Protecting Your Windows VPS
Protection of Windows VPS is an important thing. To keep your server protected from hacking it is recommended to do some necessary procedures.
It is useful to see who is trying to log into your VPS. It can be done by enabling auditing of failed logon attempts by going Administrative Tools, Local Security Policy. Then go to Local Policies, Audit Policy. Change Audit account logon events and Audit logon events to Success/Failure. Now you can go to Event viewer to se who is trying to get into your VPS.
Use strong passwords for every account. Strong password means that its lenght should contain of at least 12 symbols, do not contain dictionary words, usernames, and any information related with your personal information. Also include numbers and special symbols, such as ~!@#$%”>~!@#$%^&* and capital letters. Don’t use password, which you use in another servers or sites. Set your account to be locked up after several failed login attempts to stop brute force of your VPS.
Remove unneeded services such as File and Printer Sharing for Microsoft Networks. It is not a good idea to share services due to opportunity for hacker to use them for malicious activity.
Refuse to use WebDAV. It have some security holes that lets to create new users, files, etc.
Disable listening on IP addresses that are not used. if you’re using multiple IP addresses for your VPS, use HttpConfig.exe tool from Windows Server 2003 tools package to limit your webserver listening to multiple IP addresses.
Control web access via .htaccess file if you’re using Apache. .htaccess gives you ability to limit visitors by IP. For example, if you don’t need visitors from specific country, just make some configuration in .htaccess and those visitors won’t access your website anymore.