The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tweak Settings Security Checklist - Missing Options?

Discussion in 'Security' started by jerdoggmckoy, Jun 20, 2013.

  1. jerdoggmckoy

    jerdoggmckoy Active Member

    Joined:
    Jun 3, 2013
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    St Paul, MN
    cPanel Access Level:
    Root Administrator
    In trying to follow the recommended security options here: Recommended Security Settings Checklists - I find that some things are no longer applicable such as the SecurityTokens.

    Under Cookie IP Validation, it says if turning this on "you should also disable proxy domains." However, there is no proxy domain options, only proxy subdomain options. I'm assuming this is what was meant, turning off the "Proxy subdomains"?

    Also, it is recommended to "Block Common Domains Usage", however, I cannot find that feature either.

    And finally, I cannot find any Bounce option for:

    Initial default/catch-all forwarder destination
    Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

    The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?

    Thanks in advance for any help!
     
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,146
    Likes Received:
    34
    Trophy Points:
    48
    Location:
    India
    cPanel Access Level:
    Root Administrator
    For this you will have to disable "Proxy subdomains" and "Proxy subdomain creation" in your tweak setting

    You can enabled "Prevent cPanel users from creating specific domains" on your server to block common domains Usage

    Yes, You use "Fail" and "Blackhole" options
     
  3. jerdoggmckoy

    jerdoggmckoy Active Member

    Joined:
    Jun 3, 2013
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    St Paul, MN
    cPanel Access Level:
    Root Administrator
    Awesome, thank you for the help!
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, "fail is the preferred option over "blackhole". Per it's description:

    “Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.

    Thank you.
     
Loading...

Share This Page