The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installation completed, now about security?

Discussion in 'Security' started by Atd, Feb 18, 2013.

  1. Atd

    Atd Registered

    Joined:
    Feb 18, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, I've just installed centos + cpanel to my first dedicated server, i dont have any experience with whm, I used only cpanel shared hosts in the past,

    After installation I've completed 12-5 welcome steps, and setuped custom nameservers, created a package and created an account, and seems working fine,

    But now to secure server from brute force attacks, ddos attacks, what do I need to configure or to install?

    and since I like to host 2 friend's websites there, i saw a lot of discussions in the past that from 1 account they can access other's accounts hosted on that server with shell scripts or php scripts, what you preferr for me for this?


    Thank you.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. Atd

    Atd Registered

    Joined:
    Feb 18, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok I followed that guide about securing ssh, and apache suPHP, Suhosin (mod_security not but I will check later, Im newbie and dont understanded)

    installed chkrootkit but didnt understanded how to set up a cron job for this

    Also installed CSF and followed csf guide and now to security check is "Your Score: 117/131*"


    but now Im not understanding whats the best way for preventing users to access other accounts files,
    so example.com domain to dont access example2.com that are different accounts?

    Thanks.
     
  4. PlotHost

    PlotHost Well-Known Member

    Joined:
    Apr 29, 2011
    Messages:
    253
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Twitter:
  5. Atd

    Atd Registered

    Joined:
    Feb 18, 2013
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  6. cPanelKurtN

    cPanelKurtN Well-Known Member
    Staff Member

    Joined:
    Jan 29, 2013
    Messages:
    95
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    With respect to the SymLinksIfOwnerMatch option in Apache, the EasyApache team is currently looking into a possible solution for the race condition mentioned in the Apache Docs. Due to programmatic issues, it will likely only apply to Apache 2.2 and 2.4. Of course, fixes like this often come with trade-offs. In this case, the trade-off will be slightly higher disk usage, and thus slower page retrieval for files that have this option applied to it.
     
Loading...

Share This Page