nginx - About the problem of cloud server being invaded

Question

My usual development and contact project servers are always invaded, so I would like to share my experience in preventing intrusions. My process is as follows:

1. Choose Alibaba Cloud and Tencent Cloud as the server (both have them)
2. After that, there were no protection measures at the beginning, so I just added the root password and then was prompted to log in from another place. After a while, SSH stopped entering, so I had to reinstall the system. ..
3. After configuring public and private key encryption for root, and disabling the username and password, I still can’t ssh in the next day... I suspect that someone else has changed the public key or ssh configuration...
4. After that, I disabled root login, changed the login port number, disabled user password login, and encrypted the public and private keys. This worked for a while, but then I still couldn’t access SSH....

I want to know if my ordinary server (without any content of commercial value) is so easy to be hacked?

What is the technical logic of the intruder and what can be done to prevent the intrusion. ...

I hope experienced people can give me some advice...

Answer 1

The public and private keys are being used. Is it because the packages are not updated and there are loopholes?
Update packages regularly.

Answer 2

Is there a firewall? Could it be that the firewall is not turned on after changing the port? Generally, changing the port will not be a big problem.

Answer 3

It feels like the loophole is not in the place you mentioned.
This situation has occurred with many different service providers. First of all, you may want to check whether you are using trustworthy software. For example, if you record your password in some cloud notes, then it will be useless no matter how you set it up. It only protects against bad guys. Villain.