How to secure an Ubuntu 12.04 LTS server – Part 1 The Basics is a great resource to secure a VPS.
Mod_Security is a web application firewall. I found a couple things to add to my servers.
The same site includes a very good guide to installing it (you also may well want to whitelist Googlebot, instructions in the link). However it blocked my access to one of my sites. You end up just getting the message:
“Forbidden
You don’t have permission to access / on this server.”
There are tips on some edits to include when using WordPress on an Apache server with modsecurity.
One simple action is to include
SecRule SERVER_NAME “[your-domain.com]” phase:1,nolog,allow,ctl:ruleEngine=off
[bash]SecRule SERVER_NAME "code.curiouscatnetwork.com" phase:1,nolog,allow,ctl:ruleEngine=off[/bash]
on the bottom of modsecurity.conf which is found /etc/modsecurity (for me, on Ubunutu 12.04). Then restart Apache
[bash]sudo service apache2 restart[/bash]
and see if the problem goes away. If it does then you have a very good indication modsecurity was blocking access and can continue to narrow the scope of the problem by adding the WordPress whitelist rules in the link above.
Another note, service apache2 start, failed in a non-obvious way to me anyway. For me if I use sudo it works fine. If I don’t it gives odd errors which lead me on a 10 minute wild goose chase before remembering to try sudo.
Related: Upgrading VPS Web Server from Ubuntu 10.04 to 12.04 – Keeping Your Hosted Ubuntu Web Server Software Up to Date – Linux/Ubuntu File and Directory Permissions