https://www.transip.eu/knowledgebase/entry/653-directadmin-tutorial-series-securing-your/
- Change SSH port.
- Restrict access to DirectAdmin to specific IPs.
- Brute force protection in the form of Fail2Ban and a configuration adjustment in DirectAdmin.
- Anti-virus/malware protection with ClamAV.
- Optional: Restrict access on ‘Admin Level’ to specific IPs.
Change SSH port
- Check your used ports
netstat -tulpn | less
- Choose a random port number between 0 and 65535 that is not shown in the overview (for example 56316) and press ‘q‘ to stop netstat.
- Open the SSH configuration file
nano /etc/ssh/sshd_config
- Configuration file will open and search for #Port 22 and replace it with Port 5 (remove # and put your desired port number)
- Save the file and close it CTRL+x > y
- Add the chosen port to your firewall
firewall-cmd --permanent --zone=public --add-port=56316/tcp
- Your SSH port has been changed