Security – VPS Administration for the Absolute Beginner

I have a new site that I want to build, something that I as a programmer wish existed. While there is no way this site would ever reach StackOverflow levels of success, I do hope that it will have a broad appeal and become decently successful – I'm optimistic, anyway.

I'm going to start with a shared host, possibly sticking with the company which hosts my blog since I know them well enough, but I don't think shared hosting is a good long term solution.

As such, I've been checking out various VPS providers, mainly Slicehost and Linode so far, for their potential as a "next-stage" provider. The problem is that I feel I would be completely out of my element with a VPS. I only have limited experience with Linux (I've tried it a few times on my laptop, but always ran into issues that made me give up on it – usually wireless issues), and while I'm pretty sure I could get the basics setup, I worry that I'd leave things horribly insecure or that I just couldn't handle maintenance issues.

Obviously, my idea may flop entirely, but I'd rather not get caught with my pants down if I ever got to the stage where a VPS becomes a necessity.

So, are there any good tutorials / (e-)books / articles describing how to get to know your VPS, or any other issues I should be concerned with. The site would most likely be a "classic" LAMP stack, though I may decide to swap things out later on as the need (or want, really) arises.

My absolute top priority in this is security, hence this post. I have very little doubt, given the resources online – most notably Slicehost and Linodes tutorials sections, that I could hack together a workable solution, but I need to know that I'm not leaving critical vulnerabilities open by doing this.

An ounce of prevention, etc.

Thanks!

Edit:

I've also asked this question at Hacker News and Reddit over the past couple of days, so perhaps the links to those discussions might be useful:

Best Answer

If your Unix sysadmin skills are ... well, zero, then my advice is: Don't do it! Don't try to hack together a secure server configuration from a few tutorials and newbie guides.

Reasons:

You won't succeed. The net is overflowing with turorials with poor or factually wrong content. You won't know which threats are likely for your setup and which are not, and you'll make bad judgments about which security measures to implement. The end result won't be a secure server.
It's not an efficient use of your time. Spend your time on your key differentiators, that is your understanding of the market need and your programming skills.

You can find managed solutions very easily. Either:

Go to Webhostingtalk.com's forums, and read reviews of managed VPS providers, and pick a good one (ServInt, Wiredtree and others). The service provider handles basic OS patching etc, you're responsible for your own application.

OR
Set up an unmanaged VPS with a good provider (Linode) and hire one of the many "outsourced sysadmin" type of companies to secure and administrate it. Again you can do comparison shopping for the "outsourced sysadmin" provider at Webhostingtalk.

Best Answer

Related Solutions

Linux – Can a hosting provider access files inside our VPS accounts

Vps – Moving from shared cpanel hosting to non cpanel VPS – How to know

Related Topic