How To Secure cPanel?
Publisher: Psychz Networks, April 08,2019Securing your server is a complex topic and can take good years of understanding and expertise. Web hosting administration system, cPanel offers a number of options. Plugins and additional security applications also are available. The security measures can be very simple or can be highly complex. Luckily, cPanel server security falls is rather simpler than complex.
- Update
- Secure Passwords
- Secure SSH
- Enable CPHulk
- Secure Apache and PHP
- Configure Host Access Control
- Setup CSF (ConfigServer Firewall )
- Enable Antivirus
Here are some of the methods you can use to make sure you improve your cPanel security.
1. Keep cPanel Updated
The developer team of cPanel is constantly working towards improving the security and fixing bugs which you can always benefit from using the most recent version of cPanel. The "Upgrade to Latest Version" option can help you keep your software version up to date.
You can find the option by using the search bar as shown in the figure below
2. Define Secure Passwords
Make a habit to use strong passwords that are tough to be guessed or hacked. cPanel has a Password Generator which can be used to create strong passwords.
If you wish to create your own passwords, you can follow the following guidelines
-> Utilize at least 8 characters including alphanumeric and grammatical symbols
-> Avoid using significant dates and dictionary words
-> Use a combination of special characters and upper-cases
You must also enable SSL to avoid any leaks. This can be done from “Tweak Settings” in “Server Configuration”
3. Secure SSH
Secure Shell (SSH) is used to access the server using a command line interface. It is largely used to update or configure the server. The default port number for SSH is 22 which any hacker can easily use to attempt to break into your server. To prevent this, you can redefine the port number to one that is unlikely to be guessed.
SSH changes are accomplished by editing the SSH daemon configuration file at
# vi /etc/ssh/sshd_configYou need to change the reference to Port 22 to Port 2468 (for example)
Now you must restart the SSH service by executing following command
# service sshd restart
4. Enabling CPHulk Protection
A brute force attack is a hacking technique that works on an automated system to guess the password to break into your server. cPHulk is an easy to use service that will protect your server against most brute force attack.
To enable cPHulk, login to WHM→ Security Center → cPHulk Brute Force Protection and click on Enable.
5. Securing Apache and PHP
For rapid building and compiling of new versions of the Apache server and PHP scripting language, cPanel includes a utility called, “EasyApache.” Besides practicing proper security by ensuring the latest versions are being used, you can also contain any potentially malicious PHP scripts within their home directory to prevent them from opening files elsewhere.
To do this, go to the PHP open_basedir Tweak command in the “Security Center” and check and save “Enable php open_basedir Protection.”
6. Configure Host Access Control
It is highly advisable to allow specific services to a specified IP only and this can be easily done by controlling the Host Access Control. It allows you to create rules approving or denying the access based on the IP address of the user.
Following are three ways you can configure a rule with Host Access Control
-> The service for which you want to create a rule
-> The IP address for which you want to allow or deny privileges
-> And the action you want to be taken (e.g. Allow or Deny)
For example
Note: The rules have an order of precedence. You will have to put ‘allow’ rules before ‘deny’ rules if you are choosing to use the allow from a few, then deny from all technique.
7. Setup ConfigServer Firewall (CSF)
CSF (ConfigServer Security and Firewall) is one of the most popular firewalls for cPanel servers. It acts as a Firewall and is capable of log files and other services running on the server. With the help of CSF you can access a number of useful features like “View System Logs”, IPTable Logs, IFD statistics and much more.
It is quite easy to install CSF in your server with cPanel. To Manage CSF directly from WHM you need to login to your WHM, navigate to Plugins → ConfigServer Security & Firewall. Here you will be presented with a number of options and measures that you can use to tighten up your security even further.
8. Antivirus
For anti-virus, ClamAV is available as a plugin for cPanel servers. It is one of the most popular open source antivirus plugins for cPanel servers and allows individual users to scan their home directory and emails for potentially malicious files.
Conclusion
By implementing the measures given above, you can boost your system's security and reduce the vulnerability to attacks to your VPS or server. A piece of strong advice is to document all the steps taken to optimize your server security and revisit these steps and update them frequently if required.