VPS security, Nginx configuration, UFW, users, and SSH login

Prerequisites

You will need nginx, docker, and ufw to get started. Check to see if they are installed:

docker --version && nginx -v && sudo ufw status

If they are not yet installed, run the following commands:

sudo apt update && sudo apt install nginx docker.io ufw -y

Initial user configuration

Never work as the root user. Create a new user and grant them administrator privileges.

• Adding a user:

  adduser user  # Replace ‘user’ with your name

  The output will look like this: Adding user ‘user’ ... Enter new UNIX password: (enter your password; characters will not be displayed).

• Granting privileges and checking:

  usermod -aG sudo user
  groups user

  Expected output user : user sudo.

Configuring SSH key authentication

This is the most reliable way to protect against brute force attacks.

1. If you already have an SSH key on your computer, simply send it to the server:

   ssh-copy-id user@server_ip

2. If you don't have a key, create one:

   ssh-keygen -t ed25519 -C "user@vps"
   # Then send it using the ssh-copy-id command above    

   When copying in this way, you may be required to enter the server password. For security reasons, the password will not be displayed when you enter it!

Disabling password login and root access

Now disable all login methods except for SSH keys.

1. Open the config file sudo nano /etc/ssh/sshd_config

2. Find and change (or add) the following lines:

   • PermitRootLogin no - prohibits direct login to the system as root via SSH;
   • PasswordAuthentication no - Disables the ability to log in to the server using a regular password;
   • ChallengeResponseAuthentication no - Disables challenge-response authentication;
   • UsePAM no - Disables the use of the PAM (Pluggable Authentication Modules) module for SSH.

3. Restart the service sudo systemctl restart ssh

Now, when you try to log in as root, you will see root@ip: Permission denied (publickey).

Configuring the Firewall (UFW)

The firewall blocks all ports except those that we allow.

For greater security, change the port for SSH to another one, and also add it to the UFW config!

Configuring UFW:

sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw status

The output of the status command should be as follows:

Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere

React2Shell vulnerability in Next.js

React2Shell is a critical vulnerability that allows hackers to execute their code on your server via React forms.

How to check for a breach?

Check the list of processes and files. Suspicious signs:

• Files in the system: ssh.sh, sex.sh, kai.tar.gz, httd.
• The xmrig process (miner, loads the CPU to 100%).
  • You can check this with the top or htop command.

Ways to protect yourself

1. Update Next.js - urgently update to secure versions: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7.

2. Node.js 24 - use the new Node permissions model to restrict file access.

3. Secure Docker:

   • Run containers with the --read-only flag.
   • Remove root execution from Dockerfile, use USER node.
   • Configure container access to internal resources only (Whitelist).

4. If you have been hacked - Remove infected subdirectories/containers, clear caches, and be sure to change all secret keys and passwords.

The article will be supplemented