How to secure a WHM/cPanel?

Kaz Wolfe

Kaz Wolfe

Well-known member
Registered
Joined
Jul 7, 2016
Messages
609
Points
28
I installed WHM/cPanel on my server but seem i am just using default setting from them. Does WHM need to improve security? if yes how to do? can you tell me the ways?
 
H

HostechSupport

Active member
Registered
Joined
Jan 19, 2013
Messages
68
Points
8
WHM - Server setup - Tweak Security:

Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection
WHM - Account Functions:

Disable cPanel Demo Mode
Disable shell access for all accounts(except root)
WHM - Service Configuration - FTP Configuration:

Disable anonymous FTP access
You can enable cPHulk install csf firewall and change your SSH port number to custom one. That would be enough.
 
mobin

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
Since you want to do this yourselves..you should do a lot of research, read multiple articles, compare/collect the steps and compile a list that suits best. If you google "cpanel server hardening" you can find lot of articles to secure your cPanel server.
 
bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Best answer
Most of the information is about adding security to your hosting server, which is what you need.

  • I have heard use of fail2ban, CSF, regularly for firewall.
  • Brute force protection on sites(application layer), is also good
  • Ensure you have offsite backup
  • Have File Change monitoring to keep track of file changes, which helps you catch suspicious files early
  • Run ssh on different port, only known to you
  • I am guessing anonymous FTP should already be disabled, by default
  • Use cgroups, based file isolation(Eg CloudLinux). To protect from cross site contamination
  • If you can enable Strict SSL for FTP(instead of optional). Basically forcing end users to use FTPS
  • ClamAV, rkhunter for basic malware protection
  • Ensure that sites are running latest updates
  • Modsecurity for local WAF
  • If you are giving ssh access, enforce strong password policy
  • Disable root login for ssh
  • Remove unnecessary services
  • Disable compilers
  • Restrict new outbound traffic, if you can. Prevents some reverse shells.
 
bountysite

bountysite

Well-known member
Registered
Joined
Oct 11, 2017
Messages
109
Points
28
Try using BountySite.
BountySite downloads all files in the first backup and stores in revision control. Subsequent backups are only incremental. In case there are file changes, BountySite notifies with files created, modified and deleted summary, on backup, via mail(text only) and control panel notification.
Site owner is the best person to judge whether the file change is unauthorized. Site owner can then decide to revert back or delete file(s).

Dormant sites can be protected by using Stable operating mode, in which case all file changes are considered as unauthorized, and are auto reverted to a specific snapshot.

BountySite has storage nodes across the globe, choose one close to your Hosting server location for best performance.
 
AlbaHost

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
808
Points
43
And enable 2FA aswell ;)
 
DaRecordon

DaRecordon

Well-known member
Registered
Joined
Oct 7, 2016
Messages
247
Points
18
AlbaHost

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
808
Points
43
AlbaHost
2FA, two factor authenticator. The benefit is, even if someone got/hacks your whm cpanel root/username with password he still cannot login because he need your phone generated app code to type which is impossible to get that. You know, the more secure the better ;)
 
You must log in or register to reply here.
Older Threads
W
What are some of the top Chat API Providers?
Replies
4
Views
2,360
Shivangi1507
Mujkanovic
Monitor health of a server?
Replies
11
Views
4,117
David Beroff
A
How to choose a hosting provider? What websites contain trustworthy reviews?
2 3 4
Replies
64
Views
19,759
WanSko
webhostuk
Looking for Fully Managed dedicated Servers in UK? try WebhostUK.Co.UK
Replies
2
Views
1,485
webhostuk
cheapestwebhosting
CheapestWebHosting.net $0.1/month // Cheapest but Reliable // Fast 1Gbps
Replies
5
Views
2,076
zainhosting
Newer Threads
Kaz Wolfe
Which DDoS protection service to buy?
Replies
15
Views
4,244
Jogel2
Kaz Wolfe
How can Plesk Onyx stop DDoS attacks?
Replies
10
Views
3,549
bountysite
Mihai B.
Which cache providers work with PHP 7.2.x?
Replies
2
Views
1,373
kiosta
Mihai B.
Which is faster and better for caching, File System cache or Redis or Memcached?
Replies
4
Views
3,119
Localnode
Kaz Wolfe
Forum or Forums in URL?
Replies
6
Views
2,698
Ash
Latest Threads
J
Are cloud servers cheaper in cost than traditional servers?
Replies
0
Views
30
jtti
DemoTiger
90% of consumers want to see more videos from brands.
Replies
0
Views
27
DemoTiger
J
Understanding Cloud Server Network Metrics: Key Performance Indicators
Replies
0
Views
33
jtti
J
Jtti Black Friday flash sale: 80% off annual payment for unlimited cloud servers, starting at $24.62/year, 2C2G in Hong Kong as low as $4.3/month
Replies
0
Views
63
jtti
Emily Routledge
Best Laptop recommendations for Work and Casual Gaming around $1000?
Replies
0
Views
135
Emily Routledge
Recommended Threads
Colombiawebs
Colombiawebs - Streaming Tv Station and Streaming Video Live - Panel Media CP [Paid]
Replies
0
Views
1,600
Colombiawebs
jkeypad
Single server VPS and Cloud VPS differences
Replies
4
Views
4,098
stackarc
David Beroff
.host and .hosting Domains - Good or bad for business?
Replies
6
Views
3,074
Chris Worner
M
Please review PlotHost.com - Cheap Hosting Services
Replies
1
Views
2,471
Marc0
Andre
Share Your Favorite Songs
Replies
12
Views
5,021
diegozacarias
Similar Threads
harrygreen90
What should I change on the DirectAdmin control panel to make my server more secure?
Replies
10
Views
2,223
David Beroff
BlueLeaf
How to Secure Email Communication with an S/MIME Certificate?
Replies
0
Views
868
BlueLeaf
Dopani
How do I configure and manage SSH (Secure Shell) access to my VPS?
Replies
3
Views
1,162
David Beroff
Solarcom
Fast&Secure Swiss hosting for you | Solar Communications | DISCOUNT HERE!
Replies
3
Views
927
Solarcom
T
Is centos web panel secure?
Replies
7
Views
2,856
Chris Worner

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top