Home » Web Hosting » Security

Beginner's Guide to Securing Your Server Part 1 of 3 (Security Inside WHM/CPanel)

Many web server owners don't realize that most of the problems they encounter are due to lack of good server security.  What they also don't realize is how little effort is required to block 90% of the most common and automated attacks. 

This 3 part guide will show you the basic steps you should take to properly secure your server, and in the same stride reduce the amount of issues that your server faces.

In the first part of this three part series, we look at the simpliest but crtical measure that should be taken ASAP.  Fortuantly they're all done via WHM which makes our first task very easy.

These are items inside of WHM/Cpanel that should be changed to secure your server.

  • Goto Server Setup =>> Tweak Settings

    Check the following items...

    Under Domains

    Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

    Under Mail

    Attempt to prevent pop3 connection floods

    Default catch-all/default address behavior for new accounts - :fail:

    Under System

    Use jailshell as the default shell for all new accounts and modified accounts

  • Goto Server Setup =>> Tweak Security

    Enable php open_basedir Protection

    Enable mod_userdir Protection

    Disabled Compilers for unprivileged users.

  • Goto Server Setup =>> Manage Wheel Group Users

    Remove all users except for root and your main account from the wheel group.

 

 

  • Goto Server Setup =>> Shell Fork Bomb Protection

    Enable Shell Fork Bomb/Memory Protection

    When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.

 

  • Goto Service Configuration =>> FTP Configuration

    Disable Anonymous FTP

  • Goto Account Functions =>> Manage Shell Access

    Disable Shell Access for all users (except yourself)

  • Goto Mysql =>> MySQL Root Password

    Change root password for MySQL

  • Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans:

    /sbin/depmod
    /sbin/insmod
    /sbin/insmod.static
    /sbin/modinfo
    /sbin/modprobe
    /sbin/rmmod

MADLaker – Sun, 2005 – 08 – 14 02:09
Security
add new commentprinter friendly version – 903 reads