Is it hard to disable functions in cpanel?

Nigel

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
I was thinking about just using cpanel for a VPS or dedicated server that I will be getting soon. When I was reading on some websites they said that you can disable unwanted functions in cpanel but they didn't say how.

Is it hard to disable functions in cpanel?

Is this easy to do?
 
gagah

gagah

Well-known member
Registered
Joined
Jan 21, 2017
Messages
86
Points
0
Nigel said:
I was thinking about just using cpanel for a VPS or dedicated server that I will be getting soon. When I was reading on some websites they said that you can disable unwanted functions in cpanel but they didn't say how.

Is it hard to disable functions in cpanel?

Is this easy to do?
Click to expand...
No it's not hard, anything that's related to cpanel is well documented and pretty much point and click. I'd be more worried about configuring and hardening the server itself rather than dealing with cPanel to be honest.
 
ulterios

ulterios

Well-known member
Registered
Joined
Nov 25, 2015
Messages
481
Points
0
ulterios
Does cPanel itself cause any inherent security holes by using it?
 
WPCycle

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
I will also agree with not using cPanel.

In terms of holes...that's more of a security issue of how well the server is secured. With or without a panel, there can be issues if not done properly.

But with cPanel..if the needs can be met without it. Not only does it save you money...but installing the services you need is more efficient than having everything installed, and the taken them back out. At times cPanel may "complain" when things are taken out.
 
ulterios

ulterios

Well-known member
Registered
Joined
Nov 25, 2015
Messages
481
Points
0
ulterios
Ok, I was thinking that the other member meant that there were security holes that were a result of using cPanel. ;)
 
Nigel

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
gagah said:
No it's not hard, anything that's related to cpanel is well documented and pretty much point and click. I'd be more worried about configuring and hardening the server itself rather than dealing with cPanel to be honest.
Click to expand...
Thanks for the help. I have been looking into the configuring and hardening aspects and there is a lot more to learn than I thought that there would be. Hopefully I will get it figured out. Any advice on where to start learning about the best practices for these?

WPCycle said:
I will also agree with not using cPanel.

In terms of holes...that's more of a security issue of how well the server is secured. With or without a panel, there can be issues if not done properly.

But with cPanel..if the needs can be met without it. Not only does it save you money...but installing the services you need is more efficient than having everything installed, and the taken them back out. At times cPanel may "complain" when things are taken out.
Click to expand...
I have been looking at what security measures need to be looked into and taken care of. Any advice as to where to start looking?
 
gagah

gagah

Well-known member
Registered
Joined
Jan 21, 2017
Messages
86
Points
0
gagah
At first it's best to follow your OS guidelines, for example debian & centos both have a hardening guidelines on their site. But if you want something quick & fast, using tutorials provided by VPS providers will do just fine for basic hardening. Like this for example: https://www.linode.com/docs/security/securing-your-server

For more advanced stuff it will depend on your application and server configuration
 
HostYourNet-DR

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
Are you try in general to just harden the server down from attacks?.

Or you looking to stop unwanted services that you dont need to use within cPanel?
 
Nigel

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
HostYourNet-DR said:
Are you try in general to just harden the server down from attacks?.

Or you looking to stop unwanted services that you dont need to use within cPanel?
Click to expand...
A little of both I guess. Are there certain things that should always be disabled in general or is it just basically depending on each persons needs? I mean are there certain things that should be disabled by default unless they are needed?


gagah said:
At first it's best to follow your OS guidelines, for example debian & centos both have a hardening guidelines on their site. But if you want something quick & fast, using tutorials provided by VPS providers will do just fine for basic hardening. Like this for example: https://www.linode.com/docs/security/securing-your-server
Click to expand...
I didn't know they had hardening guidelines on their sites. Would those be in the support sections or should I just search Google?
 
HostYourNet-DR

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
HostYourNet-DR
I would also block ports that you do not needs within the CPanel firewall or the OS firewall.
As cPanel has a list of the port that it uses for all hosting types and just block the rest.
I do that so I've had little errors.
 
gagah

gagah

Well-known member
Registered
Joined
Jan 21, 2017
Messages
86
Points
0
Nigel said:
I didn't know they had hardening guidelines on their sites. Would those be in the support sections or should I just search Google?
Click to expand...
Centos:
https://wiki.centos.org/HowTos/OS_Protection
Click to expand...
Debian:
https://wiki.debian.org/Hardening
Click to expand...
There's also tools such as Lynis (https://cisofy.com/lynis/) to audit the security of your servers. You need to have knowledge of what you're changing if you're following recomendations from Lynis though, some of their recommendations might break something on your server.
 
Nigel

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
gagah said:
There's also tools such as Lynis (https://cisofy.com/lynis/) to audit the security of your servers. You need to have knowledge of what you're changing if you're following recomendations from Lynis though, some of their recommendations might break something on your server.
Click to expand...
Thanks. I haven't heard of these before. Are these tools free or paid?

HostYourNet-DR said:
I would also block ports that you do not needs within the CPanel firewall or the OS firewall.
As cPanel has a list of the port that it uses for all hosting types and just block the rest.
I do that so I've had little errors.
Click to expand...
Thanks. Is that list on the cpanel website or in the cpanel control panel itself?
 
HostYourNet-DR

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
HostYourNet-DR
This is a firewall guide i use when i need/have to rebuild or install and WHM on centos 6,

Port Protocol Status Service Service Name
20 TCP-UDP I/O I/O FTP File Transfer (Data Port)
21 TCP-UDP I/O I/O FTP File Transfer (Control Port)
22 TCP I/O SSH SSH, SCP copy, SFTP
25 TCP I/O SMTP Outgoing Email
37 TCP O Rdate Network Time
43 TCP O WHOIS Domain Lookup
53 TCP-UDP I/O I/O DNS Inbound only needed if you run public DNS Server
80 TCP I/O HTTP Web Server
110 TCP I/O POP3 Incoming Email
113 TCP-UDP O-O Ident Client Identification
123 UDP O NTP Network Time
143 TCP I IMAP4 Incoming Email
443 TCP I/O HTTPS SSL Web Server
465 TCP I SMTP Outgoing Email SSL-TLS
587 TCP I/O SMTP Outgoing Email
873 TCP - UDP O-O rsync File, Directory Sync
993 TCP I IMAP4 SSL Incoming Email
995 TCP I POP SSL Incoming Email
2077 TCP I WebDAV Distributed authoring
2078 TCP I WebDAV SSL Distributed authoring
2083 TCP I CPanel Cpanel SSL
2087 TCP I WHM WHM SSL
2089 TCP O Cpanel Licensing
2096 TCP I Webmail Web Mail SSL
2703 TCP O Razor email Scanning
3306 TCP I MySQL Out only if you need to connect remotely
4643 TCP I Virtuozzo Control Panel
6277 UDP O Spam Assassin
9987 UDP 1/0 TS3 Teamspeak Server
10011 TCP 1/0 TS3 Teamspeak Server
30033 TCP 1/0 TS3 Teamspeak Server
49900 - 50000 TCP-UDP Pure-FTPD FTP SSH Server
 
Nigel

Nigel

Member
Registered
Joined
Jan 16, 2017
Messages
57
Points
0
Nigel
Wow, that's great! Thanks a lot.

Did you create this guide yourself?
 
WPCycle

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
Just a note about the guide and firewalls...some ports are absolute like 53 or 995, but some ports like 22 need to be changed.
 
WPCycle

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
True, but it is safer to change that port since it is a default port that everyone knows of, and even cPanel suggests this for the same reasons (link below). A lot of managed services will close ports 20 and 21, and change port 22 before the customer has access...which also forces them to use SFTP instead of FTP.

For instance, many who use cPanel will block ports 2077, 2079, and 2095 and use the SSL ports of those instead.
 
HostYourNet-DR

HostYourNet-DR

Well-known member
Registered
Joined
Jan 13, 2017
Messages
139
Points
18
WPCycle,

That is completely correct the reason i have it open still if so i have clients that use SFTP and require current normal FYP ports to be left open in order for it to work.

I've blocked the non SSL cPanel ports and also told if they try to redirect to the cPanel SSL ones :).
 
WPCycle

WPCycle

Well-known member
Hosting Provider
Registered
Joined
Dec 31, 2016
Messages
123
Points
18
WPCycle
I forgot the link, but you get it :)

I found the only ones that needed FTP were the ones accessing their account through non FTP programs like Dreamweaver. I don't know if it's still the case, but the version from 2-3 years ago still had a very hard time connecting to SFTP, which unfortunately forces the user to use FTP even if they don't want to...or take 30 extra seconds to save the file and then transfer it using a SFTP client ;)
 
You must log in or register to reply here.
Older Threads
Nigel
Which of these is a better choice? Zimbra vs Iredmail
Replies
11
Views
28,194
JTexan
Harry P
Sendmail vs Postfix
Replies
6
Views
8,974
Hugo E.
Harry P
is x86 32 bit?
Replies
8
Views
6,466
Harry P
Dr. McKay
How to ping a port
Replies
8
Views
4,886
vpsnet
Dr. McKay
Add expires headers in Nginx?
Replies
0
Views
2,458
Dr. McKay
Newer Threads
HostYourNet-DR
OFFER HostYourNet - 10% off - UK Host Provider
Replies
0
Views
1,998
HostYourNet-DR
Mihai B.
Cheap Dedicated Servers in USA, EU, CA?
2 3
Replies
43
Views
19,442
radwebhosting
DefaultUser
Authentication vs authorization, what's the difference?
Replies
5
Views
3,362
DefaultUser
Dr. McKay
VPS in Canada
Replies
12
Views
6,670
Dr. McKay
Nigel
What is a remote desktop port?
Replies
17
Views
5,376
harry_v
Latest Threads
josephilip
Welcome to ServerMO: Excellence in Dedicated Server Hosting
Replies
0
Views
12
josephilip
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
31
cancan
M
How to Choose the Best Web Hosting Provider for a New Website ??
Replies
1
Views
33
BlueLeaf
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
129
jtti
Mvv758
Hello
Replies
1
Views
79
AlbaHost
Recommended Threads
jdunhin
what do you think of WPMUDev
Replies
0
Views
2,016
jdunhin
Wintersmith
User profile lacks socialnetwork fields
Replies
5
Views
6,103
ravemediaph_ronnie
tenthztar
How do you drive Traffic SEO?
Replies
2
Views
1,839
Cherin
hostnamaste
HostNamaste - One & Only 10% Recurring Commission Affiliate Program in Hosting Industry!
2
Replies
21
Views
7,188
hostnamaste
tunescool
Is Anyone Familiar With Cart66 for Wordpress
Replies
2
Views
2,748
tunescool
Similar Threads
J
What are the hardware requirements for GPU servers in Hong Kong?
Replies
0
Views
848
jtti
Dr. McKay
Raid: Soft or Hard?
Replies
15
Views
6,949
EuroHoster
superman2727
Difference between Software Raid and Hardware Raid?
Replies
9
Views
4,074
Daniel204
Sonwebhost
Setting up a new dedicated server where to buy hardware
Replies
13
Views
2,976
Sonwebhost
valvps
Management of electronic mails: Hardware requirement
Replies
4
Views
2,939
KnownHost-DanielP

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top