Suggestions for securing vps welcome

[befree22]

I have a Centos 6 vps with Nginx and Kloxo-MR installed.

I'm doing lots of research to harden my vps from hacker attacks and ddos attacks.

Right now, I have CSF Firewall installed and I'll install rkhunter. Since chkrootkit is similar to rkhunter, I want only rkhunter installed.   

Still, since I've experienced malicious hacker attacks, I'm diligently looking to find the best solutions to prevent another attack.

FYI: The malicious hacker used Wordpress vulnerabilities documented on this forum so I installed Bruteprotect Wordfence and BWS.

For hardening the vps, I've been reading about https://www.rfxn.com/projects/brute-force-detection/ and OSSEC and OpenVAS. OSSEC is a detection tool and OpenVAS is a vulnerability management tool. I'm leaning toward BFD.

I want to avoid installing redundant security tools and too many tools that may overwhelm the vps or cause incompatibility with Nginx and Kloxo-MR which did occur. 

Please share your suggestions on how you secure your vps and what you think about the above security tools.

[chrisf]

KloxoMR,  default port changed.  All passwords strong (meaning at least 10 chars, upper lowercase, atleasr one number and one symbol) CSF firewall.  Spamdyke 5.0 and recipient reject.

No other tools neccessary.  CSF is a very good firewall, and will do many things, go through the etc/csf/csf.conf and read all about settings.

ALWAYS use encrypted connections to your server.  Never use FTP.  Use sftp, or ftps.  Never get mail without tls/ssl.  Always use port 7777 (or what you have it configured to) ssl on KloxoMR panel.

[amudy17]

try to protect with this http://forum.mratwork.com/kloxo-mr-tips-and-tricks/installing-csf-alongside-kloxomr-(how-to)/

[komvis]

yeah..good tutorial by chrisf..

[befree22]

KloxoMR,  default port changed.  All passwords strong (meaning at least 10 chars, upper lowercase, atleasr one number and one symbol) CSF firewall.  Spamdyke 5.0 and recipient reject.

No other tools neccessary.  CSF is a very good firewall, and will do many things, go through the etc/csf/csf.conf and read all about settings.

ALWAYS use encrypted connections to your server.  Never use FTP.  Use sftp, or ftps.  Never get mail without tls/ssl.  Always use port 7777 (or what you have it configured to) ssl on KloxoMR panel.

Port 7777 used on Kloxo-MR panel. I do use strong passwords from http://strongpasswordgenerator.com/.
CSF Firewall installed per Chris's forum post instructions.

I will research Spamdyke 5.0 and recipient reject. I'll also research  sftp, or ftps and setup mail with tls/ssl. If you have any instructions or good Youtube videos on this, please post here.

[befree22]

1. Spamdyke 5.0. OK, I have Spamdyke enabled in Kloxo-MR > admin > Server Mail Settings. See attached settings.
I reinstalled Kloxo-MR on March 3rd. How do I know if I have Spamdyke 5.0 installed?

2. Reject recipient. I'm reading http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS and it supports recipient reject. Is there a way to activate reject recipient in Kloxo-MR admin > Spamdyke or do I need to make changes to qmail files referenced in the above link?

3. Are there instructions to setup mail with tls/ssl for Kloxo-MR?

FYI: I watched a video about sftp or ftps and will apply this secure connection soon.