![[W12] W12 — VPS setup: SSH key-only + fail2ban + block management ports NGAY](/web/image/blog.post/35/author_avatar/%5BW12%5D%20W12%20%E2%80%94%20VPS%20setup:%20SSH%20key-only%20%2B%20fail2ban%20%2B%20block%20management%20ports%20NGAY?unique=9de5c6a)
⚠️ HIGH |
Category: Web & IT |
ID: W12 |
Owner: CEO
W12 — VPS setup: SSH key-only + fail2ban + block management ports NGAY
Tóm tắt
VPS mới có 9,912 failed SSH auth attempts TRƯỚC khi install fail2ban. Setup mới PHẢI thực hiện ngay:Checklist VPS mới
1. SSH key-only:PasswordAuthentication no + PermitRootLogin prohibit-password
2. fail2ban: 5 fail/10min → ban 1h, DDoS 20/1min → ban 24h
3. UFW: enable + allow SSH, HTTP, HTTPS only
4. Docker ports: chặn management UIs (Portainer, etc.) bằng DOCKER-USER chain
5. WordPress: security headers + block xmlrpc.php trên tất cả sites
6. Backup: cron daily + rclone upload Google Drive
📚 Published from Company Knowledge Base — W12
Last updated: 2026-03-14
Review by: 2026-06-12