Categories
Articles

How to Secure Your cPanel Server

You never know when a vicious individual or group of people will target your server and launch malicious attacks against you. Fortunately, you can secure your cPanel server to prevent these unwanted assaults.

The cPanel platform alludes to the web-hosting control panel based on UNIX, a multi-user and multi-tasking OS or operating system, which provides a graphical user interface with tools for automation. This panel helps ease the process of website hosting. It utilizes a three-tiered layout providing functionality to website owners, administrators, and resellers. Hence, they can control various aspects of server and site administration using the customary browser.

As a background, the Web Host Manager (WHM) cPanel includes an Application Programming Interface (API) as well as a command line. Said features allow third-party software merchants, developers, and hosting firms to automate traditional system organizational procedures. The cPanel operates as Virtual Private Server (VPS) or dedicated server supporting apps like FreeBSD, CentOS Linux distribution, and Red Hat Linux.

Security as Priority

The cPanel Partner provides the highest preference for security that website owners value very much. For absolute protection, verify the previous version on your server and contact your system administrator. Log in as root and run the proper command. To determine the version your host uses, log into the WHM cPanel and you can see the version at the upper right-hand corner.

Many webmasters consider VPS as an essential tool. You will find VPS with the cPanel shared hosting more cost-effective and promises to be a win-win option for website owners. This system enables you to obtain responsive service without expensive maintenance fees. The application’s features permit users to manage the hosting space as well as domain name through the interface.

Server and cPanel Security

You need server security to safeguard your site and data it contains against cyber attacks and hacking. Secure and update servers on a regular basis to deal with malware, phishing, and hackers. Read the following preventive measures:

  • Use strong usernames and passwords together with dependable authentication procedures. These precautionary techniques can help make your accounts less vulnerable to fraud.
  • At the same time, understand the usefulness of the two-factor authentication as well as extra security layers. Passwords should have a minimum of eight characters including symbols, numbers, and punctuation marks. Use different passwords for multiple accounts.
  • Secure SSH or SSH protocol and sometimes called Secure Shell is a method that safeguards remote logins from one PC to the other. It produces options for consistent authentication and protects communications flow with powerful encryption.
  • Use SSH instead of unreliable file transfer processes like File Transfer protocol (FTP) or unprotected login systems such as remote logins.
  • Update your Operating Systems frequently (within a few hours following critical updates) as well as your control panels. Avoid disclosing confidential information to anyone unless you trust the person fully.
  • Do not install untested software or save backups and old software versions on your production system. Likewise, limit access to your directories with proper permissions.
  • For web application security, sign up for any notifications about updates on web applications. Update the apps without delay and scan each one with remote security implements.
  • Use a firewall for web apps. Check the file upload fields to make sure the code cannot be uploaded. Choose coding structures with positive security history.

Protection of your cPanel will require securing uploaded files employing File Transfer Protocol Secure (FTPS) or SSH File Transfer Protocol (SFTP). FTP without Security Sockets Layer (SSL) does not have the capacity to encode your login data or files that must be transferred.

In other words, the information or files can be captured and altered by hackers. Many web hosts and file transfer apps support highly secure techniques in transferring these files like the Secure FTPS connection.

Security will always be one of the most vital facets in hosting particularly with the emergence of Denial-of-Service cyber-attacks where perpetrators try to make the computer or network resources unavailable to users by disrupting services or host connection to the Internet momentarily or indefinitely.

Another threat comes from Brute Force cracking which refers to the trial and error procedure adopted by programs to decipher encrypted information like passwords and Data Encryption Standard keys.

Detailed Explanation of SSH Access and Apache

Wise website owners or administrators control SSH access while setting up new cPanel servers as protection against Brute Force attacks. To contain Brute Force utilizing the root account, immobilize the root login by logging in as regular user and choose either sudo or su.

Another option could be to alter the default SSH port. Shift the SSH access to an entirely different port and discourage unknown parties from identifying your server or detecting your SSH port.

Step 1: Login to WHM as root and create a new account (WHM>Account Functions>Create a New Account.

Step 2: Determine if the new user account has shell access (WHM>Account Functions>Manage Shell Access).

Step 3: Then add the new user account to the “Wheel Group” (WHM>Security Center>Manage Wheel Group Users).

Step 4: Use an SSH client, such as Putty, to connect to your server on port 22 and authenticate yourself using the newly created account.

Step 5: Issue this command in order to become root:

       # su – root

Step 6: Then edit the SSH daemon configuration file using “vi” (or any other text editor).

       # vi /etc/ssh/sshd_config

Step 7: Look for the line that says:

       #PermitRootLogin yes

Step 8: Change the value of that line to “no”.

       PermitRootLogin no

Step 9: Look for the line that says:

       Port 22

Step 10: Indicate a new unused port for the SSH daemon. Contact your hosting provider for suggestions to determine whether or not the port is blocked by their network’s firewall.

Step 11: Save the file and exit the editor.

Step 12: Restart the SSH service.

       # service sshd restart

Step 13: Terminate your SSH session by issuing the “exit” command two times.

Secure the Apache platform installation. A very effective tool to stop malicious use of Apache is called ModSecurity™.

  • Users of cPanel & WHM version 11.44 and earlier can install it on Add on Modules in the cPanel section of WHM. Find more information regarding mod security at http://www.modsecurity.org/.
  • Users of cPanel & WHM version 11.46 and later can use the following interfaces to manage ModSecurity™:
    • WHM’s ModSecurity™ Tools interface: (WHM>Home>Security Center> ModSecurity™ Tools).
    • WHM’s ModSecurity™ Configuration interface: (WHM>Home Security Center> ModSecurity™ Configuration).
  • Include suEXEC when you compile Apache to guarantee that CGI apps and scripts function as the user owning or executing them. This strategy helps pinpoint possible malicious scripts as well as imposes permission and environmental controls.

One alternative can be to compile Apache plus PHP with PHP suPHP compelling all scripts to operate as the user owning that particular script. Thus, you can discover PHP scripts that run on the server. It is possible to identify the malicious owner and address the concern right away.

To put together Apache and PHP with PHP suPHP, look for the suPHP selection located in the Apache upgrade interface at the Web Host Manager or while running /scripts/easyapache from the command language interpreter or command line user interface.

At this point, you may set up an SSH connection to your web server making use of the newly-identified port to ensure an active configuration. Or, utilize the SSH keys rather than the normal under name and password authentication to get into the server.

If you choose the SSH keys, disable the password authentication – WHM>Security Center>SSH Password Authorization Tweak.

Configuration Server Security and Firewall

Install a firewall. This is crucial for a dedicated server regardless of whether you are resellers or not. Try to consider Config Sever Security or CSF. It stands for a free firewall plug-in designed for cPanel as well as Webmin and DirectAdmin. CSF can conduct a security inspection and provide appropriate recommendations in improving server security. After installing CSF, you can gain access through WHM>Plug-ins>ConfigSeverSecurity & Firewall.

Install anti-virus software. Although viruses do not really target the Linux OS, the use of an anti-virus still yields advantages since the practice will prevent your visitors from distributing viruses unintentionally to the websites of other users. Majority of such viruses detected by this software were meant to infect Windows PCs and not the Linux servers. One effective antivirus solution is the Clam AV that integrates with cPanel and Config Sever Security.

Step 1: Log in to Web Host Manager as root.

Step 2: Go to cPanel>Manage Plug-ins from the main menu.

Step 3: Choose Install and Keep Updated in the Clam AV box.

Step 4: Click Save.

Configure Clam AV by proceeding to: WHM>Plug-ins>Configure Clam AV Scanner.

You may enable protection for PHP to prevent browsers from opening any files that do not belong to the PHP’s home directory. This is possible using Tweak Security within the WHM. At the same time, lock down the system compilers. Many users do not use C as well as C++ compilers.

Go for Compilers Tweak within the Tweak Security in WHM in turning of the use of compilers for unauthorized users. Another option could be to disable them for selected users. A lot of pre-packaged exploits call for working compilers. Disabling these compilers will help secure against numerous exploits.

Conclusion

You can always find a plethora of reliable information in the worldwide web about security for your cPanel, website information, and server. Here is the good news for cPanel users. It is less difficult to protect your data if you opt for this type of control system. By following these pointers, you minimize your susceptibility to such attacks and enhance the overall protection of your system promptly.

Even as you can reduce the threats, this may not pose a total remedy so optimization should be part of your approach complemented by due diligence and frequent updates. Try to stay on the progressive side of cPanel security so your website and business will be safe for many years.

Categories
Articles

How to Configure Apache, PHP & MySQL

This guide will show you how to update and configure Apache, PHP and MySQL on a cPanel web server so that you can resell hosting services to your clients.

Apache

The Apache (HTTP Server) refers to a cross and open-source platform software that follows the Apache License 2.0. A community of developers under the patronage of the Apache Software Foundation created and maintain said program. As of June (2017), around 92% of the HTTP server copies function on Linux distributions. The Version 2.0 facilitated support for OS not under UNIX like Windows and OS 2. Apache’s older versions were connected to the NetWare and Open VMS computer network operating systems.

PHP

PHP means a server-side scripting type of language originally for website development but later on used as programming language with a general purpose. You can embed PHP codes into Hypertext Markup Language (HTML or HTML 5). PHP can be combined with different web template as well as content management systems, and web frameworks.

A PHP interpreter processes the code and implements it as module in the server or the executable Common Gateway Interface (CGI). This server software puts together the results of interpreted and implemented PHP Code. It can include any kind of data like images with the generated page. The code may be accomplished using a Command Line Interface (CLI) for implementing separate graphical apps.

MySQL

MySQL is an open-source relational (relation of syntax) database management system or RDBMS. It is a central element of the LINUX, APACHE, MYSQL, and PERT/PHP/PYTHON or LAMP. It is considered as the most popular open-source database globally which allow cost-efficient delivery of dependable, scalable, and high-performance web-based as well as embedded structured set of data applications.

LAMP and WAMP

LAMP comprises a standard or conventional model of web service protocol stacks. The protocol stack defines, detects, conducts, and facilitates interaction between different web services. LAMP elements are not confined to the original collection and remain essentially interchangeable. This stack can build dynamic websites and web apps. The model was modified to fit other components by means of other open-source software.

WAMP (Windows, Apache, MySQL, and PHP) emerged as a deviation from LAMP for Windows and frequently installed as software package for web development as well as internal tests or serve live websites. Apache is the crucial component of WAMP and runs on the local server on any Windows device. Web developers can test pages in a web browser without having to publish these pages online.

So far, PHP and MySQL comprise the two most prevalent technologies to build vibrant and motivating websites. The two open-source components along with Apache may be installed separately or together. The “WAMP Server” represents one well-liked package capable of providing an easy to use method of installing and configuring AMP elements on Windows.

Apache Server

A joint software development initiative described as the Apache HTTP Server was designed to create a sound and commercial-grade implementation of HTTP web server complete with extra features and free implementation of source codes. Volunteers worldwide managed the project utilizing the Internet in planning, communicating, and developing the Apache Server together with pertinent documentation.

Due to its popularity, the Apache HTTP Server serves more than 46% of all existing sites. PHP and MySQL turned out as the basis of many portals which include one of the most preferred platforms, WordPress. You will eventually find out the process of updating and configuring these elements in a cPanel server for the process of reselling hosting services to your clients.

Upgrading of cPanel

It is not compulsory to improve cPanel in configuring web services. Nonetheless, experts recommend the use of the most recent Web Host Manager (WHM) version because it ascertains updating of software packages required by the server.

Step 1: Login to the Web Host Manager (http://[yourserver’sIPaddress]:2083 or [http://your server’s IP address]:2087).

Step 2: Locate the main menu.

Step 3: Click on cPanel>Upgrade to the latest version.

Step 4: Hit Click to Upgrade. The process will only take several minutes.

Upgrading of MySQL

In specific circumstances, the default installation of the MySQL Server might be obsolete. Thus, it is advisable to conduct an upgrade ahead of actual website hosting and avert unnecessary downtime as well as broken databases. You might consider performing this upgrade prior to updating PHP.  With this move, you can compile with the correct MySQL libraries.

Step 1: Login to the WHM.

Step 2: Look for the main menu.

Step 3: Click on the Software> MySQL Upgrade.

Step 4: Choose the most recent constant version of MySQL (currently 5.5) and click on Next.

Step 5: WHM will give a warning regarding possible issues in upgrading MySQL. Check the warning boxes and click on Continue.

Step 6: On the following page, WHM will ask about handling the upgrade. Choose, “I will manually rebuild Apache and PHP when the MySQL upgrade is completed.” Click on Continue.

Step 7: The upgrade may take time which depends on the server’s performance.

Updating Apache and PHP

You can look forward to a straightforward configuration of Apache, MySQL, and PHP on a cPanel. This panel provides an installation genius called EasyApache that will serve as guide through installation and compilation of Apache and PHP.

Step 1: Login to WHM.

Step 2: Choose Software> EasyApache from the main menu.

Step 3: Choose the previously saved Config from the list of profiles and click on Start customizing based on profile.

Step 4: Look for the latest consistent version (currently 2.4.6) of Apache. Click Next Step button.

Step 5: Look for the latest consistent version (currently 5.4.19) of PHP. Click Next Step button.

Step 6: You will see several options in the next page. Scroll down to the bottom of the page. Click Exhaustive Options List.

Step 7: Choose the options and click Save and Build once finished.

Apache Built-in Modules:Other Modules:PHP:
AsisIonCube LoaderBcmath
AuthnDefaultMod BandwidthMz2
DeflateMod CloudflareCGI
EnvMod SecurityCalendar
Expries CurlSSL
Mod FCGID Curlwrappers
Fileprotect Exif
Headers FTP
MPM Prefork GD
MemCache Gettext
Mod SuPHP Iconv
Proxy Imap
UniqueID Mbregex
Version Mbstring
  Mcrypt
  Mysql
  Mysql of the system
  MySQL “Improved” Extension
  Openssl
  POSIX
  Path Info Check
  Pear
  PGsql (Optional – if you plan to provide PostgreSQL support)
  Phar
  Pspell
  SOAP
  SQLite 3
  Safe PHP CGI (optional)
  Sockets
  System Timezone
  TTF (FreeType)
  Tidy
  XmlRPM
  Zip
  Zlib
  Save my profile with appropriate PHP 5 options so that it is compatible with cpphp

It is important to note that depending on whether you are using a VPS or a dedicated server, some of these options may or may not be available.

The process of creating Apache and PHP usually takes longer particularly on the VPS. Avoid closing or refreshing your browser. The process will keep on running in the background if you lose your connection to the WHM even before the development is completed. You may have to install the other modules for individual requirements.

Configure PHP and suEXEC

Change the default PHP handler after you finish building Apache and PHP.

Step 1: Click Service Configuration >Configure PHP and suEXEC from the main menu of WHM.

Step 2: Fix the default version of PHP to 5.

Step 3: Choose suphp as the PHP 5 Handler.

Step 4: Turn on suEXEC.

Step 5: Click Save New Configuration.

When you enable suphp, all files created through the process will become part of the user account instead of the user account that runs Apache. This preventive approach will preclude malicious scripts from gaining access to files in other users’ directories. Apache suEXEC permits users to run both SSI and CGI programs under their users rather than the user ID maintaining the HTTP process averting possible security problems.

Need for Web Services

Industry experts cite the need for integration of unrelated systems and sharing of business sense inside and outside any enterprise. Website services control or shape the economic benefits as well as interoperability of Extensible Mark-up Language or XML. However, these services call for a system of more network and computing services compared to previous systems. The action slows down performance and waste valuable resources.

Highly-efficient website services can achieve the following:

  • Improve web service throughput significantly.
  • Enhance use of network and scalability.
  • Unclog overcrowded networks.
  • Allow the web service to be utilized economically instead of slow and bandwidth-restricted networks.

The plug-in includes cost-effective XML capabilities to the present service platform without having to add, alter, or replace one line of codes. Upon installation and configuration, it automatically detects and makes use of an efficient XML or EXI when available but reverts to the old XML if it is not available. There are multiple features and upsides which include the following:

  • Fundamental and straightforward configuration
  • No code changes in applications
  • Interoperability
  • Enhanced application performance

The Advantages of cPanel

The cPanel ensures a seamless client interface which promises easy navigation using an icon-based menu on the main web page and links users to essential features the control panel offers. This hosting control panel supports majority of operating systems for servers. Nearly all web hosting providers opt for cPanel which remains as the biggest trademark in the hosting control panel business. The panel provides clients with familiarity and peace of mind due to the system’s stability.

Industry stakeholders point to this control panel as a low-priced solution if bought in a data center. A number of dedicated service suppliers partnered with cPanel for cheaper licenses. The panel allows easy incorporation of third-party apps into control panel software. On the other hand, cPanel Pro represents an add-on for the control console including a fixed support submission form. Finally, cPanel ensures easy navigation which many design firms have realized and use to their advantage.

Hosting providers provide auto installers or packages devoted to popular content management systems such as WordPress. You can access cPanel by using https on the port 2038 or basically affixing “c/panel” at the end of the host name. Administrators together with end-users have the capability to regulate the various aspects of servers and websites directly through their respective browsers. Tools are provided to make operations in controlling a website simpler and allowing website control.

Categories
Articles

Technical Requirements for Web Hosting Resellers

Do you offer web-related services such as web design and development and are considering selling web hosting services to your customers? Learn about the ins and outs of reseller hosting with the help of this series of guides.

Fine Points of Reseller Hosting

Reselling refers to the practice of companies using resources provided by a web hosting firm and selling these packages as their own assets. In reseller hosting, owners of accounts have the prerogative of using their hard drives and bandwidth to host sites supporting third parties. Resellers buy hosting services on wholesale terms and offer these to users for earnings. Affordable pricing is the main benefit of said approach although resellers may not have the capacity to provide technical support.

Some hosting providers charge resellers according to number of clients. Reseller hosting includes benefits such as conventional and balanced revenues. In fact, many companies depending on Internet technology to promote their merchandise or services often integrate hosting into their range of services. Start-up entrepreneurs benefit a lot from this approach because of the low-risk investment and minimal upfront expenses. Service providers who usually provide reseller services include the following:

  • Website and graphic designers
  • Database programmers
  • Copywriters
  • Internet  marketers

Innovative Hosting Platforms

If your enterprise offers Internet-related services like website design and development, you can think about promoting hosting functions for additional revenue opportunities. You can opt for control panel software like cPanel as well as Plesk which make hosting less complicated. Look at the main difference between the two control panels. You can get Plesk from Linux and Windows Server while only Linux OS supports cPanel. cPanel is a control panel for website hosting based on Linux which maintains a graphical interface as well as automation platforms that simplify hosting. It makes use of a three-layered structure providing capabilities for resellers, web administrators, and website owners. The system controls different elements of website and server administration via a regular browser. On the other hand, Plesk enables the server administrator to install new sites, email accounts, reseller accounts, and  DNS (Domain Name System) entries using an online interface.

Reseller Hosting Upsides

Compared to basic plans, web hosting providers will make sure the reseller controls his or her service offerings as well as clients’ accounts. Additional features of reseller plans facilitate this advantage. Resellers can set up their own outlets with different kinds of hosting products as well as gain access to information of clients including billing procedures, status of accounts, and contact details.

Majority of hosting plans come available at lower costs. It serves as enticement to buy these plans as they become capable of increasing the quantity of parent hosting patrons indirectly. Resellers promote their services autonomously although hosting firms guarantee a full service branding that allows users to catch sight of their services in multiple web pages. Aside from the simple business model, many parent companies provide resellers with tools to launch a web-hosting enterprise. Compared to traditional plans, reseller options generate revenues because the user obtains income from management of data and servers for business owners who lack sufficient time as well as funds to perform these tasks. It follows the middleman concept where commissions are paid once new clients buy accounts from the mother company through resellers. Many people do not even notice if the host is simply a reseller or the original vendor. The reseller price is typically higher compared to the cost of the real hosting provider.

Understand Technical Requisites

You need to become familiar with five principal areas to start your hosting enterprise.

Web Hosting – Web hosting services function by storing files in sophisticated servers connected to very quick networks. The user types the web address allowing the Internet to hook up to the host server which in turn stores files and transfers information to the desktop computer. Users can start browsing and looking at the web pages. Hosting refers to the required software, bandwidth, support, security, and speed.

The three options to choose from include the following:

  • Reseller Hosting
  • VPS (Virtual Private Seller) Hosting
  • Dedicated Hosting

Preferred Options

Despite the factor of affordability, some people choose the dedicated version of VPS. The latter offers the same degree of adaptability as dedicated server at a small percentage of the cost. Even then, you cannot expect an inexpensive hosting plan to produce the same high-performance results achieved by a dedicated server. However, you can possibly increase resources such as disk space and Random Access Memory (RAM) to the Virtual Private Seller hosting as your enterprise continues to grow.

The downside of Reseller Hosting is inferior performance and more security problems as a result of sharing a single web server with numerous users. Besides, your services will become limited. In case a glitch takes place somewhere in the upstream provider, this could mean loss of your valuable customers. Reseller plans are pricier than shared hosting. Resellers are responsible for their services which means you have to handle all the requests and complaints of clients all the time.

Suggestions from Experts

Here are some useful recommendations from veterans in the industry.

  • Managed Hosting – You can count on a team of experts who monitor your server and respond to problems 24/7. With this kind of plan, there will always be support technicians who conduct maintenance and security updates for your server.
  • Distributed Denial of Service (DDoS) Protection – You are assured of protection against any DDoS attack that compromises server protection and data integrity. DDoS means many compromised computer systems hit a target server, website, or network source denying the required services to users. Surge of incoming messages, abnormal packets, and requests for connection forces the system to decelerate or crash and eventually shut down.
  • Back-up Service – Majority of web hosting clients presume their data is supported on a regular basis which seldom happens. You need excellent backup at all times such as the practice of some hosts that allow users to preserve images of their servers and restore the VPS to previous condition if a configuration or upgrade suddenly malfunctions.

Website owners look for a strong and dependable hosting environment which requires the need for a dedicated server. In web hosting, consider the following points:

  • Amount of data storage – A number of companies claim to supply unlimited storage. Conversely, be cautious about this dishonest marketing scheme. Review the fine print carefully. Storage is immeasurable until you go beyond average use.
  • Bandwidth – Storage and bandwidth team up. This means volume of data the host permits users to upload as well as download within one month.  Try to stay away from a company that offers unlimited or huge amount of bandwidth. This will simply slow down your website once you go over a particular bandwidth limit. Hosting providers pay for bandwidth so it is not possible to give unlimited space and still make a profit. These providers make use of deceiving practices such as bandwidth throttling.
  • Email Accounts – Pore over features and number of email accounts the web host allows you to set up. Authenticate selections to receive emails. At the same time, make sure you have robust email accounts and secure webmail interface.
  • Domains and Sub-Domains – Taking care of one account for each website can turn out to be convoluted. Hosting a number of domains and sub-domain addresses this issue. There are limitations for each account. Choose a hosting package that meets your requirements. Most hosting provider offers upgrades or downgrades minus financial penalties.
  • Database and Technical Assistance– Most websites depend on databases at the back-end. Conduct research before you select one. The web host must demonstrate reliable support systems including 24/7 live chat, email support, and ticket system. Response time must be at the appointed time.
  • Website Backup – Backup is equally vital because data loss can cause a big headache unless the host maintains a backup system on-site and off-site for data retrieval.
  • Framework – Look for frameworks like Content Management Systems (CMS) that can be installed without difficulty.
  • Modern Control Panel – This type of panel ensures fast and easy management so you can secure your business website without any technical expertise required.

Parting Words

Savvy start-up entrepreneurs or small business owners must compare the fundamental features and prices of prominent web hosting companies. Nearly all hosting firms offer, in essence, the same services and pricing structures. Yet, these arguments tend to be confusing at times.

There are considerable differences for the most part among high-end plans, web hosting infrastructure consistency, overloading servers or having many clients; overselling; and using old servers that generate slow websites and discontented visitors. Practical business website owners must make it a point to check these concerns thoroughly. New enterprises can start initially with shared hosting since traffic is still minimal before deciding to upgrade to the next level as the number of your visitors go up. Hosting is scalable so you will not really find it difficult to create a strong online presence in terms of marketing. Learn the ropes well before you make decisions and spend hard-earned resources for website upgrades.