In this article i will describe best methods, techniques and tools to secure a VPS or Dedicated Server especially having WHM/cPanel as web hosting control panel.
It is very necessary to ensure the 99.9% security of the server so you will be stay safe from hackers. Follow the below steps to secure your server.
Install FireWall
First of all you should install any firewall software that limits the access to your server on some ports and blocks the ip whether temporarily or permanantly.
I would suggest you CSF with BFD or APF. Tutorial on installing CSF is already discussed see here :
https://websterz.pk/security/installing-csf-to-prevent-ddos-attacks/
Harden SSH Access
SSH attacks are often used method to access the server through bots, Most servers get hacked from SSH server, to prevent the SSH attacks you need to harden your SSH server security to do this you should consider the following instructions:
- Run SSH on other port rather than default port 22
- Disable root login
- User only protocol 2
- Enable public key authentication
Disable Telnet
# nano /etc/xinetd.d/telnet
# nano /etc/xinetd.d/krb5-telnet
# chkconfig telnet off
Harden PHP Security
PHP is mostly used language for apache and mysql, You should ensue the security measurements for the PHP. Follow the below instructions:
You will need to disable some PHP functions from the configuration file to do so run these commands from the ssh:
# nano /usr/local/lib/php.ini
Find the following lines and add the text as given below:
disable_functions =Replace with : disable_function = exec, system, shell_exec, passthruregister_globals = onReplace with : register_globals = offexpose_php = onReplace with : expose_php = offmagic_quotes_gpc = offReplace with : magic_quotes_gpc = on
Disable OpenDNS Recursion
It is very important to disable recursion if you are using BIND as a DNS server, to check your server’s DNS statistics go to http://dnstools.com you should disable recursive lookups for the DNS, to do so follow these steps:
# nano /etc/named.confUnder the Options {
Options {recursion no;
# service named restart
Install Mod Security
Mod security enables you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities. You should have installed MOD Security especially when you are web hosting provider.
Installation on cPanel/WHM server:
- Go to cPanel/WHM > Plugins > Enable Mod_Security > Save
- And you are done! you will see new link to Mod Security at the bottom of WHm/cPanel’s left side menu under Plugins Tab
Install Mod_Evasive
This module offers DDos protection for the apache, you should have installed the on your linux server.
Complete tutorial can be found here:
Install RkHunter
RkHunter is a root kit scanner, it scans for vulnerabilities, insecure files, malicious scripts, backdoors in the system, it is must have tool for the system.
# yum install rkhunter
# rkhunter –checkall
# rkhunter -c
# rkhunter –help
Install PortsEntry
This tool allows you to detect port scan and report them. You must install this tool to increase the security.
# wget http://downloads.sourceforge.net/project/sentrytools/portsentry%201.x/portsentry-1.2/portsentry-1.2.tar.gz# tar zxf portsentry-1.2.tar.gz# make linux# make install
Install ClamAV antivirus tool
It provides virus scanning of the system, you should have installed this antivirus tool on your system.
Tutorial is availabe here :
https://websterz.pk/whmcpanel/insalling-clamav-antivirus-tool-on-your-server/
All above instructions and tools are necessary for the server’s security, and should be installed on the server especially for web hosting providers.
You feedback are welcome here 🙂