Do you know a list with services watched by cphulk to prevent brute force ? I want to make a list and if is a service who is not protected probably i will disable it
CpHulk is only one single small component in what should be a much larger
and more far reaching security policy and plan for your entire server. It's
only purpose is just in reducing brute force attack susceptibility to really
Cpanel itself and doesn't begin to address the many hundreds of other
areas of security you should implement on your server to achieve any
really fully encompassing security solution.
Blindly disabling services you don't understand just because it may or may
not be "protected" as you put it is completely unwise unless you know
what is using those services behind the scenes and have a good grasp
on your server internals (which most don't these days unfortunately).
PlatinumServerM said:
cphulk protects the cpanel services. You should also use a firewall like csf to protect the rest of the ports that it does not cover.
PlatinumServerM gave the best advice above in activating cpHulk and
installing Chirpy's CSF Firewall (configserver.net). The LFD service
included in that package helps as well and is actually at a core level
far more sophisticated than the basic brute force protection that
cPanel's built in cPHulk service provides.
For backup protection, you could also better configure the portsentry
port scanner that is usually included behind the scenes on Cpanel servers.
It is weaker than CSF but operates such that the redundancy doesn't hurt
so you can actually leave both running.
The "Firewall Test" function in CSF will give you an idea of truly unnecessary
services that can be disabled and will give you some additional pointers
for further securing and tightening down your server.
You also might want to look at installing additional security modules such as
Mod_Security and Mod_Evasive to protect your web server from general
Dos attacks and known and unknown web application exploits.
For your FTP server, I'd run Pure-FTPd instead of Pro-FTPd for both
performance and security reasons and disable direct root logins and
anonymous file services from your FTP service configuration.
For SSH, at the bare bones minimum I would change the port from the
default port 22 to some other unused port (don't forget to open in firewall)
and operate under Protocol 2 only. For increased security, you might
want to consider moving to certificate logins only and disabling direct
root logins but instead use wheel user escalations after login. Unless
absolutely necessary and even then I'd strongly lean away from giving
out SSH access to any user account aside from yourself.
For your Apache web server itself, you should not run Apache 1.3 and be
upgraded to at least a bare bones minimum of Apache 2.0 although there
are additional security and performance advantages moving on up to
Apache version 2.2 series (current latest under cPanel is 2.2.11).
Perl and most web scripting should be SuExec enabled to run all
those scripts as the owner user instead of Apache's "nobody" user
so that you can better track and manage script executions.
PHP for an enormous list of reasons should be run as a CGI operating
under SuPHP instead of as a direct Apache DSO module and I'd
recommend further increasing security by disabling known greater
exploit functions and installing the SuHosin security path for PHP.
It is generally a good idea to disable compilers from non-root access
and make your TMP (/dev/shm) partition non-executable and non-setuid
to make it more difficult for anyone getting into the server from being
able to readily install server exploits and malicious scripts on your server.
Often used and exploited shell commands commonly used by attackers
to cover their tracks after attacks such as chown, chattr, lsattr, lpr,
and touch can be set to root execute only and made immutable to
limit acces to these functions. Others such as wget and lynx can be
limited to root and cpanel execution only to limit their abuse.
