SafeServerSetup
Service How it works Pricing Case studies Providers About
Security checklist Contact
Sign in Get started
Process

How it works, step by step.

No magic. Five stages, mostly done by us, fully transparent. You see what we're doing on the order page in real time.

  1. 01

    You provide VPS access

    ~5 minutes (your effort)

    Buy a fresh Ubuntu or Debian VPS from your favourite provider. On the order page, fill in the temporary root credentials your provider emailed you (host, port, username, password or SSH key). The form encrypts the values on submit; only the engineer assigned to your order can decrypt them.

    • Encrypted at rest using AES-256 via the application key
    • Wiped automatically 7 days after delivery
    • You can request earlier deletion in the order chat
  2. 02

    Initial audit

    15–20 minutes

    We log in once with the credentials you supplied and run a non-destructive audit: kernel and OS version, currently open ports, listening services, existing users, sudo configuration, and any common misconfigurations. We never run third-party scripts or paste anything you didn't see.

    • OS, kernel and patch level
    • Existing users, groups and sudoers
    • Open ports and listening services
    • Pre-existing firewall, fail2ban or other rules
  3. 03

    Hardening & setup

    30–90 minutes

    We apply the configuration from your plan: UFW with default-deny, SSH key auth, fail2ban, non-root sudo user, automatic security updates, swap, and (Standard and up) NGINX with a hardened baseline. Every change goes into a changelog so you can see exactly what was modified.

    • UFW + SSH + fail2ban + auto-updates
    • Non-root sudo user with your SSH key
    • NGINX baseline with security headers (Standard+)
    • Optional runtime + database (Pro+)
  4. 04

    Testing

    10–15 minutes

    We test from outside: confirm only the expected ports are reachable, confirm SSH key auth works for the new user, confirm root SSH is denied, confirm fail2ban is active. We verify NGINX TLS-readiness and security headers if applicable.

    • External port-scan from a clean host
    • SSH key login works; password & root login fail
    • Headers, TLS readiness and service uptime
  5. 05

    Handover

    Same day

    We mark the order delivered and post the handover document, the new credentials, and the security audit report into your order page. You'll see them on /orders, and you can ask questions in the chat any time.

    • Plain-English handover doc
    • New credentials and SSH config
    • Audit report with remediation notes
    • Chat access for follow-up questions

Have a question before you order?

Send us a note. We answer within one business day, usually faster.

Contact us See pricing