harden the server avoid spam ?

[tyuuu]

Hi,

may i ask,when you install your cpanel server,

do you take what setting modify to secure your server to avoid spam on your server,

because some site may be upload script to spam,

1. i hope those script can not be uploaded.

2. of course,if cms is not updated and those spam script be upload,
how can i limit those spam script to have mailbox auth before sending mail oit ?


thanks

 

[24x7server]

Hello .

First of all, Please secure your server. Try to scan your server with cPanel security advisor. WHM >> >> Security Center >> SecurityAdvisor

https://documentation.cpanel.net/display/ALD/Security+Advisor#SecurityAdvisor-Overview

I would suggest you to have a look on below security checklist that you should perform.

==================================
CSF hardening
Install Mod-Security with Advanced Rules
Install Clamav Anti Virus
Install Maldet
Install LSM
Install PRM
Lockdown & Hardening the Root Password
Secure SSHD Port
sysctl.conf Hardening
host.conf Hardening
Network Security with hosts.allow & hosts.deny
nsswitch.conf Hardening
Enable DDOS Protection
Root Login Email Notifications
Noexec, Nosuid Temporary Directories (noexec Directories such as /tmp, /var/tmp, /dev/shm)
Security Updates as released by OS and/or Control Panel
Disable Unwanted Services
Enable PHP Open_Basedir Protection
Enable mod_userdir Protection
Securing Console Access
PHP5 Hardening with disabling php functions.
Configuring Anti-Spam Features to Reduce Spam
==================================

Also please try to install configserver exploit scanner on your server. ConfigServer eXploit Scanner (cxs) performs active scanning of files as they are uploaded to the server.

 

[cPanelMichael]

Hello

You may also find the following document helpful:

cPanel - How to Prevent SPAM

Thank you.

 

[lx24]

with CXS + modsecurity you stop hacker from uploading such a scripts.

 

[tyuuu]

with CXS + modsecurity you stop hacker from uploading such a scripts.

if i only install modsecurity with atomicorp.com's rule,it will not block those uploading ?

 

[lx24]

Yes, definitely it will. Depends on the way the hacker uploading the files. However, not all code in file restrict by Mod-security rules. You really don't know what sort of code is included in file and mod-security rules works as they are defined. Mostly such files being uploaded by vulnerabilities found in site/plugins/modules etc.. Mod-security helps from uploading files from such a way.

And with addition of CXS (ConfigServer eXploit Scanner). CXS does scan each uploaded file in real time. It may be from web upload or FTP. If CXS found any such malicious code in file it quarantine such file immediately.

And a rule of mod-security for cxs, you can blocked the hackers IP on the server to prevent further uploading.

Its up to you , you can first test with only atomic rules and if necessary go with cxs as well

 

[tyuuu]

may i ask more..

does CXS use Mod-security rules(such as atomicorp.com's rule) to scan ? or CXS has his own rule ?