Knowledge Base Home  l  Web Hosting  l  Softwares  l  WHM  l 

Linux server security tips
Category : Web Hosting


You can improve the security setting in WHM and linx through the following steps

1 Install mod_security with custom rules
Install an Apache module that blocks hacking attempts attempted over the http protocol. Great at blocking SQL Injections and other hack attempts with custom LLH rules.
Try running a command on our site using syntax that many hacks use. This command which would normally present the hacker with some form of control over your server is blocked and presents a 406 error message. Press the Alert icon to try it now!

2 Install root login email notifications
Get an email from your server when someone logs into shell as root user

3 Install ClamAV with 280,000+ virus definitions
Installs an open source antivirus scanner with daily updates.

4 Update Perl to latest version
Update your server to use the latest Perl version available with cPanel.

5 Install Rkhunter and set cronjob
Installs Rootkit Hunter on your server and runs a daily scan for rootkits.

6 Upgrade kernel to latest version
Upgrade server kernel to the latest one available from Linux distro vendor

7 Update server with yum
Update server with latest packages from distro vendor

8 Disable insecure and unneeded services
Disables OS services that aren't need on a server

9 Disable anonymous FTP
Disallow anonymous access to server's FTP

10 Update cPanel to latest Release version
Update cPanel and set daily automatic updates for Release branch for latest in features and stability.

11 Disable insecure php functions
Disable insecure php functions like system, exec, and many more from running on the server.

12 Enable open_basedir
Prevents users from opening files outside of their directories with PHP.

13 Enable suexec
Makes all CGI programs run under user ID of account owner

14 Force SSHv2 access only
Change OpenSSH configuration so that only secure SSH version 2 connections can be made to the server. This disables Telnet and SSHv1.

15 Change SSH default port number
Set port for SSH access to non-default number to prevent hacking attempts

16 Install and configure ConfigServer Security and Firewall
Install a fully featured iptables-based firewall and configure it for maximum security. This included Login Failure daemon to block repeated login failure hacking attempts.

17 Set server to drop connections from IPs based on Spamhaus and DShield DROP lists.
Server will block all connections from IPs in the block lists of Spamhaus and DShield DROP lists at the firewall.

18 Extend exim logging
Extend the details exim logs to help catch spamming

19 Prevent users from parking/adding on common internet domains
Unless you're hosting, this will keep common domains from being put on your server.

20 Disable compilers
Disable compilers for unprivileged

21 Set maximum emails sent per hour
Allow only 5000 emails to be sent per hour from your server (or some other specified number)

22 Enable mod_userdir Protection
Disables the Apache feature that allows the bypassing of server's bandwidth measuring feature for accounts

23 Modify maximum resources Apache can use
Set RLimitMEM and RLimitCPU to prevent runaway scripts from using too many resources (as often happens in DoS attacks.)

24 Set root forwarder
Ensure that critical server emails are being delivered to server admin

25 Enable Shell Fork Bomb Protection
Keeps users logged into ssh from using excess resources causing a DoS attack.

26 Enable Background Process Killer
Searches for an kills bad background processes like ircd, bnc, and eggdrop amongst others.

27 Check and secure various tmp objects
Check /tmp, /usr/tmp, and /var/tmp for correct permissions and ownership

28 Set correct server runlevel
Set server so that it starts in a secure multi-user environment.

29 Install ConfigServer Explorer
Installs a file system explorer in WHM with many useful features.

30 Install ConfigServer Main Queues
Installs a visual interface to interacting with the exim mail queue.

31 Install ConfigServer Mail Manage
Allows the editing view and management of client email accounts and quotas from within WHM without having to log into their cPanel account

32 Update Apache to latest version of 2.2
This version provides many security, performance, and feature benefits over the older 2.0 and 1.3 versions

33 Update PHP to latest version of 5.2.
Provides many new features and performance improvements over 4.x and security benefits over other 5.x versions.

34 Install Zend Optimizer, Ioncube Loaders, and SourceGuardian Loaders
Enables the loading of of Zend, Ioncube, and SourceGuardian protected scripts.

35 Install Suhosin
SuHosin protects servers and users from known and unknown flaws in PHP applications and the PHP core.

36 Install and enable suPHP
suPHP is a tool for executing PHP scripts with the permissions of their owners. Runs PHP scripts under the user's account instead of the universal and insecure 'nobody' user.
Click on the Alert icon to read our help file for customer who are having issues caused by suPHP.

37 Install EAccelerator
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache.

38 Add PHP Mail Header Patch
PHP Mail Header Patch allows spam (and all mail) sent via PHP's mail() to be sent with a header line that tracks where it came from.

39 Enable IP spoofing protection
Prevents IP spoofing and DNS poisoning

40 Two Weeks of free Limitless Security Service related tickets

Growing Business Circle™
Click here for more ....
Web Hosting  l   Softwares  l   WHM  l  
  Most Recent Articles

» Send the mail using the SMTP authentication through php

» This message is to inform you that the account xxxxxx has user id 0 (root privs)

» Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in D:\INETPUB\VHOSTS

» call-time-pass-by-reference error after updating the php to php 5.4

» spamming through exim, Exim is down , /var drive is full

      Popular Articles

» Warning: mail() [function.mail]: "sendmail_from" not set in php.ini or custom "From:" header missing in D:\INETPUB\VHOSTS

» call-time-pass-by-reference error after updating the php to php 5.4

» spamming through exim, Exim is down , /var drive is full

» Free back up software for windows (Windows 2003 server, Windows Xp)

» How to create new email id under the HELM control panel – AdsinMedia Hosting

» How to configure the mail id in microsoft outlook express

» How to delete the mail from outgoing folder of Microsoft outlook

» SMTP error Codes

» How can I use the new server while I change the DNS server of a domain.

» Spamd spamassassin shutting down automatically

Copyright © 2014 Adsin Technologies. All rights reserved. Powered by business adsleaf