Security in shared hosting vs VPS 'virtual appliances'
I have to change my hosting provider. Right now I have a shared hosting account but I'm considering trying the LAMP stack appliance from turnkeylinux.org.
I'm very comfortable with using linux, I've been using it for a long time. I have no problem ssh'ing into remote machines and do whatever I have to do (coding, reading logs, moving files, deploying, etc). The problem is that none of those tasks have involved securing the server/firewall. My experience has been as a desktop user or developer deploying apps/files in remote servers.
Ignoring the security in the application logic (read: any scripts, frameworks, websites I might have created or installed) - I'm worried about things like base configuration of deamons, firewall, ports, executable scripts being readable from the outside and whatnot.
My question is: how do you compare the (expected) out of the box security of the LAMP stack from turnkey and the (expected) security of a "regular" shared hosting provider?
I was hoping to find some guides with a list of steps to do to protect my server but the only documentation I found was simply referring to ubuntu's documentation.
Solution 1:
Well the problem with shared hosters are that you never know how secure they are. You mostly have no overview over their security mesures.
Hosting your own LAMP stack is of course more responsibility but also more control.
So there is your decission: Get into lerning how to secure a server against attacks and having the power to do what you want with your server (like installing new software) or give your site into the hands of others and hope that they are good at doing their job.
Some topics that you might look into: iptables (firewall), SSH security (maybe Key based auth), file and directory permissions, maybe chroot.
There are many tutorials on the web that might help you securing your server.