The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Essentials

Discussion in 'General Discussion' started by php4ever, Sep 5, 2006.

  1. php4ever

    php4ever Member

    Joined:
    Sep 5, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Looks like I'm forced to do a fresh install after formatting the drive thanks to a trojan. I'm curious what can be done from cPanel to tighten up security in addition to what we have already done.

    What are some of the tools a web server really must have?


    ~ Jared
     
  2. fusioncroc

    fusioncroc Well-Known Member

    Joined:
    Sep 28, 2004
    Messages:
    261
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    U.K.
    APF, BFD, mod_security with a decent ruleset, probably a lot of others things as well.
     
  3. NightStorm

    NightStorm Well-Known Member

    Joined:
    Jul 28, 2003
    Messages:
    286
    Likes Received:
    4
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    A good start would be Chirpy's ConfigServer Firewall (CSF). It has a feature to do a "suggestive security scan". Run it. Make all the red go away. ;)
    There are a few real good mod_security rules here on the forum... utilize them to the best of your ability as a system administrator.
    Disable all the crap scripts that will cause headaches. You know the ones... mambo, phpBB... the stuff that is exploited more often than it's updated.
    Secure /tmp. I don't mean a quickie hack of it. Really secure it. This is a 50/50 defense. Users can still run scripts from /tmp by calling the file as a full path (/tmp/script.pl), but a lot of kiddies have not yet figured this out.
    No Shell Access. Can I say that often enough? Probably not. NO SHELL ACCESS. Opening SSH to your users is just one more doorway for someone else to wander in. if they *really* need it, make sure it's running on some obscure port, and that the users login is secure... no 4 letter passwords. Make the person work for access.
    Harden your php. phpSuExec. use the disable_functions option. You'll find that certain sites and services suggest different things to disable, but I have found "dl,exec,system,passthru,shell_exec" to be a happy for me personally.
    A good idea is just to cruise Chirpy's site, and see what he has to offer. You'll find all sorts of fun toys there that will make your job a little easier.
     
  4. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Also check out John Wigle's site over at totalserversolutions.com and his help site at eth0.us -- great info and service from him as well. ;)
     
Loading...

Share This Page