More secure default settings - apache, php, ftp [Various Cases]

**forlinuxsupport** · 02-15-2010, 04:36 AM

Can we have the default settings for Apache, PHP and FTP set more securely.

Apache
TraceEnable = OFF
ServerSignature = OFF
ServerTokens = ProductOnly
Directory '/' Options = disable INDEXES

PHP
expose_php = OFF

FTP
Allow Anonymous Logins = OFF
Allow Anonymous Uploads = OFF
Allow Logins with Root Password = OFF

**forlinuxsupport** · 10-05-2011, 03:23 AM

Please make Pure-FTP more secure when cPanel is first installed :

Code:

Allow Anonymous Logins          NO
Allow Anonymous Uploads         NO
Allow Logins with Root Password NO

These values make it more secure.

**Kent Brockman** · 11-14-2011, 08:03 AM

I recently buy a VPS with cPanel and this options enabled by default looked like a nonsense.
So yes, +1 for this

**asturmas** · 11-15-2011, 09:44 PM

Agree with this change!

**cPanelDavidG** · 02-22-2012, 09:03 AM

Originally Posted by forlinuxsupport

Can we have the default settings for Apache, PHP and FTP set more securely.

Apache
TraceEnable = OFF
ServerSignature = OFF
ServerTokens = ProductOnly
Directory '/' Options = disable INDEXES

PHP
expose_php = OFF

For those interested, the above are being handled as part of Case 56044

Originally Posted by forlinuxsupport

FTP
Allow Anonymous Logins = OFF
Allow Anonymous Uploads = OFF
Allow Logins with Root Password = OFF

EDIT: These are being handled via Case 58962

**cPanelDavidG** · 03-29-2012, 07:57 AM

I am going to merge this with the OP's other thread on this topic as to reduce confusion when people search for this feature request.

**cPanelDavidG** · 03-29-2012, 08:00 AM

Just as a FYI: While we plan to change the FTP defaults, we will also be reworking cPanel to resolve some known issues with the Anonymous FTP GUI (e.g. in some circumstances it may permit a user to seem to allow Anonymous FTP even if it has been disabled server-wide).

**LaceHost-Ishan** · 03-30-2012, 05:39 AM

It would be good to include all of CSF's security checklist so that admins don't need to waste 30 minutes after cPanel installation to change the defaults.

**eva2000** · 03-30-2012, 07:31 AM

+1 for this, anything to save time after all time is $$$

**sardelich** · 04-02-2012, 07:28 PM

CSF would be a good starting point but there are some warnings in CSF that might break things, epecially php if set up the way CSF likes it to

Forums

Thread: More secure default settings - apache, php, ftp [Various Cases]

LinkBack

Thread Tools

More secure default settings - apache, php, ftp [Various Cases]

Make FTP secure on build - disable Anonymous (Case 55551)

re: Make FTP secure on build - disable Anonymous (Case 55551)

re: Make FTP secure on build - disable Anonymous (Case 55551)

re: More secure default settings - apache, php, ftp [Various Cases]

Re: Make FTP secure on build - disable Anonymous (Case 55551)

Re: More secure default settings - apache, php, ftp [Various Cases]

Re: More secure default settings - apache, php, ftp [Various Cases]

Re: More secure default settings - apache, php, ftp [Various Cases]

Re: More secure default settings - apache, php, ftp [Various Cases]

Similar Threads

Filed with Developers Apache HTTP Server 2.2.21 Released [Cases 53139, 53140]

[Cases 52281, 51103] PHP 5.3.7 Released!

cPanel Default Settings

htaccess - Default settings?

default 'new account' settings

Tags for this Thread

cPanel & WHM

Enkompass

Help

Community

Company

Connect with Us