Question

How to secure a droplet previously used for web hosting?

This is probably a stupid question but I’m being a little paranoid here.

So I previously used my droplet to host my website. I do not recall exactly what I installed to get this to happen, but it included nginx and pm2.

Anyway, I no longer wish to use my droplet for hosting, instead I want to use it to store confidential files. I am concerned that having previously opened my droplet up to being a web host has left doors open to increase the risk of my files being exposed to the internet.

Given that I previously used my droplet for hosting, is there anything y’all would advise to help lock down my droplet? Even if I hadn’t used it for hosting, is there stuff I could do?

So far the only thing I’ve done is uninstall nginx.

I know the obvious answer is to create a new droplet from scratch, but this droplet has a bunch of installations that I want to keep.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

jarland
DigitalOcean Employee
DigitalOcean Employee badge
March 8, 2019
Accepted Answer

Greetings!

Great question. There is no one-size-fits-all answer on this, but I can tell you what I would do. First, I would check to see what services are listening with this:

netstat -tulpn

Then I would review everything that comes up. You should know what each thing is and whether or not you need it. If you don’t need it, uninstall it. If it’s listening on 127.0.0.1, it doesn’t much matter (since we’re not talking about a shared system). Feel free to compare this against a new droplet to see what is normal to have running by default.

Basically if it’s listening on the public IP or 0.0.0.0 (all interfaces), that is something someone can potentially interface with externally. If it’s listening on 127.0.0.1, you need to already be inside of the server to access it. If it’s not listening, no one can interface with it externally.

If in doubt, it never hurts to just spin up a new server or wipe the OS from the Destroy tab after clicking on the droplet at cloud.digitalocean.com.

Jarland

Thanks very much for this. So, I tried the command you suggested, and the list is identical to what I get when trying the same command on a brand new droplet. I assume this means I have nothing to worry about?

However, there is an entry with 0.0.0.0 in both local and foreign address, with state listen- should I be concerned?

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.