cPanel License: Advanced Server Security
Control Panel (cPanel)
What is VPS Cpanel?
Securing your server is one of the most important things you need to do when you’re setting up and maintaining your cPanel license and server. In this article, you’ll learn in-depth techniques and best practices for safeguarding your site, server, and account from hackers.
Aside from the Security Advisor, there are some manual steps each admin should take to keep their server safe from attacks when setting up their cPanel license and server. Some of these are settings that can be disabled once, and others require regular monitoring. One of the first places to start is our knowledge base article about Recommended Security Settings. Pay special attention to the “Tweak Settings Checklist” as it has a lot of significant beginning steps. These additional suggestions provided below will help you set up a secure environment.
Enabling Configure Security Policy allows you to limit who can log in to only verified IP addresses. In this area, you can also add Two-factor authentication using Google Authenticator, and change the settings for Password Strength and Password Age.
Use a Firewall
A computer firewall is either a hardware device or a software program that is configured to inspect all the data traffic that is received by the firewall before it enters the server or network. It uses a set of predefined rules to determine whether the data it should be allowed to pass or be blocked.
A cPanel license does not come with a firewall provided, but adding a firewall to your server will prohibit malicious elements from accessing your system. There are several recommended third-party firewalls that can be used for the protection of your cPanel license and server, such as ConfigServer Security & Firewall (CSF), Cloud Linux, etc.
Restrict System Compliers
Most users don’t require access to a C or C++ compiler. We recommend that you disable compilers for users that don’t belong to the compilers group under /etc/group in your cPanel license server’s settings. Without a functional compiler, most pre-packaged exploits can’t run. You can deactivate compilers through the Compiler Access interface in WHM. You can also use the following command in the command line:
Disable Redundant Services
When you have daemons or services that enable connections to your cPanel license server that are redundant or not being actively used, there’s a risk of attracting hackers who will abuse those connections. The more services that are running on your server, the more opportunities there are for others to use them, break into or take control of your system through them. Examine your system to see what programs are redundant or unused. To improve your server’s security, deactivate all daemons and services that you don’t require. You can do this in the Service Manager interface. (WHM >> Home >> Service Configuration).
In general, security experts highly recommend that you use only the latest stable versions of any software on a server that is live and in production. For a cPanel license, we recommend that you set your server to automatically update on the LTS tier. You can specify your update settings in the Update Preferences interface. You should also check your other software on your server for updates regularly, or enable automatic updates.
June 1, 2020
June 1, 2020