Server security is something that should never be overlooked. One day or another, chances are your server will be under attack and the integrity of your data will be at risk, not mentioning you may lose potential and existing customers in the process. By : http://mazaseo.net

1. Server security is something that should never be overlooked. One day or another,
chances are your server will be under attack and the integrity of your data will be at
risk, not mentioning you may lose potential and existing customers in the process.
By :mazaseo.net
Secure your Cpanel in 9 advanced tips
How to secure web hosting cpanel?
1. Updating cPanel
The first thing you want to do is to make sure you have the latest version of cPanel
running. You can update cPanel by going to “WHM > cPanel > Upgrade to Latest
Version”. You can also achieve the same thing using this command line:
# /scripts/upcp --force
In order to have your server updated automatically, I recommend you enable daily
updates by going to “WHM > Server Configuration > Update Preferences”:
2. Disable FTP Use by Unknown User

2. Unknown users can upload files to your web server if the settings allow them to. To
make sure that only authorized users have this capability, disable “Allow Anonymous
Uploads”, as well as “Allow Anonymous Logins”. To access this option, click WHM,
go to Service Configuration then FTP Server Configuration.
Server security is something that should never be overlooked. One day or another,
chances are your server will be under attack and the integrity of your data will be at
risk, not mentioning you may lose potential and existing customers in the process.
Read Also:
 How to Choose the Best Web Hosting
 14 Tips to Speed Up a Website by 70%
 Liste of BackLinks Org, Edu High Quality
3. Securing SSH
SSH is among the services mostly vulnerable to Brute Force Attacks. The default SSH
configuration allows root access on the default port (22). Here’s how to secure the
SSH daemon:
Establish an SSH connexion to your server and connect as root.
Edit the SSH daemon configuration file:
# nano /etc/ssh/sshd_config
Set a different port for incoming SSH connections by changing this line:
Port 22
to:
Port 22200
You don’t have to use port 22200 as mentioned above. Refer to this list of common
TCP/UDP ports to find a port number that isn’t already in use.
Disable SSH root login by changing this line:
#PermitRootLogin yes
to:
PermitRootLogin no
Save the file and restart the SSH daemon:
# service sshd restart
In order to gain root access through SSH, you will now need to log on as a regular
user and then become root by issuing the command:
# su - root
Note that you will first need to add the desired users to the wheel group (WHM >
Security Center > Manage Wheel Group Users).

3. 4. Remove Accounts That Are Not Needed
Accounts in your web server must have the right privilege to make sure that users
only have access to appropriate files and features. Since these accounts are vulnerable
to hacking, it’s best to remove those that are no longer used or needed.
5.Securing cPanel and WHM Access
When using an unsecured connection to cPanel and WHM, your username and
password are sent as clear text over the Internet. It is advised to use SSL to secure all
accesses to both control panels. From WHM, click on “Server Configuration > Tweak
Settings” and configure the redirection parameters as follow:
6. Increasing Required Password Strength
You can force your users to use more complex passwords by going to “WHM >
Security Center > Password Strength Configuration”.
7. Use a Rootkit Scanner
A rootkit is a malicious program that gains access to your server without being
noticed. It can’t usually be detected by anti-virus applications. This is why a rootkit
scanner must be installed to further protect your system.
In order to detect rootkit on a cPanel server, you will need to install a rootkit scanner
such as the Rootkit Hunter:
 Log on to your server through SSH as a regular user and then become root:
# su - root
 Download the latest version of rkhunter from rkhunter:

4. #
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0
/rkhunter-1.4.0.tar.gz
 Extract the content from the archive:
# tar xvzf rkhunter-1.4.0.tar.gz
 Launch the installer:
# cd rkhunter-1.4.0
# ./installer.sh --install
 Fill the file properties database:
# rkhunter --propupd
 To scan for rootkits as root, run the following command:
# rkhunter --check
8. Enable your Brute-Force Protection
By setting your value of your Brute-Force Protection parameter, you will make sure
you repeatedly unsuccessful close any attempts of an intruder to access your server
using an IP address that may make your IP address to be blocked.
After a specified time, cPanel will again accept a login attempt to be made from the IP
address concerned. To activate this functionality, go to “CPHulk Brute-Force
Protection” in “Security Center” and click on “Enable.”
The “IP Deny Manager” option will also allow you to specify a particular IP address,
domain name, or range of IP addresses to be blocked from accessing a site managed
with cPanel.

5. 9. Installing a Firewall
There’s no point in tempting fate and just hoping hackers or viruses won’t get into
your cPanel installation. CSF (ConfigServer Security and Firewall) is a popular
firewall application for cPanel servers. It also gives recommendations about how to
increase security.
Installing CSF is quite easy:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Once you’ve installed CSF, go to “WHM > Plugins > ConfigServer
Security&Firewall” and click on “Check Server Security” to get a list of tips to secure
your web server.
Don’t forget to open the new SSH port you’ve defined earlier otherwise CSF will
block it. To do this, go to “WHM > Plugins > ConfigServer Security&Firewall >
Firewall Configuration”. Find the parameter named “TCP_IN” and add the SSH port
to the list.