How to keep a shared web hosting server secure?

Rand al'Thor · Jun 30, 2016

What are the ways of keeping a shared hosting linux server secure, assuming SSH access is available for every user?

I am mainly thinking of securing the shared servers from the users themselves and between themselves together.

RDO Servers · Jun 30, 2016

SSH access on a shared hosting server can be a bad thing...

We offer Jailed Shell for customers on certain plans, but certain commands are of course blocked.
More info on setting up Jailed Shell on cPanel here

Cloudlinux is a great product for helping isolate customers on a shared server.

VirtuBox · Jun 30, 2016

Yes like RDO said, SSH shoud be limit as much as you can on a shared hosting, but there is also the chrooted solution to isolate each user.

But I haven't use in production yet as most of users doesn't know what is SSH..

LJSHost · Jul 7, 2016

I have to agree with SSH access on shared hosting is a bad idea. Most shared hosting customer don't even know what SSH is let alone want access to it. We have never been asked for shell access by any of our shared hosting clients.

As RDO stated CloudLinux is best for security and account isolation, jailed shells can work well but also require a lot of configuration.

Kaz Wolfe · Jul 12, 2016

RDO Servers said:
SSH access on a shared hosting server can be a bad thing...

We offer Jailed Shell for customers on certain plans, but certain commands are of course blocked.
More info on setting up Jailed Shell on cPanel here

Cloudlinux is a great product for helping isolate customers on a shared server.

LJSHost said:
I have to agree with SSH access on shared hosting is a bad idea. Most shared hosting customer don't even know what SSH is let alone want access to it. We have never been asked for shell access by any of our shared hosting clients.

As RDO stated CloudLinux is best for security and account isolation, jailed shells can work well but also require a lot of configuration.

I read some articles it is possible to do local hack on shared hosting if users have not set file permissions as well. Is this exact information?

CloudLinux can stop attacks from shared accounts on a same server?

uniwebhosting · Jul 12, 2016

the first steps ...

1) Install 1h or cloudlinux
2) Enable mod_userdir Protection
3) Enable php open_basedir Protection
4) enabled SSH Password Authorization Tweak
5) Disable or change port for shell.

Update kernell and all pache for OS.

Nixtree · Jul 16, 2016

Secure Shared Server

Hello,

Securing the shared server is an ongoing process.

- Set jailed shell for the users is the first option.
- CloudLinux with cagefs is one of the recommendation
- Change ssh port to a custom port
- Set password strength to a strong value
- Check for the applications in the server and make sure they are using the latest softwares, if not upgrade it to them
- Update kernel/softwares to the latest by adding the patches
- Most Important, Enable BACKUP, so even if it is hacked, we can restore the site.

Above are some of the recommendations only.

Kaz Wolfe · Jul 16, 2016

uniwebhosting said:
the first steps ...

1) Install 1h or cloudlinux
2) Enable mod_userdir Protection
5) Disable or change port for shell.

Why do we need to enable mod_userdir and disable or change port for shell? and which ports would you suggest to change?

Nixtree said:
Hello,

Securing the shared server is an ongoing process.

- Set jailed shell for the users is the first option.
- CloudLinux with cagefs is one of the recommendation

These I can apply for a VPS I am managing or it only work for a shared hosting?

If yes, how to find them or set up them?

Thanks in advance
Kaz

Nixtree · Jul 17, 2016

Hi

You can select the Jail shell for all users from whm and then give bash shell who is trustworthy or know what they will be doing.

Other steps you can do to secure is

Disable Password Authentication completely and force all shell users to use key and create proper documentation to setup and use Key based ssh auth on different flavors like Linux, windows putty, for both private and public key based auth.

Key based auth with custom ssh port is the best secure thing you can do with ssh access.

If you wish extra security , You can restrict Ip access as well by blocking ssh port for public. Only allow ssh for whitelisted one and provide a method to whitelist / block ip via whmcs, like the below one

http://www.whmcs.com/appstore/1354/WHMCS-CSF-Manager.html

Hope this will be the most secure way for providing ssh acccess for all users in a shared server.

Hope this helps

postcd · Jul 26, 2016

You can use this tutorial to compare it with your cPanel server.
Else it is wise to use CLoudlinux to separate user accounts as much as possible. If you prefer free tools, then you would need to do things step by step / follow tutorials and tweak server as time goes.

How to keep a shared web hosting server secure?

Rand al'Thor

Member

RDO Servers

Well-known member

VirtuBox

Well-known member

LJSHost

Well-known member

Kaz Wolfe

Well-known member

uniwebhosting

Member

Nixtree

Well-known member

Kaz Wolfe

Well-known member

Nixtree

Well-known member

postcd

Member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud