cPanel Server Security & Hardening Service

We have this server security and hardening solution specifically designed for cPanel servers. We will perform the installation and configuration of each component of the service. Our server security hardening service removes many of the security vulnerabilities inherent with the default configuration of a server and it’s applications, along with adding in many levels of additional protection you your server.

The main aim of this task is to

  • Secure your server from DDOS & Bruteforce and hack attempts
  • Perform server tuning to better cope under load
  • Patch Security holes, Exploits and vulnerabilities

These tasks will be performed within 24 hours from the opening of a ticket in our helpdesk. This will also include 30 days free support with all issues related to security tasks that we have performed on your server.

OpenSSH Security
Force SSHv2 and change SSH port

Rootkit Hunter
Rootkit Hunter is an essential tool in detecting possible root compromise and rootkit installation

Chkrootkit is another essential tool in detecting possible root compromise and rootkit installation, it compliments rkhunter with a different detection approach

mod_security is web application level firewall to prevent exploitation of vulnerable web scripts. We will install and configure it with effective rules

Host spoof protection
Helps prevent IP spoofing and DNS cache poisoning

Operating System check
Check to ensure that the servers OS is updating and, if not, an update is run

Name server check
If the name server (bind) is running, check that it is functioning correctly and enable local DNS lookups

Disk check
Ensure disks are correctly mounted and clean up any old files to free space where possible

Kernel check
Check that the correct kernel is installed and upgrade to the OS vendors latest version if necessary and implement tweaks to help protect against current threats (e.g. disabling core file creation) *****

Secure /tmp /var/tmp /dev/shm
Check temporary file permissions, ownership and contents. Remount noexec and nosuid where possible

ConfigServer ModSecurity Control (cmc)
cmc allows you to control the disabling of mod_security rules by their ID on a global, per user and per domain level

ConfigServer Mail Queues
cmq allows you to check within WHM and clear the servers exim queue(s) and deal with individual emails awaiting delivery

ConfigServer Mail Manage
cmm allows you edit view and manage client email accounts and quotas from within WHM without having to log into their cPanel account

Perl installation check
Check that perl is correctly configured and that it is the latest version and upgrade if necessary

Delete unnecessary OS users
On a standard OS installation many user accounts are created that are not necessary and can therefore pose a security risk

Disable open DNS recursion
Protection against abuse and poisoning of your local DNS cache if DNS server (bind) is running on the server

Enhanced path protection
Help protect against clients and hackers browsing and accessing files outside of their account directories

Remove SUID/GUID binaries
On a standard OS installation many application binaries have SUID and GUID bits set that are not necessary and can therefore pose a security risk

PHP hardening
Dynamic Library loading is disabled, commonly abused php functions disabled, user defined php.ini files disabled if suPHP is already enabled – to help prevent hackers exploiting vulnerable PHP web scripts

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core

Initial cPanel configuration
If cPanel has just been installed but not configured we can do this for you

Logwatch is a daily report that summarises the information contains in the major server log files

Stop unnecessary processes
Default OS configurations often run services that are not used by a cPanel web server and can be a security risk if left running

MySQL tune and check
Check that mysql is correctly configured and tuned for your servers requirements

WHM configuration check
WHM configuration options are checked for security and performance configuration and changes where deemed appropriate