Installation Issues & Questions: Security

[newboy2010]

Thanks for all th help so far guys.

The main thing i am concerned about now is the security of my server.

1. What services do you think i should block on the server? Like i have noticed that most cpanel servers doe not allow SSH access. How do we block this.

2. Do i need to block any other services as well?

Once again, hank you all for all the help and support.

 

[cPanelDon]

Friendly Moderator Note

This discussion was separated from its original thread to minimize confusion between varying topics; for reference, here is the original thread: Installation Questions & Issues - cPanel Forums

 

[cPanelDon]

Thanks for all th help so far guys.

The main thing i am concerned about now is the security of my server.

1. What services do you think i should block on the server? Like i have noticed that most cpanel servers doe not allow SSH access. How do we block this.

2. Do i need to block any other services as well?

Once again, hank you all for all the help and support.

As a starting point, I recommend reviewing the following documentation (and reference menu paths):

• cPanel Release Notes: Version 11.25 >> cPanel/WHM 11.25 Recommended Security Settings (PDF)
  
• WebHost Manager (WHM): How-To Guides for Server Administrators >> Securing Your Server
  
• WHM: Main >> Server Configuration >> Tweak Settings >> Security
  
• WHM: Main >> Security Center
  
• WHM: Main >> Account Functions >> Manage Shell Access

 

[whr]

You needn't block any services unless you are not using it.

Its not true that most cPanel servers won't allow SSH. If its a shared server, don't provide SSH for users (but that depends on your plans as a webhost).

The truth is that with cPanel you won't need SSH.

Some additional precautions will be to disable direct SSH access from the root user.

Say create another user with sudo privileges and run SSH in a different port.

Also make sure to install/configure firewalls like APF or CSF and block all the unused ports in the firewall. This would be the best way rather than disabling the services.