Here are some Steps that can help you to secure your cPanel Dedicated Server:-

1) Use secure passwords:

Insecure passwords is the most common security problem for many servers. If an account password is not secure and is compromised, client websites can be Hacked, infected, or used to spread viruses. Having secure passwords is paramount to having a secure server. Commonly, a password having at least 8 characters including alphanumeric and grammatical symbols is enough. Never use passwords that are based upon dictionary words or significant dates because it is pretty much easy to crack that. You can also edit /etc/login.defs to configure many password options on your system which is well documented.

2) Secure your SSH:

Disable password authentication and enable public key authentication for SSH. Move SSH access to a different port. People are looking for port 22 as a simple way to log in to your servers. Moving SSH to a different port will make it easier to prevent those without specific knowledge of your server from easily finding out your SSH port. You should always use SSHv2 only as SSHv1 is not at all secure. You can also set Shell Resource Limits for your users to prevent applications and scripts from using all up your resources and taking down your server.

3) Secure Apache:

The most simple source available to access a web server is the web server application. So it is pretty important to make your Apache installation secure.

a) The best tools for blocking malicious Apache use is mod_security.

b) When assembling Apache, you should include suexec to make sure that CGI applications and scripts run as the user that owns / executes them. This will help to identify where malicious scripts are and who is running them. It will also enforce permission and environment controls.

c) It is also suggested to compile Apache + PHP with PHPsuexec. PHPsuexec forces all PHP scripts to run as the user who owns the script. The meaning of this is that you will be able to recognize the owner of all PHP scripts running on your server. If one is malicious, you will be able to find it’s owner in a short time and resolve the problem.

d) Enable PHP’s open_basedir protection for the reason that this protection will prevent users from open files outside of their home directory with PHP.

e) Additionally, you may possibly include safe_mode for PHP 5.x and below. Safe_mode makes sure that the owner of a PHP script matches the owner of any files to be operated on.

4) Secure your /tmp partition:

It is advised that you use a separate partition for /tmp which is mounted with nosetuid. Nosetuid will force a process to run with the privileges of it’s executor. You may also wish to mount /tmp with noexec after installing cPanel. Check the mount man page for more information.Also, Running /scripts/securetmp will mount your /tmp partition to a temporary file for extra security.

5) Disable daemons and services that are not in use:

Any service or daemon that lets you establish the connection to your server is away for hackers to gain access. To moderate security risks, you need to disable all services and daemons that are not being used.

Segnala presso:

Related posts:

1. How to Improve Security on Dedicated Servers?
2. Is Dedicated Hosting Server Safe?