different ways in which a hacker can breach your server or bring it down.

Fortunately, there are a hundred different ways you can block any kind of attack.

But most servers are provisioned with zero hardening done on them, and that’s why you should lock down and optimize your server before you start running production services in them.

This will ensure that your server is protected against the most common forms of attack, and can withstand a resource usage spike.

Here at Bobcares, Initial server hardening is a part of our Server Management Services, and some of the main steps we take are:

  • Setup a firewall, and optimize it for production service traffic
  • Disable un-needed services, and ensure only the needed ports are open.
  • Setup 2 factor authentication for admin accounts and disable default settings (eg. port number, any-IP login, etc.).
  • Harden the production services (eg. HTTP) against common attacks. Eg. Implement Suhosin in PHP servers.
  • Setup anti-malware, anti-rootkit and anti-spam systems. Configure auto-update and auto-scanning.
  • Setup auto-update of critical system software like Kernel.
  • Harden the file system and network settings to prevent execution of popular malware.
  • Configure resource limits for database and other production services to prevent load spikes.
  • ..and more

Once you have a strong foundation of security and performance optimized services, you are protected from the vast majority of issues facing online businesses.

If you are not sure how to get started, we can help you. Our experts are online 24/7. Click here to get support in a few minutes.

 

2. Configure backups & store it in a remote location

Life is unpredictable and despite all our best efforts, your hard disk can crash, someone can steal your password from your laptop, etc.

So, you need a safe store of your business data, preferably somewhere different from your server location (DropBox or Google Drive is fine).

Setup a backup system that will run at least once daily, and keep your remote backups fresh. Configure the backups to store 1 week worth of daily data, and 3 months worth of monthly backup.

This will work as your safety net. Even if something bad happens you can get back online from another server within a matter of hours.

If you need assistance in setting this up, we can do that for you. Click here to talk to our server experts. We are online 24/7.

 

3. Get 24/7 professional monitoring & emergency response

Now, we all like to think that everything will work like clockwork, and it does too 99% of the time.

But when your server goes down, you should be the first one to know about it. Not your customers.

You essentially need these things:

  • Service and server uptime monitoring to find out if your services are responding fast.
  • Security events monitoring to detect if a malware upload or hack happened.
  • Vulnerabiltiy monitoring to know if a new un-patched vulnerability was recently discovered.
  • A well thought out emergency response procedure, because you won’t have time to think when nothing seems to be working.

If you are comfortable managing your server, you can get a remote server monitoring tool like Zabbix or online monitoring service like Pingdom to alert you if your services are not working.

Then if an alert comes in, you can login to your server and fix the issue.

However, that can be terribly inconvenient if you are travelling somewhere or are in the middle of a family dinner.

Instead, you can get a professional monitoring service like Bobcares 24/7 server monitoring for as low as $24.99/mo.

Through this you’ll get server experts to keep an eye on your server 24/7, verify each alert manually, and take action if something has gone wrong.

You can even add a few emergency hours in your credit and get expert emergency support in case something goes wrong (like new unpatched vulnerability, server down or service hack).

If you need to talk to an expert about your options, click here to talk to our solutions expert.

 

4. Update all software (system, security & user) as soon as they are released

The single most effective way to keep your server safe and fast is to keep your software updated at all times.

By software I mean:

  • System software like Kernel, OS libraries, etc.
  • Security tools and their databases, like firewall, virus database, etc.
  • User software like CMS, forums, etc.

Perhaps the most popular way hackers breach servers is by exploiting vulnerable software. If you update your software as soon as a patch is available, it becomes hard for automated exploit tools to upload malware into your server.

The problem we’ve seen is, many server owners either miss update notifications, or keep it pending for a few days, and later forget about them.

Some vulnerabilities like the recent “Drupalgeddon2” take only a few days (if not hours) to be exploited world-wide.

So, it is not an understatement that you need to act immediately if an update is pending.

If you need help with keeping your server updated, and get the basic security done right, we can do it for you at $69.99/month. Click here to know more.

 

5. Audit your servers periodically to detect security or performance issues

Finally, get your servers audited by security professionals once in a while.

This is because of these reasons:

  • You need to be sure that every software is updated, and every service is working as intended.
  • New methods of attack come out al the time. You need to make sure your defenses are updated against them.
  • You need to know about performance bottlenecks and fix it before it brings down the server.
  • You need to confirm that backups are working, and are not corrupted.
  • You need to review your emergency reaction procedure and make sure everything will work when you need it to.

We would recommend that you get a professional agency to do this audit once every 2 months or so (much like maintaining your car).

Here at Bobcares, we frequently detect broken backups, old user accounts, vulnerable user software, undetected malware and more during audits.

We help the server owners fix the issue, and setup the system so that these issues won’t recur.

For as low as $69.99/month, you can get 24/7 monitoring and monthly auditing done by server experts. Click here to know more.

 

Conclusion

Managing servers can seem quite complex, but if you get the fundemantals right, you won’t have anything to worry about. With a strong foundation hardening, good backups, 24/7 monitoring, timely updates and periodic audits, you can keep your servers rock solid and secure.

MAKE YOUR SERVER ROCK SOLID!

Never again lose customers to poor page speed! Let us help you.

Sign up once. Enjoy peace of mind forever!

GET 24/7 EXPERT SERVER MANAGEMENT

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF