Securing your server is one of the most important things you need to do when you’re setting up your cPanel for the first time. There are multiple steps you should take to be proactive about protecting your server. Most people understand the need to protect their website from vulnerabilities, but don’t realize their hosting server needs protection, too. When hackers discover they can’t get directly into your website, they’ll try to break in through your cPanel account.
In this article, you’ll learn basic best practices for safeguarding your site, server, and account from hackers. We’ll introduce security topics like:
- Configuring cPanel Security Advisor
- Using Strong Passwords and Unique Usernames
- Using Web and Email Security Tools
- Limiting Access by IP Address
- Preventing Brute Force Attacks with cPHulk
- AND How to Stay Updated and Actively Monitor Your System
We’ve got a lot of information to cover, so let’s get started!
Introducing Security Advisor
Security Advisor is a feature that collects all plausible security concerns on your server for you to review. You’ll find the Security Advisor in the Security Center section of your cPanel. As a hosting provider, you’ll want to address these as soon as possible. When you select each item, the interface provides warnings and possible solutions. When you choose it from the left-hand menu in WHM, the Security Advisor interface displays services that have been installed, password strengths, and other settings, along with a colored status coded green, yellow, or grey. This status provides a notification to inform users about probable security issues that need addressing.
The color-coding of the messages in the Security Advisor indicates the severity of the possible issue. Red advisories indicate a severe security issue, and we recommend addressing them with a high priority. Yellow warnings show potential problems that require investigation and resolution sooner rather than later, and grey advisories provide an informational notice of a permissions issue on the server. Green advisories are generally trivial issues and don’t require immediate attention.
How to Configure Security Advisor Notifications
When you open Contact Manager in WHM (WHM >> Home >> Server Contacts >> Contact Manager), you can specify when and where the server sends notifications. You’ll find your Security Advisor notification controls here, along with other alerts that you can configure to send notifications multiple ways. You can set the level of importance of these notifications to low, medium, or high, depending on your preference.
Unique Passwords and Usernames
Another easy thing to do is remember to use usernames that aren’t easy to guess when setting up your accounts. But what makes a good username? Stay away from obvious choices, like your first or last name, or admin. Try using a combination of upper and lowercase letters in places they wouldn’t normally be. Add a number or symbol to the username. The idea is to make it something that is harder for a hacker to guess based on your publicly available personal information.
As far as passwords go, you want to use a strong and unique password for all accounts, including your system’s root user, the MySQL root user and any other system accounts in addition to your personal accounts. Many of the same standards recommended for creating a unique username can be applied when choosing a password, but some experts recommend choosing a random string of 5 words, as shown in this charming XKCD comic.
You may want to invest in a password manager to help you keep track of all these unique usernames and passwords.
Web and Email Security
Securing the Web and Email on a cPanel server is just as important as the other server related options. Here are some links to related documentation about these types of security for your servers.
- Web Security – pay special attention to ModSecurity™ Tools, as you will need to install rules for your server here.
- Email Security – these tips will help prevent email abuse from happening on your server.
Limit Access by IP Address
To protect your server assets and prevent unauthorized access, which lowers the risk of attack, it often makes sense to limit user connections to a specific IP address or range of addresses. You can allow only specific IP addresses to access services on the server using WHM’s Host Access Control interface (WHM >> Home >> Security Center >> Host Access Control.)
These services include
- POP3 (pop3)
- Webmail (webmaild)
- Web Disk (cpdavd)
- FTP (ftpd)
- cPanel (cpaneld)
- SSH (sshd)
- IMAP (imap)
- SMTP (smtp)
- WHM (whostmgrd)
cPHulk Brute Force Protection
cPanel also offers a service called cPHulk Brute Force Protection. A brute force attack uses automated systems to try to guess the passwords on your system. It also includes some IP management tools as part of the software. cPHulk also makes it possible to block specific countries from logging in to your server. It’s a very robust package. You can learn more about cPHulk in our documentation.
Security experts highly recommend that you use only the latest stable versions of any software on a server that is live and in production. Staying updated ensures that your software has all the latest patches and security fixes. You should check for updates often, at least weekly.
Server security is one of the most important parts of owning a web server. It’s as essential as network security, and in some ways more important, because servers often contain a great deal of vital information. If your server is compromised, crackers can not only cause damage to the way the site is displayed; they can steal data as all of the server’s contents may become available for them to use at will. If you find that all of this seems overwhelming, you can always hire a SafeAdmin Accredited System Administrator who knows what the best practices for protecting your server are. A list of currently certified SafeAdmin Sysadmins is available on the cPanel Forums.