Yes. If you want to lower that memory consumption you will need to turn off quite few services, AV, Spamassassin, mail, MySQL (if you can)… and so on. Still OS and Virtualmin will always use some amount so even if you turn almost everything off count at least to 100-200MB used by the system (no traffic included).
What output do you receive when running “ps auxw” on your server?
Note that another thing is to disable Mailman, if that’s enabled. I noticed in our output above that “python3” is running, which I suspect is for Mailman.
do people usually run it? with ssh if i diable pw login and use a private key logon instead this should be enough right and i think ftp has their own timeout lock?
It all comes down to how much you need to reduce memory usage. It’s certainly an option to use key-based logins as you’re describing… that’s an excellent security measure.
Some folks also put SSH on a port other than 22 to make it harder for the bots to find it.
Depending on your needs, some folks also disable FTP, and purely use SSH/SFTP and Webmin/Virtualmin for connecting to the server.
Note that users can upload files using the File manager within Webmin/Virtualmin.
You must have fail2ban*** or your server will get hammered by bots and brute force attacks 24/7. More popular are the domains on that server more attacks you will get and this never stops just goes up. You could move some services to non-default ports but you cant do that with all ports as some services are communicating on predefined ports and cannot be changed.
You can remove psw for (s)FTP/SSH and use keys still your other ports will be open for such attacks. For example aggressive bots who dont honor robots.txt usually like to hammer your website(s). Not once i saw a IP belonging to a bot banned by fail2ban because that bot made 30-50+ connections per second. In other words this bots are capable to scan entire website in matter of few seconds and they never stop so you get this crap 24/7 and in the process of scanning they actually DDoS your server.
Last year i got one client who previously had someone else who managed their server and website. This client came to me because was not happy with the service he had until then. Long story short i jumped in and then i saw the reason for his website to be slow, unresponsive, etc. There was between 2000-3000+ bruteforce attacks per hour(!) on WP login page and more than 3000 attacks on xmlrpc.php file. I manage to bring that numbers down but it was a mess. Other ports were affected too but honestly i forgot the numbers. Obviously his domain got into several “bot list” and that was a nightmare.