How to secure cPanel server

As we all know security is a main problem in hosting. Especially with the server that is having more number of accounts. You can ensure the security of cPanel server in various ways. For that please go through the steps we have mentioned below,

Step 1.

The main thing is check whether all the services on the server is up to date. If not, you need to upgrade/update services on the server. For that SSH into your server and type the following command,

yum update

Step 2.

Update cPanel to the latest version You need to ensure that the cPanel version that you using is up to date. For that you can use the following script from the command line.

/scripts/upcp --force

Also you can enable daily updates using WHM. For that,

WHM > Server Configuration > Update Preferences

Step 3.

Securing SSH: 

For this you need to enable public key authentication for SSH and disable password authentication. Changing SSH port to a different port is also good.

Step 4.

Securing Apache web server:

For securing the web server you need to enable mod_security. This can be installed in Addon Modules in the cPanel section of WHM. Also you should enable PHP’s open_basedir protection. This protection will prevent users from open files outside of their home directory with PHP. This can be enabled in Tweak Security within WHM. You can also include safe_mode for PHP 5.x and below. Safe_mode ensures that the owner of a PHP script matches the owner of any files to be operated on. You can enable safe_mode by changing the safe_mode = line in php.ini to safe_mode = On.

Step 5.

Enable Firewall for DDoS Protection:

The firewall is the other important program that prevents server from attacks. Simply installing a firewall will not secure your server, the main part is that you need to configure the firewall according to the usage and configurations of your server. It may differ for various server’s For cPanel server’s the best firewall is CSF. So you need to install and configure it. Note: For more secure configurations please feel free to contact us, we are having various programs for configuring firewall on different type of server’s according to the server configuration.

Step 6.

Securing  /tmp partition:

Run the following command, it will mount your /tmp partition to a temporary file for extra security.

/scripts/securetmp

Step 7.

Securing FTP access:

To prevent anonymous users from uploading files to your server, go to,

WHM > Service Configuration > FTP Server Configuration  and set “Allow Anonymous Logins” to “No”

Step 8.

Use secure passwords:

Insecure passwords are the most common security vulnerability for most servers. If an account password is insecure and is compromised, client sites can be defaced, infected, or used to spread viruses. Having secure passwords is paramount to having a secure server. You can force your users to use more complex passwords by going to,

WHM > Security Center > Password Strength Configuration

Step 9.

Enable cPHulk protection:

cPHulk protects your web servers from Brute Force Attacks by blocking suspect IP addresses for a predetermined period. You can enable protection from,

WHM > Security Center > CPHulk Brute Force Protection

Step 10.

Install malware scan and configure daily scan:

Please see the link below for installing maldet malware scan on your server,

Install maldet malware scan on cPanel server

Configure maldet to scan daily and get reports to mail