Changing the SSH port
In order to prevent your SSH connection from being found by crackbots, you should change the default port 22. Go to /etc/ssh and open the sshd_config file. Ports are listed in line 5. Now substitute the default by a random value somewhere between 10000 and 65000. Save and reload Apache using
Note: From now on you have to access your server via SSH using
ssh -p XXXXX user@IP.
Append the following lines to your apache2.conf file:
Options None +FollowSymLinks <Directory /> Order Deny,Allow Deny from all AllowOverride None </Directory> <Directory /var/www/> Order Deny,Allow Allow from all AllowOverride all </Directory>
Code explanation: Line 1 turns off all apache options (this prevents directory listing and develops server performance) except FollowSymLinks, which is necessary if you want to use mod_rewrite correctly. The following lines grant access only to your www-folder.
Setting up phpmyadmin
To protect your databases from unwelcome visitors it is advisable to take these two steps:
- Verify that your MySQL users are allowed to access your server only from
localhost. Thus your databases can only be used by applications installed on your own server. When creating a new user you will find the field “Host” to adjust it.
- Create an own vhost for your phpmyadmin installation. You can use a subdomain for this purpose. Besides choose a name as unique as possible.
Problem with subdomains
When setting up my first subdomain for phpmyadmin, I found that my server duplicated the parent domain content instead of displaying the subdomain. I could finally resolve this problem by adding these two lines to my
NameVirtualHost *:80 NameVirtualHost *:443