No announcement yet.

Easy Tips For Securing a cPanel Server

  • Filter
  • Time
  • Show
Clear All
new posts

  • Easy Tips For Securing a cPanel Server


    Server security is a complex and multifaceted subject that can take years to fully understand and master.

    Most administrators must diligently develop and deploy a vast array of security measures on their servers in order to prevent attacks and breaches.

    The security measures in question can be as simple as requiring more secure passwords and as complex as deploying updated encryption protocols for stored data.

    Here’s a list of useful tips to make sure you don’t compromise on your cPanel security and make it more secure.

    Here are easy ways to significantly improve your server security in only a matter of minutes.

    1. Secure SSH

    SSH or Secure Shell is a remote connectivity tool in Linux which helps users to log into a remote machine and execute commands. Therefore, if you don’t secure SSH, there are chances of attacks.

    a) Change SSH Port

    Keeping SSH on the default port 22 makes it vulnerable to brute force attacks. In order to prevent these attacks you should select a random port for SSH to make it more difficult for potential attackers to discern its location.

    Here are the steps to change SSH port.

    1. Login to your server via SSH.

    2. Edit the SSH configuration file which is located at /etc/ssh/sshd_config by issuing the following command:
    nano /etc/ssh/sshd_config
    3. Set a random port for SSH connection at the following line.Original: Port 22
    New line: Port 2468

    4. Now, restart SSH service by executing following command:
    service sshd restart

    b) Disable Root Login

    To add an additional layer of security and further strengthen your SSH, you can disable the root user and create a separate user to access the server.

    Here is how:

    1. Login to your server via SSH. Before disabling root login, we will create a user to access the server:
    adduser new_username_name
    passwd new_username_name

    2. You will be asked to set a password for this new user. Ensure that the password is as strong as possible (at least 10 characters with several numbers and symbols) and then add the new user in a wheel group granting it access to the server by using the following line of code.
    # usermod -aG wheel new_username_name

    3. Now, disable the root user. Edit the SSH configuration file which is located at /etc/ssh/sshd_config.
    nano /etc/ssh/sshd_config

    4. Change the line: “PermitRootLogin yes” to “PermitRootLogin no”

    5. Now, restart SSH service by executing following command.
    service sshd restart

    c) Disable SSH V1

    With the inception of SSHv2 making its predecessor SSHv1 all but obsolete, it is highly recommended that you disable the less secure and outdated SSH to improve your server’s security.

    1. Login to your server via SSH and edit the SSH configuration file which is located at /etc/ssh/sshd_config.

    2. Uncomment the following line.
    Protocol 2,1

    3. And change it to:
    Protocol 2

    4. Now, restart SSH service by executing following command:
     # service sshd restart

    Recommended: Setup Key based Password-less login

    Disable password authentication and allow SSH access only by key-based authentication.

    Open SSH Config file (vi /etc/ssh/sshd_config) > Edit the Password Authentication to “no”

    Password authentication in the server is disabled now. Generate SSH key in the host machine > ssh-keygen

    If you hit ‘Enter’, the key will be placed in ‘/home/user/.ssh/id_rsa’ by default.

    2. Enabling CPHulk Protection

    A brute force attack is a hacking method that relies on an automated system to guess the password to your web server.

    cPHulk is an easy to use service that will protect your server against most brute force attack.

    To enable cPHulk, login to WHM→ Security Center cPHulk Brute Force Protection and click on Enable.

    You can now set custom rules based on the cPanel username, IP address and other parameters.

    Once a set number of failed login attempts has been reached, cPHulk will block any further attempts from the IP address being used.

    Note: If you have a static IP then it is highly recommended that you add it to the Whitelist Management so that you do not lock yourself out of your server.

    3. Setup ConfigServer Firewall (CSF)

    CSF (ConfigServer Security and Firewall) is one of the most popular firewalls for cPanel servers.

    Not only does it act as a Firewall by scanning various authentication log files but it also scans your server on a regular basis and gives you personalized recommendations for improving your server’s security.

    In addition to its primary features, CSF also gives you access to a number of useful features like “View System Logs”, IPTable Logs, IFD statistics and much more. Installing ConfigServer Firewall

    It is quite easy to install CSF in your server with cPanel. Please refer to our step by step guide on How to Install ConfigServer Firewall to cPanel/WHM?

    Once you have followed the directions in our aforementioned guide, you can manage CSF directly from WHM.

    To do so, login to your WHM, navigate to Plugins → ConfigServer Security & Firewall.

    Here you will be presented with a number of options and measures that you can use to tighten up your security even further.


    Plugins for cPanel Security

    A. RKHunter

    Rootkit is a popular type of malware which is secretly installed on your server by intruders and allows 3rd party root access. It offers full control to the information that is on your machine or even passes through it. Install RKHunter helps to guard against this malware. This plugin scraps your machine and matches it against a database of known rootkits.
    Installing RootKit Hunter

    Change current working directory to the desired installation directory.
    cd /usr/local/src

    Download the rkhunter package using wget command.

    Unzip the downloaded rkhunter archive.
    tar -zxvf rkhunter-1.4.2.tar.gz

    Change the current working directory to the rkhunter directory. Make sure you replace the directory name with the actual directory name. In our case, it’s “rkhunter-1.4.2” which can be changed when new updates are released.
    cd rkhunter-1.4.2

    Install the rkhunter package by executing the installation script.
    ./ --layout default --install

    This will install the rkhuter tool in the server. Configuring Rkhunter

    You can find configuration file of rkhunter at path /etc/rkhunter.conf. By changing the parameter values in this file, we can modify the properties of rkhunter to secure the server. To allow root login via SSH

    rkhunter installation directory

    rkhunter Database directory

    rkhunter script directory

    rkhunter temporary directory
    Manual Scan With Rkhunter

    To run a manual scan with rkhunter run below command.
    /usr/local/bin/rkhunter -c

    By default, rkhunter runs in interactive mode. rkhunter performs a series of scans and after each set of scans, you’ll need to press Enter to continue the scan.

    To skip interactive mode run, and scan all the set use below command. Note that -c is to check the local system and –sk is to skip key press.
    /usr/local/bin/rkhunter -c -sk

    To scan the entire file system run below command.
    rkhunter --check
    Scheduling Automatic Scans With Rkhunter

    To create a scheduled automatic scan, create a script which executes rkhunter scan and emails the scan results.

    If you want to run rkhunter scan daily, upload the script to /etc/cron.daily directory and to /etc/cron.weekly for weekly scans.

    Open a file in an editor and write the below script to schedule it daily.
    vi /etc/cron.daily/

    Script to schedule daily scan

    /usr/local/bin/rkhunter --versioncheck
    /usr/local/bin/rkhunter --update
    /usr/local/bin/rkhunter --cronjob --report-warnings-only
    ) | /bin/mail -s 'rkhunter Daily Run (HostnameOfServer)' youremail@address
    Note: Make sure you change HostnameOfServer and youremail@address with the actual server hostname and the Email address to which the notifications are to be sent in the script. Rkhunter Update & Options

    To check the rkhunter current version.
    /usr/local/bin/rkhunter --versioncheck

    To update the rkhunter version.
    /usr/local/bin/rkhunter --update

    If the database files are updated, to check and save the updated values and properties.
    /usr/local/bin/rkhunter --propupd
    rkhunter logs stores all activities done and error encountered by the application. To check rkhunter logs.

    You can refer the other rkhunter options with.
    /usr/local/bin/rkhunter --help
    B. ConfigServer eXploit Scanner (cxs)

    You can try ConfigServer eXploit Scanner, a tool that actively scans files as they are uploaded to the server. This can help prevent exploitation of an account by malware by moving suspicious files to quarantine before they become active or deleting them. Cxs will prevent files uploaded with the Gumblar Virus, PHP and Perl shell scripts.

    C. Setup ClamAV Antivirus

    While Linux servers have a more “natural” resilience to viruses than their Windows based counterparts, it is still considered wise to install an additional antivirus application.

    ClamAV, which is easy to install as a plugin on your server, is one of the most popular open source antivirus plugins for cPanel servers and allows individual users to scan their home directory and emails for potentially malicious files.