Please, anyone interested in security:
I have a server in Ubuntu 16.04 using Node.JS and proxy as the latest version of eNginx, and a website as a forum where people can sigh and write things, I have planned protection against:
- SQL injections;
- XSS attacks;
- the iframe is closed;
- Ddos protection is enabled by nginx;
- 2-factor authentication for ssh;
- If you logged in, I received an email alert;
- the server is shutting down if the login is not planned;
- all ports are closed but 22,80,443;
- sqlis only local;
- root entry is disabled;
- I do receive files (there are no backdoors, right?);
- fail2banfor brootforce;
- The ssh key could be used, but I see no sense due to the 2-factor authentication;
Have I missed something?
I want to protect both websites from account theft, but the most important thing is that my server is hacked.
Certain question: Is there still any way a hacker can access my ssh server?
Then tell me what else I could do to make my server and website more secure!