Securing cPanel server

There is no guarantee you can make your server 100% secure. But you may prevent the worst of if pay attention to following 
I have earlier posted tips on securing web server methods in general.All the above Securing methods are applicable in cPanel servers as well, however, cPanel being

a much more common panel for webhosting, there is a few additional tips as below:

• securing /tmp
   just use the script /scripts/securetmp

   Since cPanel is a mail server as well, make sure that the mail outgoing IP has a RDNS set. It
  will prevent the server IP from being blacklisted by third party spam controllers.

• Spf records and domainkeys.
   These if added will improve the email authentication for outgoing mails.

• exim extended logging
   This adds valuable logging information to your exim_mainlog file so that you can determine
  where messages are coming from, who's sending the message and from what directory in server
 the mails are originating from, if your seeing mail leaving as nobody. In addition, it adds very
useful information to exim_mainlog to help you decipher email coming and going.
Just add the below to the exim.conf
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery
+delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection
+queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject
+skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error
+subject +tls_cipher +tls_peerdn

Enable SuPHP
Enable open_basedir
Disable system compilers
Enable cphulk protection
Enable sell fork bomb protection
Limit outgoing mails for accounts
in WHM > Tweak settings, there are many options which can be enabled/disabled depending
upon the server nature.


Reply to this post

Post a Comment