After installing cpanel in dedicated or vps server, you should make below security check’s on your server to avoid hacking/unwanted access.
Check the below common settings are ON/OFF properly on server.
Home » Server Configuration » Basic cPanel & WHM Setup
- Basic cPanel & WHM Setup : (Contact Information) Update your email address to receive alerts from server.
- Basic Config : Check the server shared IP address whether its correct or not.
- Nameservers : Check once again your nameservers & its IP address are correct.
Home » Account Functions
- Manage Shell Access : Set Disabled Shell to all users.
- Manage Demo Mode : Don’t enable demo mode to any users.
Check the below Tweak settings are ON/OFF properly on server.
Home » Server Configuration » Tweak Settings
- Always redirect to SSL : On (When ever if you open cpanel, whm & webmail it will be redirected to https)
- Proxy subdomains : Off
- Horde & RoundCube webmail : Off
- Allow Remote Domains : Off
- Require SSL : On
- Prevent cPanel users from creating specific domains : Off (User’s can’t add or park common Internet domains, Like(gmail.com, yahoo.com,etc..)
- Initial default/catch-all forwarder destination : Fail
- BoxTrapper Spam Trap : Off
- Allow cPanel users to reset their password via email : Off
- Blank referrer safety check : On
- Use cPanel jailshell by default : On
- Email password reset : Off
- Send passwords when creating a new account : Off
- Blank referrer safety check : On
- Referrer safety check : On
Check the below Apache settings are ON/OFF properly on server.
Service Configuration » Apache Configuration » Global Configuration
- SSL Cipher Suite : ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH PCI
- Trace Enable : Off
- Server Signature : Off
- Server Tokens : ProductOnly
- File ETag : None
- Max Requests Per Child : 1000
Check the below PHP settings are ON/OFF properly on server.
Home » Service Configuration
- PHP 5 Handler : Should be “suphp”
You may edit your PHP configuration in Basic Mode or in Advanced Mode.
- enable_dl = Off
- register_globals = Off
- disable_functions = “show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set”
You can make this changes from ssh itself @ /usr/local/lib/php.ini
Cpanel Security Center Settings
Check the below Security Center settings are ON/OFF properly on server.
Home » Security Center
- Configure Security Policies : password strength more then 50
- PHP open_basedir Tweak : Enable
- Apache mod_userdir Tweak : Enable
- Compiler Access : Enable
- Manage Wheel Group Users : This group controls which users can use the system’s `su` utility.
- Shell Fork Bomb Protection : Enable
- cPHulk Brute Force Protection : Enable
Check the below FTP settings are ON/OFF properly on server.
Home » Service Configuration » FTP Server Configuration
- TLS Encryption Support : Disable ( While connecting ftp from FTP client use “Encryption = FTP over TLS”)
- Allow Anonymous Logins : No
- Allow Anonymous Uploads : No
- Allow Logins with Root Password : No
I have strongly recommended to install free firewall such as CSF or APF for more protection. And finally restart the apache webserver.
2 Comments on “How to secure cpanel server”
I am really loving the theme/design of your weblog.
Do you ever run into any web browser compatibility issues?
A few of my blog readers have complained about my site not working correctly in Explorer but
looks great in Firefox. Do you have any advice to help fix this issue?
Just visit http://syslint.com/Server-Security-Hardening plans to have better secured server