The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Security Measures

Discussion in 'Security' started by digitaldude, Jun 3, 2012.

  1. digitaldude

    digitaldude Member

    Joined:
    Jun 17, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Can anyone please guide what security steps are necessary while setting up a new cpanel server? I would like to keep it the most secure for my clients so that they are not affected by exploits in WordPress and other content management systems.
     
  2. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
    There are many things you need to do to secure a server ... some things: install CSF, mod_security, install the latest wp version.
     
  3. digitaldude

    digitaldude Member

    Joined:
    Jun 17, 2011
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    I have CSF, mod_security rules, other basic security measures in place. But the point is, people upload nulled wordpress themes that contain php file managers etc. And strangely enough, they can browse the whole /home directory. Those scripts use functions of php that break WHM operation when I disable them.
    The bad guys browse to /tmp directory, upload a perl or C code, compile it and execute it. To my astonishment, disabling perl, gcc and other compilers for non-root users breaks WHM/cPanel as well!
    I did have Way To The Web ltd. guys take control but they only employed very basic measures which were useful only for novice level attacks on the server.
    WHM does have the open_basedir option but I haven't seen it working anywhere due to one reason or the other, I have a reputed web host taking care of my server but even they failed to get it working.

    I just need to do the following:
    1. detect and quarantine suspicious injections in realtime, without causing significant load on the server. Keep CMS installs secure.
    2. Make separate containers for each cpanel user so that if one is compromised, the others don't feel a thing!...

    Please specify how I can go about implementing effective methods to address these problems.
     
  4. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You ask a lot from a shared hosting environment :) Keeping CMS installs secure ultimately depends upon your web hosting customers [or yourself if you're a glutton for punishment] knowing what they are doing and being proactive with security updates, paying attention to outdated themes, plugins, components, etc, using strong passwords, not storing passwords in FTP programs and browsers, using antivirus software on their systems, etc. Unfortunately, you can never count on anyone but yourself to be that security conscious and proactive.

    That's why you end up having to do things like (a) securing /tmp, /var/tmp, /dev/shm, (b) running suPHP / suExec, (c) forcing open_basedir restrictions on each and every account on the system, (d) using CSF and CXS, (e) installing mod_security and using a sensible ruleset [such as that from atomicorp.com], (f) disable the ability of mod_security to be turned off via an .htaccess file, (g) not allowing user-editable php.ini files in their directories, (h) disabling a lot of functions via disable_functions in php.ini, (i) keeping your OS up to date, (j) keeping your WHM/cPanel up to date, (k) forcing SSL for /whm and /cpanel services, (l) limiting access to /whm to only your administrative IP blocks, (m) forcing strong passwords, (n) disabling standard FTP and force FTPS, (o) change FTP and SSH access ports, (p) disabling services you do not need/require, (q) disallow SSH access for any user, (r) don't accept every Tom, Dick and Harry who is willing to sign up for your service -- be selective -- ask questions of them -- feel them out.

    There are way too many items to list, and many of those items listed above take a significant amount of time and effort to set up properly and maintain. Listing the steps to take is one thing, explaining them all is another.

    These forums hold a lot of valuable information. You need to do a lot of searching to learn about all the techniques used by people to secure their servers. Everything I've mentioned has been discussed in detail in various places on these forums.

    M
     
Loading...

Share This Page