|
|
You can improve the security setting in WHM and linx through the following steps
|
|
|
1 |
Install mod_security with custom rules |
|
|
|
Install an Apache module that blocks hacking attempts attempted over the http protocol. Great at blocking SQL Injections and other hack attempts with custom LLH rules. |
|
|
Try running a command on our site using syntax that many hacks use. This command which would normally present the hacker with some form of control over your server is blocked and presents a 406 error message. Press the Alert icon to try it now! |
|
2 |
Install root login email notifications |
|
|
|
Get an email from your server when someone logs into shell as root user |
|
3 |
Install ClamAV with 280,000+ virus definitions |
|
|
Installs an open source antivirus scanner with daily updates. |
|
4 |
Update Perl to latest version |
|
|
Update your server to use the latest Perl version available with cPanel. |
|
5 |
Install Rkhunter and set cronjob |
|
|
Installs Rootkit Hunter on your server and runs a daily scan for rootkits. |
|
6 |
Upgrade kernel to latest version |
|
|
Upgrade server kernel to the latest one available from Linux distro vendor |
|
7 |
Update server with yum |
|
|
Update server with latest packages from distro vendor |
|
8 |
Disable insecure and unneeded services |
|
|
Disables OS services that aren't need on a server |
|
9 |
Disable anonymous FTP |
|
|
Disallow anonymous access to server's FTP |
|
10 |
Update cPanel to latest Release version |
|
|
Update cPanel and set daily automatic updates for Release branch for latest in features and stability. |
|
11 |
Disable insecure php functions |
|
|
Disable insecure php functions like system, exec, and many more from running on the server. |
|
12 |
Enable open_basedir |
|
|
Prevents users from opening files outside of their directories with PHP. |
|
13 |
Enable suexec |
|
|
Makes all CGI programs run under user ID of account owner |
|
14 |
Force SSHv2 access only |
|
|
Change OpenSSH configuration so that only secure SSH version 2 connections can be made to the server. This disables Telnet and SSHv1. |
|
15 |
Change SSH default port number |
|
|
Set port for SSH access to non-default number to prevent hacking attempts |
|
16 |
Install and configure ConfigServer Security and Firewall |
|
|
Install a fully featured iptables-based firewall and configure it for maximum security. This included Login Failure daemon to block repeated login failure hacking attempts. |
|
17 |
Set server to drop connections from IPs based on Spamhaus and DShield DROP lists. |
|
|
Server will block all connections from IPs in the block lists of Spamhaus and DShield DROP lists at the firewall. |
|
18 |
Extend exim logging |
|
|
Extend the details exim logs to help catch spamming |
|
19 |
Prevent users from parking/adding on common internet domains |
|
|
Unless you're hosting Google.com, this will keep common domains from being put on your server. |
|
20 |
Disable compilers |
|
|
Disable compilers for unprivileged |
|
21 |
Set maximum emails sent per hour |
|
|
|
Allow only 5000 emails to be sent per hour from your server (or some other specified number) |
|
22 |
Enable mod_userdir Protection |
|
|
|
Disables the Apache feature that allows the bypassing of server's bandwidth measuring feature for accounts |
|
23 |
Modify maximum resources Apache can use |
|
|
Set RLimitMEM and RLimitCPU to prevent runaway scripts from using too many resources (as often happens in DoS attacks.) |
|
24 |
Set root forwarder |
|
|
Ensure that critical server emails are being delivered to server admin |
|
25 |
Enable Shell Fork Bomb Protection |
|
|
Keeps users logged into ssh from using excess resources causing a DoS attack. |
|
26 |
Enable Background Process Killer |
|
|
Searches for an kills bad background processes like ircd, bnc, and eggdrop amongst others. |
|
27 |
Check and secure various tmp objects |
|
|
Check /tmp, /usr/tmp, and /var/tmp for correct permissions and ownership |
|
28 |
Set correct server runlevel |
|
|
Set server so that it starts in a secure multi-user environment. |
|
29 |
Install ConfigServer Explorer |
|
|
Installs a file system explorer in WHM with many useful features. |
|
30 |
Install ConfigServer Main Queues |
|
|
Installs a visual interface to interacting with the exim mail queue. |
|
31 |
Install ConfigServer Mail Manage |
|
|
Allows the editing view and management of client email accounts and quotas from within WHM without having to log into their cPanel account |
|
32 |
Update Apache to latest version of 2.2 |
|
|
This version provides many security, performance, and feature benefits over the older 2.0 and 1.3 versions |
|
33 |
Update PHP to latest version of 5.2. |
|
|
Provides many new features and performance improvements over 4.x and security benefits over other 5.x versions. |
|
34 |
Install Zend Optimizer, Ioncube Loaders, and SourceGuardian Loaders |
|
|
Enables the loading of of Zend, Ioncube, and SourceGuardian protected scripts. |
|
35 |
Install Suhosin |
|
|
SuHosin protects servers and users from known and unknown flaws in PHP applications and the PHP core. |
|
36 |
Install and enable suPHP |
|
|
|
suPHP is a tool for executing PHP scripts with the permissions of their owners. Runs PHP scripts under the user's account instead of the universal and insecure 'nobody' user. |
|
|
Click on the Alert icon to read our help file for customer who are having issues caused by suPHP. |
|
37 |
Install EAccelerator |
|
|
eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. |
|
38 |
Add PHP Mail Header Patch |
|
|
PHP Mail Header Patch allows spam (and all mail) sent via PHP's mail() to be sent with a header line that tracks where it came from. |
|
39 |
Enable IP spoofing protection |
|
|
Prevents IP spoofing and DNS poisoning |
|
40 |
Two Weeks of free Limitless Security Service related tickets |
