My BLOG!

Securing my new dedicated server today

Just got a new dedicated server and today I'm taking precautions to make sure it's secure and safe from hacking attempts etc.  My last hosting account was owned by a hacker, all my websites were fukked.  Later I found out that the host itself was hacked.  The owner's root password was hacked and consequently my sites were screwed over.

I found out that there are insecurities and exploits in cpanel and whm. A good hacker can easily access most root passwords with anyone's cpanel information.

So here is what I have done today!

Secure Your WHM/cPanel Linux Server

Here are 10 steps to make your server just a little bit more secure. This is very basic security but it is necessary.

1) Login to WHM.

2) Go to Server Setup > Tweak Settings

3) Check the following items...

- Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
- Attempt to prevent pop3 connection floods
- Default catch-all/default address behavior for new accounts - blackhole
- Use jailshell as the default shell for all new accounts and modified accounts

4) Go to Server Setup > Tweak Security

Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.

5) Go to Server Setup > Manage Wheel Group Users

Remove all users except for root and your main account from the wheel group.

6) Go to Server Setup > Shell Fork Bomb Protection

Enable Shell Fork Bomb/Memory Protection

7) Go to Service Configuration > FTP Configuration

Disable Anonymous FTP

8) Go to Account Functions > Manage Shell Access

Disable Shell Access for all users (except yourself)

9) Go to MySQL > MySQL Root Password

Change root password for MySQL, by default this is set to nothing which is a HUGE security risk.

10) Finally make sure your cPanel and all features are up to date including scripts, backend etc.