Tips and Tactics: Securing a cPanel Server | AltusHost

Our Blog

Tips and Tactics: Securing a cPanel Server

Altus Host

Nowadays, you can find any business over the internet.
A website is the common showcase portal for any category. Even several corporates are just creating and maintaining sites to show that they do not possess outdated strategies.

A website can’t be online without a proper domain name and extension, and good and reliable web hosting.

Domain: It is the name of the website or a business existence. By clicking the website name, a user can able to reach over the page of a particular business. Numerous intelligent consider key points while selecting a domain for their website.

Hosting: The design and look of each website are only shown through a set of files. And hosting is just like a tenant place where the business website kept those files.

It means that if any hacker wishes to hijack a website, he has to access the file(s) over hosting server. Once, he succeeded to enter the server, he can easily add, edits, or deletes files that harm your website. Therefore, it is necessary to secure the cPanel server to avoid any hacking and attack.

It is another hectic for executives to save their virtual showcase from any attack. For achieving this target, usually, they pay high to a freelance person for this job or hire a guy. Now you don’t need to pay, just follow the below steps and remain protected.

1) cPanel login must be unpredictable

A quite many times, it has been observed that people set the login credentials as simple as they can. This is a practice to remember the login details easily. But why?

Attackers investigate some of the pages and predict numerous possible username. This is the initial and helpful step in the hacking process. Website developing experts suggest changing the login initially. It should be different as compared to your business category. Keep in mind that various folks change the username which looks like the same from the hijacker’s point of view.

Example: If you are a hosting provider, and you have changed the name to “besthosting” or “hostingexpert”, it is still matching with your work. The suggestion is to make it entirely different like “expertguy” or “bestmommy”.

2) Strong password

One of the most security issues happened due to the anticipation of an easy password. The second most essential thing to keep unpredictable is a password. It should be strong. For making it authoritative, you have to include the below points:

a. The allowed length will be 26 characters, but should not be less than 8 characters.

b. At least one character of the password must be uppercase (capital letter).

c. At least one numeric character should be included.

d. A special character must be added within the password. Check the hosting portal instructions because some signs may be obligatory to use in this field. Hence, benefit from the permissible ones.

If the control panel provides a password strength calculator, then try to achieve 100% power or as closest you can.

Tip: Professional friends suggest renewing the password every six months.

2) Update cPanel

Every panel and plugin tries to upgrade their system and make it more secure without affecting the functionality. In fact, they intend to raise efficiency also. That’s why, it is recommended that whenever an update notified to you, visit the plugin channel, read which controls have been updated and what will be the expected results. If all these analyses help you to configure that the upgrading is worthy, install the update.

Furthermore, when you notice any issue, immediately contact the developer and convey the problem so that the concerned guy fix it quickly.

Tip: WHM > cPanel > Upgrade to Latest Version

3) Apply Brute-Force Security Logout

Brute-Force is a method related to trial and error. These trials have been attempted through software or application. The purpose is to decode and know the password.

The application brute-force will allow a particular number of unsuccessful attempts from the same IP. After a failure of the total login trials, the plugin blocked that IP for a specific time. There are several plugins you can use like “cPHulk Brute-Force Protection.” This software also allows exceptions. Through this feature, you can exempt your own IP as well as a list of IPs through “Whitelist Management.”

Tip: Login to WHM > Security Center section > cPHulk Brute Force Protection.

4) Secure Apache & PHP

cPanel allows to build and compile Apache and PHP using EasyApache easily. It is the most readily available way to access a server is the web server application. You must secure your Apache installation.

Tip: Login to WHM > Softwares > EasyApache (Apache Update)

Enabling ModSecurity in your server is another method. You can define rules there. Those rules will check each request trying to access the server. If the call match with defined guidelines then the handler gives permission otherwise block such trial.

Tip: a. Login to WHM > Plugin > ModSecurity

b. Configure suPHP as the PHP handler and suEXEC for executing the CGI scripts in the user privilege. Permit suPHP and suEXCEC through below path:

WHM > Service Configuration > suEXEC

c. Change the PHP handler to suPHP, Turn Apache suEXEC to ‘ON’ and click Save New Configuration.

d. Allow PHP open_basedir safety for preventing PHP scripts from the root directory outside files.

WHM > Security Center > PHP open_basedir Tweak

e. Click the tick box to enable PHP open_basedir security. After enabling the checkbox click a button showing “Save”.

f. Now disable some essential functions by changing to register_globals: Off

  • passthru
  • show_source
  • proc_open
  • exec
  • system
  • phpinfo
  • allow_url_fopen
  • shell_exec
  • popen

WHM > Service Configuration > PHP Configuration Editor > Choose Advanced Mode

g. Hit save button and reboot the Apache server once made all mention above changes.

5) Install a Firewall

I am sure that you have heard about the firewall. It is a barrier for the untraceable hit. Moreover, this shield also blocks all the unidentified software & connections to keep your online data secure. Thus, it is helpful to control such unauthorized accesses.

Malware software and virus affected files harm the systems. Attackers first try to add an infected file. Once they found such incorporation, then undesired data will be executed, and your server might be hacked for adverse consequences.

6) Protect SSH

SSH is the abbreviation of Secure Shell. It is a portal to access the server. The non-technical audience can understand SSH as a gateway to get entrance to the server. Change its default setting carefully as mentioned below:

Change default port

A default setting allotted by hosting company is “Port 22” which is known by numerous attackers. Select another number and change the value of port like Port 2255, Port 125, Port 521, or anything you want.

Disable login “Root”

A predefined login username is “Root” which should be changed to something else. Hacker knew that most people change the passwords but never tend to revise the login name. But professional IT concern always recommends changing it also.

Disable SSH v1

If you investigate for SSH protocol, you surely find the value “Protocol 2,1” that is insecure. Change it to “Protocol 2”.

7) Examine Plugin before Installation

Never assume that you are safe. Until an outside user is connecting with your server regardless of serving purpose or services availing purpose, the chances of being insecure are still possible.

Several folks are recently getting help from plugins established by an unknown developer. You don’t know how much do the programmer cared for the security. In fact, my experience is that most free plugins contain bugs and error. Hacker targets such plugin that will become a gateway for them. Therefore, I recommend either install a paid plugin or read the reviews and check it supports.

Moreover, numerously people integrate a plugin and notice after a few months that it is useless or the alternative is better than this. They use to disable it but not delete. It is one of a big mistake. Occasionally, visit this section and remove the unused plugin for maintaining the prevention.

Incorporate Innovation Carefully

As we all knew that technology is upbringing itself day by day. Inventions are influencing our routine life. We can’t live and survive without these innovations because we may be handicapped. Each assistant must contain both advantageous and harmful effects.

Similarly, the virtual world is introducing a fresh revolution. Thus competitors and attackers upgraded their cruel intentions as well. If we wish to remain safe, we need to avoid those updated but how do we grow the business in the robotic world.

In order to keep your confidential data and complete site secure, you have to set the safety parameters within the server. Mentioned above points are mandatory to keep your hosting server updated and secure.

About the author: Stella Lincoln is a web development engineer at Academist Help. She did her masters in computer science and had a vast experience of web application creation. Stella is scripting blogs at MHR Writer relevant to her field. She often guides young girls as career counseling. She loves cooking and watching IT related movies.

Recent Articles