Securing cPanel server
There is no guarantee you can make your server 100% secure. But you may prevent the worst of if pay attention to following
I have earlier posted tips on securing web server methods in general.All the above Securing methods are applicable in cPanel servers as well, however, cPanel being
a much more common panel for webhosting, there is a few additional tips as below:
• securing /tmp
just use the script /scripts/securetmp
• RDNS
Since cPanel is a mail server as well, make sure that the mail outgoing IP has a RDNS set. It
will prevent the server IP from being blacklisted by third party spam controllers.
• Spf records and domainkeys.
These if added will improve the email authentication for outgoing mails.
• exim extended logging
This adds valuable logging information to your exim_mainlog file so that you can determine
where messages are coming from, who's sending the message and from what directory in server
the mails are originating from, if your seeing mail leaving as nobody. In addition, it adds very
useful information to exim_mainlog to help you decipher email coming and going.
Just add the below to the exim.conf
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery
+delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection
+queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject
+skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error
+subject +tls_cipher +tls_peerdn
•
Enable SuPHP
Enable open_basedir
Disable system compilers
Enable cphulk protection
Enable sell fork bomb protection
Limit outgoing mails for accounts
in WHM > Tweak settings, there are many options which can be enabled/disabled depending
upon the server nature.
Reply to this post
Post a Comment