A Beginner's Guide to Securing Your Server Part 1 of 3 (Security Inside WHM/CPanel) These are items inside of WHM/Cpanel that should be changed to secure your server. Goto Server Setup =>> Tweak Settings Check the following items... Under Domains Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com) Under Mail Attempt to prevent pop3 connection floods Default catch-all/default address behavior for new accounts - blackhole Under System Use jailshell as the default shell for all new accounts and modified accounts Goto Server Setup =>> [/b]Tweak Security[/b] Enable php open_basedir Protection Enable mod_userdir Protection Disabled Compilers for unprivileged users. Goto Server Setup =>> Manage Wheel Group Users Remove all users except for root and your main account from the wheel group. Goto Server Setup =>> Shell Fork Bomb Protection Enable Shell Fork Bomb/Memory Protection When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features. Goto Service Configuration =>> FTP Configuration Disable Anonymous FTP Goto Account Functions =>> Manage Shell Access Disable Shell Access for all users (except yourself) Goto Mysql =>> MySQL Root Password Change root password for MySQL Goto Security and run Quick Security Scan and Scan for Trojan Horses often. The following and similar items are not Trojans: /sbin/depmod /sbin/insmod /sbin/insmod.static /sbin/modinfo /sbin/modprobe /sbin/rmmod
more tips Use chkrootkit and rkhunter for watching your server Install CSF Install mod_security Limiting the IP which can access SSH Securing your /tmp and /var/tmp Watching the process which may use "nobody" for run Running logwatch Running portsentry