Category Archives: Management Services

How to Harden a cPanel Server

Popular among both web hosting magnates and newbies, cPanel is the world’s most well known control panel. In terms of security, however, it isn’t necessarily a good thing that the control panel is so popular since its popularity makes it a target for exploits. There’s good news: in just a few minutes, you can dramatically reduce the risk of your server being exploited.

cPanel Hardening Script

We use a custom cPanel hardening script that we’re now sharing with the system administration community at large. It’s very easy. As a matter of fact, it’s just a script that walks you through everything.

Step 0 – Prerequisites

Let’s make sure that we have wget installed on the server, so we can download the script:
yum install wget

You should already have wget if you’ve installed cPanel, but there’s no harm in being sure.

Step 1 – Download the script

Now we’re going to download the hardening script file:
wget http://hostmybytes.com/hardening.sh

Step 2 – Run the script

Now we’re going to run the cPanel hardening script:
sh hardening.sh

Step 3 – Let it run
The script will take a few minutes to run, depending on your server specs. It will ask a couple yes or no questions about whether to harden certain services within the server.

Don’t feel like hardening your server manually? No problem. Our managed VPS come pre-hardened, and we’ve already done the work for you.

What does the script do?

This script performs most of the common hardening tasks, including:

  • Installs, configures, and tweaks ConfigServer Firewall (CSF)
  • Installs ConfigServer Mail Manager (CSMM)
  • Installs ConfigServer Mod Security (CSMC)
  • Installs ConfigServer Mail Queue Manager (CMQ)
  • Installs maldet and updates maldet rules
  • Installs and configures rootkit hunter
  • Tweaks cPanel settings (cPanel “Tweak Settings”)
  • Enables and configures cPHulkD (brute force detection)
  • Enables background process killer
  • Hardens SSH daemon (change to custom port)
  • Optimizes Apache settings
  • Optimizes MySQL settings
  • Tweaks FTP settings

 

OpenVZ Node Management Services

One of the services that we offer is OpenVZ node management. In this article, I’d like to answer some of the more-common questions that we receive regarding our OpenVZ management services.

Initial Server Hardening

In our initial server hardening, we will harden your node to protect it from the likelihood of hacks, limit what a malicious user can do, and and perform some minor optimizations. Here are some things our initial server hardening will cover

  • Change SSH port from port 22 to a less common port
  • Install Fail2Ban (stop brute force attacks)
  • Install Nodewatch (suspend abusive users)
  • Limit common mail ports (stop spammers)
  • Check for kernel updates

Virtualization Panel Installation

We’ll install the virtualization panel of your choice. Commonly, clients choose either SolusVM or Virtualizor. We can also configure the virtualization panel with your required packages.

Troubleshooting Problems

If you’re having issues with VPS not starting, connection issues to a VPS, or similar issues, we can help troubleshoot. Similarly, if there are continued issues with a node, we can investigate and solve these problems.

Monthly Performance Checks

Concerned about your VPS node getting filled up? Are the loads looking a little higher than usual? Every month, we can perform a full investigation of the status of your VPS node for you. This performance check includes checking VPS IP’s on spam lists, checking VPS loads, and fine-tuning configuration files for optimal performance. We can do a performance check each month upon request.

Software Upgrades

New software is coming out every day, and it can be difficult to stay on top of patching the latest threats. We can upgrade any software on the host node for you upon request.