May 20, 2008

Control panels make administering your server very simple and give you the ability to increase your dedicated server’s security in a just a few clicks of the mouse. I’m going to show you just a few of the many security options the WHM/cPanel has built in to protect your cPanel dedicated server.

In order to defend your server you need to protect the ways someone might try to gain unauthorized access to your server. Two of the most popular ways to gain access on a WHM/cPanel server are through the root password and through the Apache web server. So here are a few things to protect your dedicated server.

Enable cPHulk Bruteforce Blocker
The best way to secure your server is to not offer a connection to a service, but in most cases that isn’t possible. In most scenarios you might need multiple people to have the capability to login from any location. That’s where cPHulk comes in.

When cPHulk detects a brute force attack, it responds by disabling authentication to your vital services: cPanel, WHM, SSH, FTP, IMAP, and POP3 from further attacks by that IP address.

cPHulk is unnoticeable to the attacker, authentication attempts will appear normal, even when disabled. Thus, you get more information about attacks. The easy to use user interface. You can even customize authentication thresholds and lock out times!

To access the cPHulk Brute Force Protection feature, click on Security, on the main screen of your WHM interface, then click on Security Center. When the page opens click on cPHulk Brute Force Protection. Click on the Enable button to enable cPHulk Brute Force Protection. Here you can customize cPHulk to meet your needs and protect the server.

JailShell
If someone does gain access to your server through a shell account, you can limit the damage they can do by using jailshell as the default shell for all new accounts and modified accounts. Jailshell is a very limited shell that allows clients to logon to your server via SSH. It limits them to their home directories, keeping the rest of your files on your server from being viewed.

You can enable jailshell as the default shell for new and modified accounts by going to Tweak Settings under Server Setup on the WHM main page. Scroll down to System and check the box next to Use jailshell as the default shell for all new accounts and modified accounts..

Enable Mod_Security
You could keep your entire server up to date with the latest patches and updates, but it won’t do you any good if you have insecure code running on your webserver. Today remote buffer overflows have been replaced with sql injections and php script exploits
Mod_Security is an open source intrusion detection and prevention engine to protect web applications from known and unknown attacks.

To install mod_security you need to compile it into apache using easyapache. Once that is done you can view attempted attacks on your apache server by going to WHM, click on Add-ons in the main screen of your WebHost Manager interface, Click on Mod_Security and the list of security violations will be shown.

While we don’t guarantee these steps will make your server fully secure from attacks, it will greatly reduce your chances of compromise. If you need help in setting up any of these security features please submit a ticket at https://control.singlehop.com
For more information please check out these pages

http://www.cpanel.net/security/

http://www.modsecurity.org

Comments

    Use APF firewall and BFD, you have more control and don’t have to depend on cpanel for your firewall needs.
    BFD blocks these guys at the iptables level, no bandwidth waste as they try again.
    cphulk, no way to whitelist the admin, so it’s easy to lock yourself out., documentation sucks and you have no idea how or if a firewall is working.

    Posted by Gary on June 21, 2008 Reply

Leave a Comment