5 Steps to Securing your cPanel servers

My web hosting server has been receiving a few brute forcing attacks this past week. So i decided to secure the server a little more than what it already was. None of the bruteforces were successful, but it’s always good to be on your guard.

1. Disable root user login from SSH

On a shell, login as root and do the following:

useradd -g wheel iamtherealroot //You may change iamtherealroot to something else

passwd iamtherealroot //Set a difficult password

visudo //Update the lines

## Allows people in group wheel to run all commands
%wheel        ALL=(ALL)       ALL

Save the file and make sure you can su – root when logged in as iamtherealroot..else you may risk being locked from using root ever!

vi /etc/ssh/sshd_config

Update the lines

PermitRootLogin no

Service sshd restart

2. Change the SSH port to something else other than port 22

Changing the ssh port to something else will help make the attacker have to look for the open port on your server for ssh. It is usually good practice to change it.

vi /etc/ssh/sshd_config

Change port number 🙂

3. Use a more strict cpHulk setting from WHM

4.  Disable your system compilers

Go to Security Center from WHM -> Compiler Access. If your settings are as the screenshot below, you are still good to go 🙂 Why that? It prevents your users to use C compilers which could be used for harmful purposes.

5. Enable a firewall

Always remember not to allow access to any ports of your server, but only to specific ones which are currently being used. For example, if port 80, 21, SSH port, 25, 443, 110.. all that depending on the services that you are running on your machine.

Gulshan Yashveer Beejan

Gulshan holds a BSc(Hons) Computer Science with Distributed systems from the City University of London. He is currently working at DSOGroup(Mauritius) as a Linux Administrator on SaaS Solutions. More about Gulshan

Leave a Reply

Your email address will not be published. Required fields are marked *